Walkerowy Opublikowano 23 Października 2011 Zgłoś Udostępnij Opublikowano 23 Października 2011 Witam, proszę o analizę logów z OTL oraz z podglądu zdarzeń. W podglądzie zdarzeń pojawił się dziwny błąd, pliku prodrv06.sys. Nie wiem co to, skąd się wzieło, po co. Drugą ciekawostką dla mnie jest usługa: Andrea ADI Filters Service. Proszę o pomoc w zlikwidowaniu tych problemów. OTL.txt OTL logfile created on: 2011-10-23 17:31:23 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\eMeM\Desktop\Pobieranie 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,62% Memory free 3,98 Gb Paging File | 2,80 Gb Available in Paging File | 70,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 80,00 Gb Total Space | 35,36 Gb Free Space | 44,20% Space Free | Partition Type: NTFS Drive D: | 152,79 Gb Total Space | 133,88 Gb Free Space | 87,63% Space Free | Partition Type: NTFS Computer Name: EMEM-KOMPUTER | User Name: eMeM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011-10-23 17:20:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\eMeM\Desktop\Pobieranie\OTL.exe PRC - [2011-09-30 14:50:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Programy\Mozilla Firefox\firefox.exe PRC - [2011-04-06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oasrv.exe PRC - [2011-04-06 13:01:06 | 002,477,032 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oaui.exe PRC - [2011-04-06 13:01:04 | 001,165,336 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oahlp.exe PRC - [2011-04-06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oacat.exe PRC - [2009-08-29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe ========== Modules (No Company Name) ========== MOD - [2011-10-16 18:47:23 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011-09-30 14:50:45 | 001,833,944 | ---- | M] () -- D:\Programy\Mozilla Firefox\mozjs.dll MOD - [2009-08-29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007-02-06 11:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV - [2011-04-06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\Programy\Online Armor\oasrv.exe -- (SvcOnlineArmor) SRV - [2011-04-06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\Programy\Online Armor\OAcat.exe -- (OAcat) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011-10-20 16:46:25 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011-04-06 13:01:30 | 000,032,920 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OAnet.sys -- (OAnet) DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011-01-15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009-09-23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Sterownik karty Intel® DRV:64bit: - [2009-06-10 22:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Sterownik połączenia sieciowego Intel® DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008-04-24 17:25:48 | 000,402,432 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2011-04-06 13:02:26 | 000,055,088 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX) DRV - [2011-04-06 13:01:30 | 000,059,176 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice) DRV - [2011-04-06 13:01:30 | 000,038,064 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2004-04-08 12:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004-04-08 10:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003-12-01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003-09-06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Programy\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: D:\Programy\Ganymede\Plugins\npganymedenet.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programy\Mozilla Firefox\components [2011-10-04 18:47:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins [2011-10-16 18:39:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: D:\Programy\Mozilla Thunderbird\components [2011-10-04 18:47:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: D:\Programy\Mozilla Thunderbird\plugins [2011-10-16 18:39:08 | 000,000,000 | ---D | M] [2011-08-30 15:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMeM\AppData\Roaming\mozilla\Extensions [2011-09-30 14:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMeM\AppData\Roaming\mozilla\Firefox\Profiles\pampk215.emem\extensions [2011-09-20 10:04:39 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\USERS\EMEM\APPDATA\ROAMING\THUNDERBIRD\PROFILES\I2OIS3VG.DEFAULT\EXTENSIONS\MINTRAYR@TN123.ATH.CX O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] D:\Programy\Online Armor\oaui.exe (Emsi Software GmbH) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000..\Run: [F.lux] C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O7 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D40224D-17C7-4509-88F8-3B488A83DC64}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AEC1F91-4522-4851-B992-651511891896}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{62bf0940-fb2a-11e0-946a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{62bf0940-fb2a-11e0-946a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{6b710be5-dee3-11e0-b706-002186671253}\Shell - "" = AutoRun O33 - MountPoints2\{6b710be5-dee3-11e0-b706-002186671253}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{88f61b9d-ee77-11e0-85bb-002186671253}\Shell - "" = AutoRun O33 - MountPoints2\{88f61b9d-ee77-11e0-85bb-002186671253}\Shell\AutoRun\command - "" = G:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011-10-21 16:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices [2011-10-13 21:07:52 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011-10-13 21:07:52 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011-10-13 21:07:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011-10-13 21:07:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011-10-13 21:07:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011-10-13 21:07:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011-10-13 21:07:47 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011-10-13 21:07:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011-10-13 21:07:46 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011-10-13 21:03:54 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2011-10-13 21:03:54 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2011-10-13 21:03:54 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2011-10-13 21:03:54 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2011-10-13 21:03:01 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2011-10-13 21:03:00 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011-10-13 15:01:15 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\Malwarebytes [2011-10-13 15:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011-10-13 15:00:36 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011-10-08 22:55:05 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eurobattle.net [2011-10-04 18:29:14 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011-10-04 14:11:34 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\Leadertech [2011-10-03 20:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters [2011-10-03 19:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2011-09-28 22:40:13 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Local\Adobe [2011-09-25 19:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EuroPoker Tournament Director's Poker Clock ========== Files - Modified Within 30 Days ========== [2011-10-23 17:07:05 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-10-23 17:07:05 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-10-23 17:04:45 | 001,707,868 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011-10-23 17:04:45 | 000,762,672 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2011-10-23 17:04:45 | 000,672,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011-10-23 17:04:45 | 000,155,834 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2011-10-23 17:04:45 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011-10-23 17:03:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-10-23 16:44:50 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys [2011-10-20 16:50:47 | 000,000,235 | ---- | M] () -- C:\Users\eMeM\Documents\ax_files.xml [2011-10-20 16:46:25 | 000,503,352 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2011-10-20 16:33:28 | 000,000,671 | ---- | M] () -- C:\Users\Public\Desktop\Play ToCA Race Driver 2.lnk [2011-10-19 21:57:51 | 000,000,000 | -H-- | M] () -- C:\Users\eMeM\Documents\Default.rdp [2011-10-18 16:15:12 | 000,000,278 | R--- | M] () -- C:\Users\eMeM\Show_Hidden_Files_On_Off.vbs [2011-10-18 15:32:35 | 000,001,138 | ---- | M] () -- C:\Users\eMeM\Desktop\mbam.lnk [2011-10-16 18:47:23 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011-10-13 21:22:40 | 000,305,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011-10-13 20:07:40 | 000,007,597 | ---- | M] () -- C:\Users\eMeM\AppData\Local\Resmon.ResmonCfg [2011-10-08 23:01:44 | 000,001,251 | ---- | M] () -- C:\Users\eMeM\Desktop\gproxy&custom.lnk [2011-10-08 23:00:00 | 000,001,007 | ---- | M] () -- C:\Users\eMeM\Desktop\dota.lnk [2011-10-05 17:03:19 | 000,000,534 | ---- | M] () -- C:\Users\eMeM\Desktop\Life for speed.lnk [2011-10-03 21:59:12 | 000,000,744 | ---- | M] () -- C:\Users\Public\Desktop\Colin McRae Rally 04.lnk ========== Files Created - No Company Name ========== [2011-10-20 16:50:47 | 000,000,235 | ---- | C] () -- C:\Users\eMeM\Documents\ax_files.xml [2011-10-20 16:46:25 | 000,503,352 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2011-10-20 16:33:28 | 000,000,671 | ---- | C] () -- C:\Users\Public\Desktop\Play ToCA Race Driver 2.lnk [2011-10-19 21:57:51 | 000,000,000 | -H-- | C] () -- C:\Users\eMeM\Documents\Default.rdp [2011-10-18 16:15:12 | 000,000,278 | R--- | C] () -- C:\Users\eMeM\Show_Hidden_Files_On_Off.vbs [2011-10-18 15:32:35 | 000,001,138 | ---- | C] () -- C:\Users\eMeM\Desktop\mbam.lnk [2011-10-05 17:03:19 | 000,000,534 | ---- | C] () -- C:\Users\eMeM\Desktop\Life for speed.lnk [2011-10-03 21:59:12 | 000,000,744 | ---- | C] () -- C:\Users\Public\Desktop\Colin McRae Rally 04.lnk [2011-09-22 17:32:25 | 000,007,597 | ---- | C] () -- C:\Users\eMeM\AppData\Local\Resmon.ResmonCfg [2011-09-05 11:55:39 | 000,059,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys [2011-09-05 11:55:39 | 000,055,088 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys [2009-09-23 19:21:08 | 002,050,952 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin [2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011-10-23 14:13:03 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\.purple [2011-09-09 16:42:39 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Foxit Software [2011-10-03 23:52:23 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\gtk-2.0 [2011-10-04 14:11:34 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Leadertech [2011-09-05 11:59:00 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\OnlineArmor [2011-09-19 23:19:36 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Thunderbird [2011-10-22 14:02:24 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\uTorrent [2011-09-23 15:09:15 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt OTL Extras logfile created on: 2011-10-23 17:31:23 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\eMeM\Desktop\Pobieranie 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,62% Memory free 3,98 Gb Paging File | 2,80 Gb Available in Paging File | 70,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 80,00 Gb Total Space | 35,36 Gb Free Space | 44,20% Space Free | Partition Type: NTFS Drive D: | 152,79 Gb Total Space | 133,88 Gb Free Space | 87,63% Space Free | Partition Type: NTFS Computer Name: EMEM-KOMPUTER | User Name: eMeM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Programy\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "HDMI" = Intel® Graphics Media Accelerator Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "WinRAR archiver" = WinRAR 4.01 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java 7 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0415-1000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2 "{F8718F95-21A1-44B9-97EC-679C93020BAE}" = Colin McRae Rally 04 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Eurobattle.net1.26" = Eurobattle.net "EuroPoker Tournament Director's Poker Clock" = EuroPoker Tournament Director's Poker Clock "Foxit Reader_is1" = Foxit Reader 5.0 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.2.1300 "Mozilla Firefox 7.0.1 (x86 pl)" = Mozilla Firefox 7.0.1 (x86 pl) "Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1) "OnlineArmor_is1" = Online Armor 5.0 "Pidgin" = Pidgin "uTorrent" = µTorrent "Winamp" = Winamp ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Flux" = F.lux ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2011-10-20 10:28:51 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-20 10:46:00 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-20 10:46:00 | Computer Name = eMeM-komputer | Source = VSS | ID = 8194 Description = Error - 2011-10-20 10:46:01 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-20 10:53:22 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-20 10:53:32 | Computer Name = eMeM-komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Au_.exe, wersja: 4.36.1.2033, sygnatura czasowa: 0x4c93644f Nazwa modułu powodującego błąd: nsDialogs.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x4b1ae3a8 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00001939 Identyfikator procesu powodującego błąd: 0xc90 Godzina uruchomienia aplikacji powodującej błąd: 0x01cc8f37f42959c4 Ścieżka aplikacji powodującej błąd: C:\Users\eMeM\AppData\Local\Temp\~nsu.tmp\Au_.exe Ścieżka modułu powodującego błąd: C:\Users\eMeM\AppData\Local\Temp\nsa7B57.tmp\nsDialogs.dll Identyfikator raportu: 46bc2f1c-fb2b-11e0-aea8-002186671253 Error - 2011-10-20 16:07:11 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-21 03:45:54 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-21 10:26:31 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-23 10:12:51 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = [ System Events ] Error - 2011-10-21 15:29:00 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2011-10-21 20:20:20 | Computer Name = eMeM-komputer | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2011-10-22 16:13:16 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2011-10-22 16:13:42 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2011-10-23 07:01:07 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2011-10-23 07:01:33 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2011-10-23 09:46:36 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2011-10-23 09:47:02 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2011-10-23 10:44:49 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2011-10-23 10:45:14 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 < End of report > Podgląd zdarzeń Odnośnik do komentarza
kominekl Opublikowano 23 Października 2011 Zgłoś Udostępnij Opublikowano 23 Października 2011 Podaj jeszcze log z TDSS Killer -> https://www.fixitpc.pl/topic/8-dezynfekcja-zbior-narzedzi-usuwajacych/page__p__33542#entry33542. W podglądzie zdarzeń pojawił się dziwny błąd, pliku prodrv06.sys. Nie wiem co to, skąd się wzieło, po co. + DRV - [2004-04-08 12:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004-04-08 10:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003-12-01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01) To są stare sterowniki zabezpieczenia StarForce. Należy je usunąć. Deinstalator starych wersji -> http://www.star-force.com/support/drivers/. Drugą ciekawostką dla mnie jest usługa: Andrea ADI Filters Service. + SRV:64bit: - [2007-02-06 11:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) Wedle tego co wyczytałem to jest to jakaś usługa powiązana ze słuchawkami i/lub mikrofonem. Czy posiadasz któreś z tych urządzeń? Witam, proszę o analizę logów z OTL Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej: :OTL FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: D:\Programy\Ganymede\Plugins\npganymedenet.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found :Reg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Persistence"=- :Commands [clearallrestorepoints] [emptytemp] Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL. EDIT: Sprawa wyjaśniona z Panią Administrator. Dla wyjaśnienia osoba używająca mojego komputera nadużyła mojego zaufania, czego wwyniki mamy w niepoprawnym skrypcie. Przepraszam autora za to, że ktoś podpisujący się moim imieniem podał złą instrukcję. Pozdrawiam . Odnośnik do komentarza
Walkerowy Opublikowano 23 Października 2011 Autor Zgłoś Udostępnij Opublikowano 23 Października 2011 Kaspersky TDSSKiller 22:59:38.0013 1760 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48 22:59:40.0041 1760 ============================================================ 22:59:40.0041 1760 Current date / time: 2011/10/23 22:59:40.0041 22:59:40.0041 1760 SystemInfo: 22:59:40.0041 1760 22:59:40.0041 1760 OS Version: 6.1.7601 ServicePack: 1.0 22:59:40.0041 1760 Product type: Workstation 22:59:40.0041 1760 ComputerName: EMEM-KOMPUTER 22:59:40.0041 1760 UserName: eMeM 22:59:40.0041 1760 Windows directory: C:\Windows 22:59:40.0041 1760 System windows directory: C:\Windows 22:59:40.0041 1760 Running under WOW64 22:59:40.0041 1760 Processor architecture: Intel x64 22:59:40.0041 1760 Number of processors: 2 22:59:40.0041 1760 Page size: 0x1000 22:59:40.0041 1760 Boot type: Normal boot 22:59:40.0041 1760 ============================================================ 22:59:41.0211 1760 Initialize success 23:00:06.0857 3248 ============================================================ 23:00:06.0857 3248 Scan started 23:00:06.0857 3248 Mode: Manual; 23:00:06.0857 3248 ============================================================ 23:00:08.0090 3248 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 23:00:08.0090 3248 1394ohci - ok 23:00:08.0137 3248 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 23:00:08.0137 3248 ACPI - ok 23:00:08.0215 3248 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 23:00:08.0215 3248 AcpiPmi - ok 23:00:08.0293 3248 ADIHdAudAddService (7966c2e1d2fc95bd6246ac1e45ba5e31) C:\Windows\system32\drivers\ADIHdAud.sys 23:00:08.0308 3248 ADIHdAudAddService - ok 23:00:08.0371 3248 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 23:00:08.0402 3248 adp94xx - ok 23:00:08.0464 3248 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 23:00:08.0480 3248 adpahci - ok 23:00:08.0589 3248 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 23:00:08.0589 3248 adpu320 - ok 23:00:08.0683 3248 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 23:00:08.0698 3248 AFD - ok 23:00:08.0761 3248 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys 23:00:08.0807 3248 AgereSoftModem - ok 23:00:08.0839 3248 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 23:00:08.0839 3248 agp440 - ok 23:00:08.0885 3248 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 23:00:08.0885 3248 aliide - ok 23:00:08.0932 3248 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 23:00:08.0932 3248 amdide - ok 23:00:08.0979 3248 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 23:00:08.0979 3248 AmdK8 - ok 23:00:08.0995 3248 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 23:00:08.0995 3248 AmdPPM - ok 23:00:09.0041 3248 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 23:00:09.0041 3248 amdsata - ok 23:00:09.0073 3248 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 23:00:09.0073 3248 amdsbs - ok 23:00:09.0135 3248 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 23:00:09.0135 3248 amdxata - ok 23:00:09.0166 3248 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 23:00:09.0166 3248 AppID - ok 23:00:09.0275 3248 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 23:00:09.0275 3248 arc - ok 23:00:09.0307 3248 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 23:00:09.0307 3248 arcsas - ok 23:00:09.0353 3248 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 23:00:09.0353 3248 AsyncMac - ok 23:00:09.0400 3248 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 23:00:09.0400 3248 atapi - ok 23:00:09.0572 3248 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 23:00:09.0572 3248 b06bdrv - ok 23:00:09.0634 3248 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 23:00:09.0650 3248 b57nd60a - ok 23:00:09.0712 3248 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 23:00:09.0712 3248 Beep - ok 23:00:09.0759 3248 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 23:00:09.0759 3248 blbdrive - ok 23:00:09.0931 3248 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 23:00:09.0931 3248 bowser - ok 23:00:09.0977 3248 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 23:00:09.0977 3248 BrFiltLo - ok 23:00:10.0009 3248 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 23:00:10.0009 3248 BrFiltUp - ok 23:00:10.0055 3248 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 23:00:10.0055 3248 Brserid - ok 23:00:10.0087 3248 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 23:00:10.0087 3248 BrSerWdm - ok 23:00:10.0102 3248 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 23:00:10.0102 3248 BrUsbMdm - ok 23:00:10.0133 3248 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 23:00:10.0133 3248 BrUsbSer - ok 23:00:10.0243 3248 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 23:00:10.0243 3248 BthEnum - ok 23:00:10.0289 3248 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 23:00:10.0289 3248 BTHMODEM - ok 23:00:10.0336 3248 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 23:00:10.0352 3248 BthPan - ok 23:00:10.0399 3248 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 23:00:10.0414 3248 BTHPORT - ok 23:00:10.0445 3248 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 23:00:10.0445 3248 BTHUSB - ok 23:00:10.0492 3248 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 23:00:10.0492 3248 cdfs - ok 23:00:10.0539 3248 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 23:00:10.0539 3248 cdrom - ok 23:00:10.0586 3248 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 23:00:10.0586 3248 circlass - ok 23:00:10.0633 3248 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 23:00:10.0648 3248 CLFS - ok 23:00:10.0804 3248 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 23:00:10.0804 3248 CmBatt - ok 23:00:10.0835 3248 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 23:00:10.0835 3248 cmdide - ok 23:00:10.0898 3248 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 23:00:10.0913 3248 CNG - ok 23:00:10.0960 3248 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 23:00:10.0960 3248 Compbatt - ok 23:00:10.0991 3248 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys 23:00:10.0991 3248 CompositeBus - ok 23:00:11.0054 3248 cpudrv64 - ok 23:00:11.0179 3248 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 23:00:11.0179 3248 crcdisk - ok 23:00:11.0288 3248 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 23:00:11.0288 3248 CSC - ok 23:00:11.0413 3248 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 23:00:11.0413 3248 DfsC - ok 23:00:11.0475 3248 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 23:00:11.0475 3248 discache - ok 23:00:11.0522 3248 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 23:00:11.0522 3248 Disk - ok 23:00:11.0569 3248 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys 23:00:11.0569 3248 dmvsc - ok 23:00:11.0678 3248 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 23:00:11.0693 3248 drmkaud - ok 23:00:11.0756 3248 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 23:00:11.0787 3248 DXGKrnl - ok 23:00:11.0865 3248 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys 23:00:11.0865 3248 e1express - ok 23:00:12.0005 3248 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 23:00:12.0099 3248 ebdrv - ok 23:00:12.0255 3248 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 23:00:12.0286 3248 elxstor - ok 23:00:12.0317 3248 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 23:00:12.0317 3248 ErrDev - ok 23:00:12.0411 3248 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 23:00:12.0411 3248 exfat - ok 23:00:12.0458 3248 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 23:00:12.0473 3248 fastfat - ok 23:00:12.0505 3248 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 23:00:12.0505 3248 fdc - ok 23:00:12.0583 3248 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 23:00:12.0583 3248 FileInfo - ok 23:00:12.0598 3248 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 23:00:12.0614 3248 Filetrace - ok 23:00:12.0629 3248 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 23:00:12.0629 3248 flpydisk - ok 23:00:12.0676 3248 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 23:00:12.0676 3248 FltMgr - ok 23:00:12.0723 3248 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 23:00:12.0723 3248 FsDepends - ok 23:00:12.0754 3248 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 23:00:12.0754 3248 Fs_Rec - ok 23:00:12.0785 3248 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 23:00:12.0801 3248 fvevol - ok 23:00:12.0832 3248 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 23:00:12.0832 3248 gagp30kx - ok 23:00:12.0848 3248 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 23:00:12.0848 3248 hcw85cir - ok 23:00:12.0895 3248 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 23:00:12.0895 3248 HdAudAddService - ok 23:00:13.0019 3248 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 23:00:13.0019 3248 HDAudBus - ok 23:00:13.0066 3248 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 23:00:13.0066 3248 HidBatt - ok 23:00:13.0097 3248 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 23:00:13.0097 3248 HidBth - ok 23:00:13.0129 3248 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 23:00:13.0129 3248 HidIr - ok 23:00:13.0175 3248 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 23:00:13.0175 3248 HidUsb - ok 23:00:13.0238 3248 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 23:00:13.0238 3248 HpSAMD - ok 23:00:13.0269 3248 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 23:00:13.0285 3248 HTTP - ok 23:00:13.0300 3248 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 23:00:13.0300 3248 hwpolicy - ok 23:00:13.0347 3248 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 23:00:13.0347 3248 i8042prt - ok 23:00:13.0441 3248 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 23:00:13.0441 3248 iaStorV - ok 23:00:13.0690 3248 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys 23:00:13.0846 3248 igfx - ok 23:00:13.0955 3248 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 23:00:13.0955 3248 iirsp - ok 23:00:14.0018 3248 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 23:00:14.0018 3248 intelide - ok 23:00:14.0111 3248 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 23:00:14.0111 3248 intelppm - ok 23:00:14.0143 3248 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:00:14.0143 3248 IpFilterDriver - ok 23:00:14.0174 3248 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 23:00:14.0174 3248 IPMIDRV - ok 23:00:14.0236 3248 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 23:00:14.0236 3248 IPNAT - ok 23:00:14.0267 3248 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 23:00:14.0267 3248 IRENUM - ok 23:00:14.0299 3248 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 23:00:14.0299 3248 isapnp - ok 23:00:14.0330 3248 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 23:00:14.0330 3248 iScsiPrt - ok 23:00:14.0377 3248 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 23:00:14.0392 3248 kbdclass - ok 23:00:14.0423 3248 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 23:00:14.0423 3248 kbdhid - ok 23:00:14.0470 3248 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 23:00:14.0470 3248 KSecDD - ok 23:00:14.0501 3248 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 23:00:14.0501 3248 KSecPkg - ok 23:00:14.0564 3248 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 23:00:14.0564 3248 ksthunk - ok 23:00:14.0642 3248 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 23:00:14.0642 3248 lltdio - ok 23:00:14.0751 3248 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 23:00:14.0751 3248 LSI_FC - ok 23:00:14.0813 3248 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 23:00:14.0813 3248 LSI_SAS - ok 23:00:14.0845 3248 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 23:00:14.0845 3248 LSI_SAS2 - ok 23:00:14.0907 3248 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 23:00:14.0907 3248 LSI_SCSI - ok 23:00:14.0954 3248 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 23:00:14.0954 3248 luafv - ok 23:00:15.0032 3248 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 23:00:15.0032 3248 megasas - ok 23:00:15.0079 3248 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 23:00:15.0094 3248 MegaSR - ok 23:00:15.0125 3248 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 23:00:15.0125 3248 Modem - ok 23:00:15.0172 3248 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 23:00:15.0172 3248 monitor - ok 23:00:15.0297 3248 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 23:00:15.0297 3248 mouclass - ok 23:00:15.0344 3248 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 23:00:15.0344 3248 mouhid - ok 23:00:15.0375 3248 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 23:00:15.0375 3248 mountmgr - ok 23:00:15.0406 3248 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 23:00:15.0406 3248 mpio - ok 23:00:15.0437 3248 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 23:00:15.0437 3248 mpsdrv - ok 23:00:15.0469 3248 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 23:00:15.0469 3248 MRxDAV - ok 23:00:15.0515 3248 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 23:00:15.0515 3248 mrxsmb - ok 23:00:15.0547 3248 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:00:15.0547 3248 mrxsmb10 - ok 23:00:15.0578 3248 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:00:15.0593 3248 mrxsmb20 - ok 23:00:15.0609 3248 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 23:00:15.0609 3248 msahci - ok 23:00:15.0640 3248 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 23:00:15.0656 3248 msdsm - ok 23:00:15.0749 3248 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 23:00:15.0749 3248 Msfs - ok 23:00:15.0781 3248 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 23:00:15.0796 3248 mshidkmdf - ok 23:00:15.0812 3248 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 23:00:15.0812 3248 msisadrv - ok 23:00:15.0905 3248 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 23:00:15.0905 3248 MSKSSRV - ok 23:00:15.0952 3248 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 23:00:15.0952 3248 MSPCLOCK - ok 23:00:15.0968 3248 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 23:00:15.0983 3248 MSPQM - ok 23:00:16.0030 3248 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 23:00:16.0030 3248 MsRPC - ok 23:00:16.0093 3248 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 23:00:16.0093 3248 mssmbios - ok 23:00:16.0139 3248 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 23:00:16.0139 3248 MSTEE - ok 23:00:16.0155 3248 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 23:00:16.0155 3248 MTConfig - ok 23:00:16.0171 3248 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 23:00:16.0186 3248 Mup - ok 23:00:16.0311 3248 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 23:00:16.0311 3248 NativeWifiP - ok 23:00:16.0389 3248 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 23:00:16.0405 3248 NDIS - ok 23:00:16.0467 3248 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 23:00:16.0467 3248 NdisCap - ok 23:00:16.0514 3248 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 23:00:16.0514 3248 NdisTapi - ok 23:00:16.0561 3248 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 23:00:16.0561 3248 Ndisuio - ok 23:00:16.0576 3248 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 23:00:16.0576 3248 NdisWan - ok 23:00:16.0607 3248 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 23:00:16.0607 3248 NDProxy - ok 23:00:16.0639 3248 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 23:00:16.0639 3248 NetBIOS - ok 23:00:16.0670 3248 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 23:00:16.0670 3248 NetBT - ok 23:00:16.0873 3248 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 23:00:16.0997 3248 netw5v64 - ok 23:00:17.0122 3248 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 23:00:17.0138 3248 nfrd960 - ok 23:00:17.0185 3248 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 23:00:17.0185 3248 Npfs - ok 23:00:17.0263 3248 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 23:00:17.0263 3248 nsiproxy - ok 23:00:17.0356 3248 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 23:00:17.0403 3248 Ntfs - ok 23:00:17.0434 3248 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 23:00:17.0434 3248 Null - ok 23:00:17.0512 3248 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 23:00:17.0512 3248 nvraid - ok 23:00:17.0543 3248 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 23:00:17.0543 3248 nvstor - ok 23:00:17.0621 3248 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 23:00:17.0637 3248 nv_agp - ok 23:00:17.0715 3248 OADevice (76aa576a6abceea31dc05e959bd51e15) C:\Windows\SysWow64\Drivers\OADriver.sys 23:00:17.0715 3248 OADevice - ok 23:00:17.0778 3248 oahlpXX (89113f98156e9120d78f018cdfc5bec4) C:\Windows\syswow64\drivers\oahlp64.sys 23:00:17.0778 3248 oahlpXX - ok 23:00:17.0824 3248 OAmon (ecd517bc4fa048fbe3da2d12147c104e) C:\Windows\SysWOW64\Drivers\OAmon.sys 23:00:17.0824 3248 OAmon - ok 23:00:17.0902 3248 OAnet (3c1c4645a61f2d5cd4f85b2013fd182f) C:\Windows\system32\DRIVERS\oanet.sys 23:00:17.0902 3248 OAnet - ok 23:00:17.0980 3248 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 23:00:17.0980 3248 ohci1394 - ok 23:00:18.0058 3248 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 23:00:18.0058 3248 Parport - ok 23:00:18.0090 3248 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 23:00:18.0090 3248 partmgr - ok 23:00:18.0136 3248 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 23:00:18.0136 3248 pci - ok 23:00:18.0168 3248 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 23:00:18.0168 3248 pciide - ok 23:00:18.0214 3248 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 23:00:18.0214 3248 pcmcia - ok 23:00:18.0246 3248 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 23:00:18.0246 3248 pcw - ok 23:00:18.0308 3248 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 23:00:18.0339 3248 PEAUTH - ok 23:00:18.0511 3248 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 23:00:18.0511 3248 PptpMiniport - ok 23:00:18.0558 3248 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 23:00:18.0558 3248 Processor - ok 23:00:18.0636 3248 prodrv06 - ok 23:00:18.0698 3248 prohlp02 - ok 23:00:18.0807 3248 prosync1 - ok 23:00:18.0870 3248 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 23:00:18.0885 3248 Psched - ok 23:00:18.0963 3248 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 23:00:18.0994 3248 ql2300 - ok 23:00:19.0026 3248 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 23:00:19.0026 3248 ql40xx - ok 23:00:19.0057 3248 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 23:00:19.0057 3248 QWAVEdrv - ok 23:00:19.0088 3248 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 23:00:19.0088 3248 RasAcd - ok 23:00:19.0150 3248 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 23:00:19.0150 3248 RasAgileVpn - ok 23:00:19.0197 3248 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 23:00:19.0197 3248 Rasl2tp - ok 23:00:19.0228 3248 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 23:00:19.0228 3248 RasPppoe - ok 23:00:19.0291 3248 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 23:00:19.0306 3248 RasSstp - ok 23:00:19.0338 3248 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 23:00:19.0338 3248 rdbss - ok 23:00:19.0369 3248 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 23:00:19.0369 3248 rdpbus - ok 23:00:19.0400 3248 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 23:00:19.0400 3248 RDPCDD - ok 23:00:19.0447 3248 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 23:00:19.0462 3248 RDPDR - ok 23:00:19.0509 3248 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 23:00:19.0509 3248 RDPENCDD - ok 23:00:19.0540 3248 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 23:00:19.0540 3248 RDPREFMP - ok 23:00:19.0572 3248 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 23:00:19.0572 3248 RDPWD - ok 23:00:19.0618 3248 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 23:00:19.0618 3248 rdyboost - ok 23:00:19.0712 3248 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 23:00:19.0712 3248 RFCOMM - ok 23:00:19.0774 3248 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 23:00:19.0774 3248 rspndr - ok 23:00:19.0806 3248 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 23:00:19.0806 3248 s3cap - ok 23:00:19.0837 3248 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 23:00:19.0852 3248 sbp2port - ok 23:00:19.0884 3248 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 23:00:19.0884 3248 scfilter - ok 23:00:19.0977 3248 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 23:00:19.0977 3248 secdrv - ok 23:00:20.0024 3248 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 23:00:20.0024 3248 Serenum - ok 23:00:20.0149 3248 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 23:00:20.0149 3248 Serial - ok 23:00:20.0196 3248 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 23:00:20.0196 3248 sermouse - ok 23:00:20.0242 3248 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 23:00:20.0242 3248 sffdisk - ok 23:00:20.0289 3248 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 23:00:20.0289 3248 sffp_mmc - ok 23:00:20.0305 3248 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 23:00:20.0305 3248 sffp_sd - ok 23:00:20.0383 3248 sfhlp01 - ok 23:00:20.0430 3248 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 23:00:20.0430 3248 sfloppy - ok 23:00:20.0570 3248 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 23:00:20.0586 3248 SiSRaid2 - ok 23:00:20.0617 3248 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 23:00:20.0617 3248 SiSRaid4 - ok 23:00:20.0664 3248 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 23:00:20.0664 3248 Smb - ok 23:00:20.0820 3248 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 23:00:20.0820 3248 spldr - ok 23:00:20.0944 3248 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\system32\Drivers\sptd.sys 23:00:20.0944 3248 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34f974f8b3c86de03a30dcbe79091c97 23:00:20.0944 3248 sptd ( LockedFile.Multi.Generic ) - warning 23:00:20.0944 3248 sptd - detected LockedFile.Multi.Generic (1) 23:00:21.0022 3248 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 23:00:21.0022 3248 srv - ok 23:00:21.0054 3248 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 23:00:21.0069 3248 srv2 - ok 23:00:21.0100 3248 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 23:00:21.0116 3248 srvnet - ok 23:00:21.0178 3248 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 23:00:21.0178 3248 stexstor - ok 23:00:21.0225 3248 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 23:00:21.0225 3248 storflt - ok 23:00:21.0272 3248 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 23:00:21.0288 3248 storvsc - ok 23:00:21.0350 3248 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 23:00:21.0350 3248 swenum - ok 23:00:21.0537 3248 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys 23:00:21.0568 3248 Tcpip - ok 23:00:21.0678 3248 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys 23:00:21.0693 3248 TCPIP6 - ok 23:00:21.0787 3248 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 23:00:21.0787 3248 tcpipreg - ok 23:00:21.0849 3248 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 23:00:21.0849 3248 TDPIPE - ok 23:00:21.0880 3248 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 23:00:21.0880 3248 TDTCP - ok 23:00:21.0927 3248 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 23:00:21.0943 3248 tdx - ok 23:00:21.0958 3248 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys 23:00:21.0974 3248 TermDD - ok 23:00:22.0146 3248 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 23:00:22.0146 3248 tssecsrv - ok 23:00:22.0177 3248 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 23:00:22.0192 3248 TsUsbFlt - ok 23:00:22.0224 3248 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 23:00:22.0224 3248 TsUsbGD - ok 23:00:22.0286 3248 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 23:00:22.0286 3248 tunnel - ok 23:00:22.0317 3248 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 23:00:22.0317 3248 uagp35 - ok 23:00:22.0348 3248 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 23:00:22.0364 3248 udfs - ok 23:00:22.0473 3248 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 23:00:22.0473 3248 uliagpkx - ok 23:00:22.0536 3248 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 23:00:22.0536 3248 umbus - ok 23:00:22.0598 3248 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 23:00:22.0598 3248 UmPass - ok 23:00:22.0692 3248 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 23:00:22.0692 3248 usbccgp - ok 23:00:22.0801 3248 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 23:00:22.0801 3248 usbcir - ok 23:00:22.0863 3248 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 23:00:22.0863 3248 usbehci - ok 23:00:22.0926 3248 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 23:00:22.0941 3248 usbhub - ok 23:00:22.0972 3248 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 23:00:22.0972 3248 usbohci - ok 23:00:23.0050 3248 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys 23:00:23.0050 3248 usbprint - ok 23:00:23.0082 3248 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:00:23.0082 3248 USBSTOR - ok 23:00:23.0144 3248 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 23:00:23.0144 3248 usbuhci - ok 23:00:23.0222 3248 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys 23:00:23.0222 3248 VClone - ok 23:00:23.0331 3248 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 23:00:23.0331 3248 vdrvroot - ok 23:00:23.0394 3248 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 23:00:23.0394 3248 vga - ok 23:00:23.0409 3248 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 23:00:23.0409 3248 VgaSave - ok 23:00:23.0440 3248 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 23:00:23.0440 3248 vhdmp - ok 23:00:23.0487 3248 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 23:00:23.0487 3248 viaide - ok 23:00:23.0534 3248 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 23:00:23.0534 3248 vmbus - ok 23:00:23.0565 3248 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 23:00:23.0565 3248 VMBusHID - ok 23:00:23.0643 3248 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 23:00:23.0643 3248 volmgr - ok 23:00:23.0674 3248 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 23:00:23.0690 3248 volmgrx - ok 23:00:23.0721 3248 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 23:00:23.0721 3248 volsnap - ok 23:00:23.0799 3248 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 23:00:23.0799 3248 vsmraid - ok 23:00:23.0862 3248 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 23:00:23.0862 3248 vwifibus - ok 23:00:23.0986 3248 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 23:00:23.0986 3248 WacomPen - ok 23:00:24.0033 3248 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 23:00:24.0033 3248 WANARP - ok 23:00:24.0049 3248 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 23:00:24.0049 3248 Wanarpv6 - ok 23:00:24.0220 3248 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 23:00:24.0220 3248 Wd - ok 23:00:24.0267 3248 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 23:00:24.0267 3248 Wdf01000 - ok 23:00:24.0454 3248 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 23:00:24.0454 3248 WfpLwf - ok 23:00:24.0486 3248 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 23:00:24.0486 3248 WIMMount - ok 23:00:24.0704 3248 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 23:00:24.0704 3248 WinUsb - ok 23:00:24.0766 3248 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 23:00:24.0766 3248 WmiAcpi - ok 23:00:24.0876 3248 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 23:00:24.0876 3248 ws2ifsl - ok 23:00:24.0938 3248 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 23:00:24.0938 3248 WudfPf - ok 23:00:24.0985 3248 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 23:00:24.0985 3248 WUDFRd - ok 23:00:25.0094 3248 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 23:00:25.0110 3248 \Device\Harddisk0\DR0 - ok 23:00:25.0110 3248 Boot (0x1200) (1c230dbbd80cd1c044487ffeeead2a52) \Device\Harddisk0\DR0\Partition0 23:00:25.0110 3248 \Device\Harddisk0\DR0\Partition0 - ok 23:00:25.0141 3248 Boot (0x1200) (add7d245f6fc8504db23130050ee221c) \Device\Harddisk0\DR0\Partition1 23:00:25.0141 3248 \Device\Harddisk0\DR0\Partition1 - ok 23:00:25.0156 3248 Boot (0x1200) (a7ac71c25b4f4fec1825edaba1e4801f) \Device\Harddisk0\DR0\Partition2 23:00:25.0156 3248 \Device\Harddisk0\DR0\Partition2 - ok 23:00:25.0156 3248 ============================================================ 23:00:25.0156 3248 Scan finished 23:00:25.0156 3248 ============================================================ 23:00:25.0172 1716 Detected object count: 1 23:00:25.0172 1716 Actual detected object count: 1 23:00:39.0836 1716 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine 23:00:39.0852 1716 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine To są stare sterowniki zabezpieczenia StarForce. Należy je usunąć. Deinstalator starych wersji -> http://www.star-forc...pport/drivers/. Problemik. Wedle tego co wyczytałem to jest to jakaś usługa powiązana ze słuchawkami i/lub mikrofonem. Czy posiadasz któreś z tych urządzeń? Nie mam mikrofonu, mam wbudowany głośnik. Ale niedawno instalowałem sterowniki karty dźwiękowej. Ale w sumie to, że je zainstalowałem to nic nie zmieniło, jedynie to, że zniknęła informacja z windows update. OTL Skrypt: All processes killed ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&ksportuj do programu Microsoft Excel\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&ksportuj do programu Microsoft Excel\ not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Persistence not found. ========== COMMANDS ========== Restore point Set: OTL Restore Point [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: eMeM ->Temp folder emptied: 957791 bytes ->Temporary Internet Files folder emptied: 74898436 bytes ->Java cache emptied: 2034726 bytes ->FireFox cache emptied: 462438741 bytes ->Flash cache emptied: 5683 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 541788 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 516,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 10232011_230742 Files\Folders moved on Reboot... C:\Users\eMeM\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... OTL.txt (Pliki młodsze niż 7 dni): OTL logfile created on: 2011-10-23 23:14:54 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\eMeM\Desktop\Pobieranie 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,79% Memory free 3,98 Gb Paging File | 2,85 Gb Available in Paging File | 71,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 80,00 Gb Total Space | 35,28 Gb Free Space | 44,10% Space Free | Partition Type: NTFS Drive D: | 152,79 Gb Total Space | 133,88 Gb Free Space | 87,63% Space Free | Partition Type: NTFS Computer Name: EMEM-KOMPUTER | User Name: eMeM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days ========== Processes (SafeList) ========== PRC - [2011-10-23 17:20:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\eMeM\Desktop\Pobieranie\OTL.exe PRC - [2011-09-30 14:50:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Programy\Mozilla Firefox\firefox.exe PRC - [2011-04-06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oasrv.exe PRC - [2011-04-06 13:01:06 | 002,477,032 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oaui.exe PRC - [2011-04-06 13:01:06 | 000,433,560 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\OAReg.exe PRC - [2011-04-06 13:01:04 | 001,165,336 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oahlp.exe PRC - [2011-04-06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oacat.exe PRC - [2009-08-29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe ========== Modules (No Company Name) ========== MOD - [2011-09-30 14:50:45 | 001,833,944 | ---- | M] () -- D:\Programy\Mozilla Firefox\mozjs.dll MOD - [2009-08-29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007-02-06 11:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV - [2011-04-06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\Programy\Online Armor\oasrv.exe -- (SvcOnlineArmor) SRV - [2011-04-06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\Programy\Online Armor\OAcat.exe -- (OAcat) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011-10-20 16:46:25 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011-04-06 13:01:30 | 000,032,920 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OAnet.sys -- (OAnet) DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011-01-15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009-09-23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Sterownik karty Intel® DRV:64bit: - [2009-06-10 22:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Sterownik połączenia sieciowego Intel® DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008-04-24 17:25:48 | 000,402,432 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2011-04-06 13:02:26 | 000,055,088 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX) DRV - [2011-04-06 13:01:30 | 000,059,176 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice) DRV - [2011-04-06 13:01:30 | 000,038,064 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2004-04-08 12:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004-04-08 10:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003-12-01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003-09-06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Programy\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programy\Mozilla Firefox\components [2011-10-04 18:47:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins [2011-10-16 18:39:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: D:\Programy\Mozilla Thunderbird\components [2011-10-04 18:47:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: D:\Programy\Mozilla Thunderbird\plugins [2011-10-16 18:39:08 | 000,000,000 | ---D | M] [2011-08-30 15:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMeM\AppData\Roaming\mozilla\Extensions [2011-09-30 14:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMeM\AppData\Roaming\mozilla\Firefox\Profiles\pampk215.emem\extensions [2011-09-20 10:04:39 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\USERS\EMEM\APPDATA\ROAMING\THUNDERBIRD\PROFILES\I2OIS3VG.DEFAULT\EXTENSIONS\MINTRAYR@TN123.ATH.CX O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] D:\Programy\Online Armor\oaui.exe (Emsi Software GmbH) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000..\Run: [F.lux] C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O7 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D40224D-17C7-4509-88F8-3B488A83DC64}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AEC1F91-4522-4851-B992-651511891896}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{62bf0940-fb2a-11e0-946a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{62bf0940-fb2a-11e0-946a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{6b710be5-dee3-11e0-b706-002186671253}\Shell - "" = AutoRun O33 - MountPoints2\{6b710be5-dee3-11e0-b706-002186671253}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{88f61b9d-ee77-11e0-85bb-002186671253}\Shell - "" = AutoRun O33 - MountPoints2\{88f61b9d-ee77-11e0-85bb-002186671253}\Shell\AutoRun\command - "" = G:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 7 Days ========== [2011-10-23 23:07:42 | 000,000,000 | ---D | C] -- C:\_OTL [2011-10-23 23:00:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2011-10-23 17:56:18 | 000,000,000 | ---D | C] -- C:\Users\eMeM\Desktop\100CANON [2011-10-21 16:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices ========== Files - Modified Within 7 Days ========== [2011-10-23 23:11:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-10-23 23:11:05 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys [2011-10-23 17:55:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011-10-23 17:07:05 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-10-23 17:07:05 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-10-23 17:04:45 | 001,707,868 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011-10-23 17:04:45 | 000,762,672 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2011-10-23 17:04:45 | 000,672,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011-10-23 17:04:45 | 000,155,834 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2011-10-23 17:04:45 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011-10-20 16:50:47 | 000,000,235 | ---- | M] () -- C:\Users\eMeM\Documents\ax_files.xml [2011-10-20 16:46:25 | 000,503,352 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2011-10-20 16:33:28 | 000,000,671 | ---- | M] () -- C:\Users\Public\Desktop\Play ToCA Race Driver 2.lnk [2011-10-19 21:57:51 | 000,000,000 | -H-- | M] () -- C:\Users\eMeM\Documents\Default.rdp [2011-10-18 16:15:12 | 000,000,278 | R--- | M] () -- C:\Users\eMeM\Show_Hidden_Files_On_Off.vbs [2011-10-18 15:32:35 | 000,001,138 | ---- | M] () -- C:\Users\eMeM\Desktop\mbam.lnk ========== Files Created - No Company Name ========== [2011-10-23 17:55:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011-10-20 16:50:47 | 000,000,235 | ---- | C] () -- C:\Users\eMeM\Documents\ax_files.xml [2011-10-20 16:46:25 | 000,503,352 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2011-10-20 16:33:28 | 000,000,671 | ---- | C] () -- C:\Users\Public\Desktop\Play ToCA Race Driver 2.lnk [2011-10-19 21:57:51 | 000,000,000 | -H-- | C] () -- C:\Users\eMeM\Documents\Default.rdp [2011-10-18 16:15:12 | 000,000,278 | R--- | C] () -- C:\Users\eMeM\Show_Hidden_Files_On_Off.vbs [2011-10-18 15:32:35 | 000,001,138 | ---- | C] () -- C:\Users\eMeM\Desktop\mbam.lnk [2011-09-22 17:32:25 | 000,007,597 | ---- | C] () -- C:\Users\eMeM\AppData\Local\Resmon.ResmonCfg [2011-09-05 11:55:39 | 000,059,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys [2011-09-05 11:55:39 | 000,055,088 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys [2009-09-23 19:21:08 | 002,050,952 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin [2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011-10-23 14:13:03 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\.purple [2011-09-09 16:42:39 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Foxit Software [2011-10-03 23:52:23 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\gtk-2.0 [2011-10-04 14:11:34 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Leadertech [2011-09-05 11:59:00 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\OnlineArmor [2011-09-19 23:19:36 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Thunderbird [2011-10-22 14:02:24 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\uTorrent [2011-09-23 15:09:15 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras.txt: OTL Extras logfile created on: 2011-10-23 23:14:54 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\eMeM\Desktop\Pobieranie 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,79% Memory free 3,98 Gb Paging File | 2,85 Gb Available in Paging File | 71,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 80,00 Gb Total Space | 35,28 Gb Free Space | 44,10% Space Free | Partition Type: NTFS Drive D: | 152,79 Gb Total Space | 133,88 Gb Free Space | 87,63% Space Free | Partition Type: NTFS Computer Name: EMEM-KOMPUTER | User Name: eMeM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Programy\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "HDMI" = Intel® Graphics Media Accelerator Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "WinRAR archiver" = WinRAR 4.01 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java 7 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0415-1000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2 "{F8718F95-21A1-44B9-97EC-679C93020BAE}" = Colin McRae Rally 04 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Eurobattle.net1.26" = Eurobattle.net "EuroPoker Tournament Director's Poker Clock" = EuroPoker Tournament Director's Poker Clock "Foxit Reader_is1" = Foxit Reader 5.0 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.2.1300 "Mozilla Firefox 7.0.1 (x86 pl)" = Mozilla Firefox 7.0.1 (x86 pl) "Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1) "OnlineArmor_is1" = Online Armor 5.0 "Pidgin" = Pidgin "uTorrent" = µTorrent "Winamp" = Winamp ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Flux" = F.lux ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2011-10-20 10:46:00 | Computer Name = eMeM-komputer | Source = VSS | ID = 8194 Description = Error - 2011-10-20 10:46:01 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-20 10:53:22 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-20 10:53:32 | Computer Name = eMeM-komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Au_.exe, wersja: 4.36.1.2033, sygnatura czasowa: 0x4c93644f Nazwa modułu powodującego błąd: nsDialogs.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x4b1ae3a8 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00001939 Identyfikator procesu powodującego błąd: 0xc90 Godzina uruchomienia aplikacji powodującej błąd: 0x01cc8f37f42959c4 Ścieżka aplikacji powodującej błąd: C:\Users\eMeM\AppData\Local\Temp\~nsu.tmp\Au_.exe Ścieżka modułu powodującego błąd: C:\Users\eMeM\AppData\Local\Temp\nsa7B57.tmp\nsDialogs.dll Identyfikator raportu: 46bc2f1c-fb2b-11e0-aea8-002186671253 Error - 2011-10-20 16:07:11 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-21 03:45:54 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-21 10:26:31 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-23 10:12:51 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-23 13:00:03 | Computer Name = eMeM-komputer | Source = Windows Backup | ID = 4103 Description = Error - 2011-10-23 17:07:45 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = [ System Events ] Error - 2011-10-22 16:13:16 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2011-10-22 16:13:42 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2011-10-23 07:01:07 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2011-10-23 07:01:33 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2011-10-23 09:46:36 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2011-10-23 09:47:02 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2011-10-23 10:44:49 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2011-10-23 10:45:14 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2011-10-23 17:11:04 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2011-10-23 17:11:32 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 < End of report > Odnośnik do komentarza
peter2012 Opublikowano 24 Października 2011 Zgłoś Udostępnij Opublikowano 24 Października 2011 Wiem że spamuje,ale kolega kominekl nie przeczytał zasad! W tym dziale mogą udzielać pomocy TYLKO @picasso i @Landuss.Co gorsza,skrypt totalnie ni z gruchy ni z pietruchy.Zgłaszam. PS.Przepraszam Picasso za spam. Odnośnik do komentarza
picasso Opublikowano 24 Października 2011 Zgłoś Udostępnij Opublikowano 24 Października 2011 kominekl Tak jak mówi peter2012, w dziale Malware jest określony regulamin: KLIK. To ma na celu uniknąć m.in. podawania skryptów, które są niewłaściwe. Popatrzmy na Twój skrypt: Komenda [clearallrestorepoints] działa na XP, nie na Vista i Windows 7, na którym jest zdolna tylko utworzyć nowy punkt przywracania. A nawet gdyby działała na tych systemach, to nie wiem co to za akcja, by czyścić bezpodstawnie wszystkie punkty przywracania. Linie "Extra context menu item" to nie są rzeczywiste "not found", tylko dlatego tak się pokazuje, że na końcu są kreski w odwrotną stronę - dla porównania, na liście zainstalowanych Office siedzi i ma się dobrze. Wpis FF "...microsoft.com/GENUINE" zawsze jest "not found" i tego się nie usuwa. Należy także wątpić, czy to było "not found": FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found ... gdyż na liście zainstalowanych jest 64-bitowy Flash: ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit ... czyli pasujący do 64-bitowej wersji Firefox (taka tu nie jest zainstalowana). O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) I nie wiem co miałeś na myśli chcąc usuwać tę linię Intel. Walkerowy Jaki powód zakładania tematu w dziale Malware? To nie jest dział analizy logów, tylko dział diagnostyki infekcji. Logi są tylko narzędziem wyciągania danych i mogą być umieszczone w dowolnym dziale, w którym mogą się okazać pomocne. Temat przesuwam do działu Windows. 1. Skoro nie ma tu 64-bitowego Firefox, a już wpis 64-bitowego Flash został wyrżnięty, to odinstaluj 64-bitowy Flash. On nie jest tu potrzebny wcale, masz 32-bitowy Firefox do którego pasuje 32-bitowy Flash, który tu jest obecny: FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () 2. 23:00:39.0836 1716 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine23:00:39.0852 1716 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine Błąd decyzyjny - tu należało dobrać Skip. To nie jest zagrożenie. Cytuję z opisu TDSSKiller: Uwaga: przed podjęciem jakichkolwiek kroków na własną rękę najlepiej się skonsultować, ponieważ wyniki niekoniecznie mogą być rzeczywistym zagrożeniem i mieć kwalifikację do usuwania. Przykładowo, podstawowym obiektem wchodzącym w paradę jest sterownik emulacji napędów wirtualnych SPTD i Kaspersky będzie punktował ten obiekt jako "podejrzany", plik określi jako zablokowany, ale ustawi mu domyślną akcję na Skip. Przypominam ponownie główne ogłoszenie działu: Oprogramowanie emulujące napędy. Wprawdzie w ostatnim OTL sterownik ten jest w dobrym samopoczuciu: DRV:64bit: - [2011-10-20 16:46:25 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) Ale są wątpliwości czy zresetowałeś system po użyciu TDSSKiller (co finalizuje akcję). Jeśli rzeczywiście SPTD okaże się usunięty, a masz na dysku program go używający, należy ten sterownik przeinstalować narzędziem SPTDinst. 3. Error - 2011-10-23 10:44:49 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostałozablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowaniaw celu uzyskania zgodnej wersji sterownika. Error - 2011-10-23 10:45:14 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026Description = Nie można załadować następujących sterowników startu rozruchowegolub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Stare sterowniki StarForce usuniesz skryptem do OTL o zawartości: :OTL DRV - [2004-04-08 12:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004-04-08 10:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003-12-01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003-09-06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1) . Odnośnik do komentarza
Walkerowy Opublikowano 24 Października 2011 Autor Zgłoś Udostępnij Opublikowano 24 Października 2011 1. Ok, 64-bit odinstalowany. 2. Przede wszystkim, nie mam oprogramowania emulującego napędy. Co dalej z tym sterownikiem SPTD? ========== OTL ==========Service prohlp02 stopped successfully! Service prohlp02 deleted successfully! C:\Windows\SysWOW64\drivers\prohlp02.sys moved successfully. Service prodrv06 stopped successfully! Service prodrv06 deleted successfully! C:\Windows\SysWOW64\drivers\prodrv06.sys moved successfully. Service sfhlp01 stopped successfully! Service sfhlp01 deleted successfully! C:\Windows\SysWOW64\drivers\sfhlp01.sys moved successfully. Service prosync1 stopped successfully! Service prosync1 deleted successfully! C:\Windows\SysWOW64\drivers\prosync1.sys moved successfully. OTL by OldTimer - Version 3.2.31.0 log created on 10242011_132935 Odnośnik do komentarza
picasso Opublikowano 24 Października 2011 Zgłoś Udostępnij Opublikowano 24 Października 2011 2. Przede wszystkim, nie mam oprogramowania emulującego napędy. Co dalej z tym sterownikiem SPTD? Jeśli na pewno nie ma już takiego oprogramowania, to sprawdź co powie narzędzie SPTDinst (to jest deinstalator + instalator w jednym). Odnośnik do komentarza
Walkerowy Opublikowano 24 Października 2011 Autor Zgłoś Udostępnij Opublikowano 24 Października 2011 Uwaga! Mój błąd: Używany był na tym komputerze program Virtual Clone Driver, był usunięty, ale np wpis w msconfig w miejscu uruchamiania pozostał. Proszę o pomoc w usunięciu pozostałości. A i przypominam sobie, że również był trial Alcohol 120%... Odnośnik do komentarza
picasso Opublikowano 24 Października 2011 Zgłoś Udostępnij Opublikowano 24 Października 2011 Używany był na tym komputerze program Virtual Clone Driver, był usunięty, ale np wpis w msconfig w miejscu uruchamiania pozostał. Proszę o pomoc w usunięciu pozostałości. 1. Virtual Clone Drive nie używa sterownika SPTD, posiłkuje się własnym, czyli: DRV:64bit: - [2011-01-15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) Usunięcie tego sterownika: - Start > w polu szukania wpisz devmgmt.msc > z prawokliku Uruchom jako Administrator > w menu Widok włącz pokazywanie ukrytych i w gałęzi "Sterowniki niezgodne z Plug and Play" szukaj tego obiektu do deinstalacji. - Następnie przepuść skrypt OTL o zawartości: :OTL DRV:64bit: - [2011-01-15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) 2. OTL w domyślnej konfiguracji nie skanuje wyłączonych w msconfig wpisów. Jeśli chcesz usunąć taki rodzaj wpisu, to udaj się wprost do rejestru. Virtual Clone Drive startuje przez rejestr, czyli wyłączony wpis w msconfig powinien siedzieć tu: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg A i przypominam sobie, że również był trial Alcohol 120%... To jest prawdopodobny twórca SPTD. Deinstalacja Alcohol nie usuwa z systemu sterownika SPTD. . Odnośnik do komentarza
Walkerowy Opublikowano 24 Października 2011 Autor Zgłoś Udostępnij Opublikowano 24 Października 2011 OTL.Txt OTL logfile created on: 2011-10-24 20:07:55 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\eMeM\Desktop\Pobieranie 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 70,60% Memory free 3,98 Gb Paging File | 3,13 Gb Available in Paging File | 78,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 80,00 Gb Total Space | 34,89 Gb Free Space | 43,61% Space Free | Partition Type: NTFS Drive D: | 152,79 Gb Total Space | 133,88 Gb Free Space | 87,63% Space Free | Partition Type: NTFS Computer Name: EMEM-KOMPUTER | User Name: eMeM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days ========== Processes (SafeList) ========== PRC - [2011-10-23 17:20:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\eMeM\Desktop\Pobieranie\OTL.exe PRC - [2011-04-06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oasrv.exe PRC - [2011-04-06 13:01:06 | 002,477,032 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oaui.exe PRC - [2011-04-06 13:01:06 | 000,433,560 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\OAReg.exe PRC - [2011-04-06 13:01:04 | 001,165,336 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oahlp.exe PRC - [2011-04-06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Online Armor\oacat.exe PRC - [2009-08-29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe ========== Modules (No Company Name) ========== MOD - [2009-08-29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007-02-06 11:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV - [2011-04-06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\Programy\Online Armor\oasrv.exe -- (SvcOnlineArmor) SRV - [2011-04-06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\Programy\Online Armor\OAcat.exe -- (OAcat) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011-04-06 13:01:30 | 000,032,920 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OAnet.sys -- (OAnet) DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009-09-23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Sterownik karty Intel® DRV:64bit: - [2009-06-10 22:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Sterownik połączenia sieciowego Intel® DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008-04-24 17:25:48 | 000,402,432 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2011-04-06 13:02:26 | 000,055,088 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX) DRV - [2011-04-06 13:01:30 | 000,059,176 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice) DRV - [2011-04-06 13:01:30 | 000,038,064 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Programy\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programy\Mozilla Firefox\components [2011-10-04 18:47:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins [2011-10-16 18:39:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: D:\Programy\Mozilla Thunderbird\components [2011-10-04 18:47:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: D:\Programy\Mozilla Thunderbird\plugins [2011-10-16 18:39:08 | 000,000,000 | ---D | M] [2011-08-30 15:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMeM\AppData\Roaming\mozilla\Extensions [2011-09-30 14:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMeM\AppData\Roaming\mozilla\Firefox\Profiles\pampk215.emem\extensions [2011-09-20 10:04:39 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\USERS\EMEM\APPDATA\ROAMING\THUNDERBIRD\PROFILES\I2OIS3VG.DEFAULT\EXTENSIONS\MINTRAYR@TN123.ATH.CX O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] D:\Programy\Online Armor\oaui.exe (Emsi Software GmbH) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000..\Run: [F.lux] C:\Users\eMeM\Local Settings\Apps\F.lux\flux.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O7 - HKU\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D40224D-17C7-4509-88F8-3B488A83DC64}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AEC1F91-4522-4851-B992-651511891896}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{62bf0940-fb2a-11e0-946a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{62bf0940-fb2a-11e0-946a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{6b710be5-dee3-11e0-b706-002186671253}\Shell - "" = AutoRun O33 - MountPoints2\{6b710be5-dee3-11e0-b706-002186671253}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{88f61b9d-ee77-11e0-85bb-002186671253}\Shell - "" = AutoRun O33 - MountPoints2\{88f61b9d-ee77-11e0-85bb-002186671253}\Shell\AutoRun\command - "" = G:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 7 Days ========== [2011-10-23 23:07:42 | 000,000,000 | ---D | C] -- C:\_OTL [2011-10-23 23:00:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2011-10-23 17:56:18 | 000,000,000 | ---D | C] -- C:\Users\eMeM\Desktop\100CANON [2011-10-21 16:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices ========== Files - Modified Within 7 Days ========== [2011-10-24 20:06:12 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-10-24 20:06:12 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-10-24 20:03:19 | 001,707,868 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011-10-24 20:03:19 | 000,762,672 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2011-10-24 20:03:19 | 000,672,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011-10-24 20:03:19 | 000,155,834 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2011-10-24 20:03:19 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011-10-24 19:58:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-10-24 19:58:43 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys [2011-10-24 13:46:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011-10-23 17:55:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011-10-20 16:50:47 | 000,000,235 | ---- | M] () -- C:\Users\eMeM\Documents\ax_files.xml [2011-10-20 16:33:28 | 000,000,671 | ---- | M] () -- C:\Users\Public\Desktop\Play ToCA Race Driver 2.lnk [2011-10-19 21:57:51 | 000,000,000 | -H-- | M] () -- C:\Users\eMeM\Documents\Default.rdp [2011-10-18 16:15:12 | 000,000,278 | R--- | M] () -- C:\Users\eMeM\Show_Hidden_Files_On_Off.vbs [2011-10-18 15:32:35 | 000,001,138 | ---- | M] () -- C:\Users\eMeM\Desktop\mbam.lnk ========== Files Created - No Company Name ========== [2011-10-23 17:55:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011-10-20 16:50:47 | 000,000,235 | ---- | C] () -- C:\Users\eMeM\Documents\ax_files.xml [2011-10-20 16:33:28 | 000,000,671 | ---- | C] () -- C:\Users\Public\Desktop\Play ToCA Race Driver 2.lnk [2011-10-19 21:57:51 | 000,000,000 | -H-- | C] () -- C:\Users\eMeM\Documents\Default.rdp [2011-10-18 16:15:12 | 000,000,278 | R--- | C] () -- C:\Users\eMeM\Show_Hidden_Files_On_Off.vbs [2011-10-18 15:32:35 | 000,001,138 | ---- | C] () -- C:\Users\eMeM\Desktop\mbam.lnk [2011-09-22 17:32:25 | 000,007,597 | ---- | C] () -- C:\Users\eMeM\AppData\Local\Resmon.ResmonCfg [2011-09-05 11:55:39 | 000,059,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys [2011-09-05 11:55:39 | 000,055,088 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys [2009-09-23 19:21:08 | 002,050,952 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin [2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011-10-24 00:46:51 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\.purple [2011-09-09 16:42:39 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Foxit Software [2011-10-03 23:52:23 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\gtk-2.0 [2011-10-04 14:11:34 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Leadertech [2011-09-05 11:59:00 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\OnlineArmor [2011-09-19 23:19:36 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Thunderbird [2011-10-22 14:02:24 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\uTorrent [2011-09-23 15:09:15 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.Txt OTL Extras logfile created on: 2011-10-24 20:07:55 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\eMeM\Desktop\Pobieranie 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 70,60% Memory free 3,98 Gb Paging File | 3,13 Gb Available in Paging File | 78,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 80,00 Gb Total Space | 34,89 Gb Free Space | 43,61% Space Free | Partition Type: NTFS Drive D: | 152,79 Gb Total Space | 133,88 Gb Free Space | 87,63% Space Free | Partition Type: NTFS Computer Name: EMEM-KOMPUTER | User Name: eMeM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Programy\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "HDMI" = Intel® Graphics Media Accelerator Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "WinRAR archiver" = WinRAR 4.01 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java 7 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0415-1000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2 "{F8718F95-21A1-44B9-97EC-679C93020BAE}" = Colin McRae Rally 04 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Eurobattle.net1.26" = Eurobattle.net "EuroPoker Tournament Director's Poker Clock" = EuroPoker Tournament Director's Poker Clock "Foxit Reader_is1" = Foxit Reader 5.0 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.2.1300 "Mozilla Firefox 7.0.1 (x86 pl)" = Mozilla Firefox 7.0.1 (x86 pl) "Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1) "OnlineArmor_is1" = Online Armor 5.0 "Pidgin" = Pidgin "uTorrent" = µTorrent "Winamp" = Winamp ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2379810547-2737495414-2129919692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Flux" = F.lux ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2011-10-20 10:46:00 | Computer Name = eMeM-komputer | Source = VSS | ID = 8194 Description = Error - 2011-10-20 10:46:01 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-20 10:53:22 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-20 10:53:32 | Computer Name = eMeM-komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Au_.exe, wersja: 4.36.1.2033, sygnatura czasowa: 0x4c93644f Nazwa modułu powodującego błąd: nsDialogs.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x4b1ae3a8 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00001939 Identyfikator procesu powodującego błąd: 0xc90 Godzina uruchomienia aplikacji powodującej błąd: 0x01cc8f37f42959c4 Ścieżka aplikacji powodującej błąd: C:\Users\eMeM\AppData\Local\Temp\~nsu.tmp\Au_.exe Ścieżka modułu powodującego błąd: C:\Users\eMeM\AppData\Local\Temp\nsa7B57.tmp\nsDialogs.dll Identyfikator raportu: 46bc2f1c-fb2b-11e0-aea8-002186671253 Error - 2011-10-20 16:07:11 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-21 03:45:54 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-21 10:26:31 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-23 10:12:51 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = Error - 2011-10-23 13:00:03 | Computer Name = eMeM-komputer | Source = Windows Backup | ID = 4103 Description = Error - 2011-10-23 17:07:45 | Computer Name = eMeM-komputer | Source = VSS | ID = 8193 Description = [ System Events ] Error - 2011-10-23 07:01:07 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2011-10-23 07:01:33 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2011-10-23 09:46:36 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2011-10-23 09:47:02 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2011-10-23 10:44:49 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2011-10-23 10:45:14 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2011-10-23 17:11:04 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2011-10-23 17:11:32 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2011-10-24 07:17:08 | Computer Name = eMeM-komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2011-10-24 07:17:36 | Computer Name = eMeM-komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 < End of report > 1. Sterownika nie znalazłem, ale skrypt wykonałem ze skutkiem pomyślnym. 2. Wpis w rejestrze został przeze mnie usunięty. 3. SPTD został przeze mnie usunięty programem SPTDinst. Odnośnik do komentarza
Anonim6 Opublikowano 24 Października 2011 Zgłoś Udostępnij Opublikowano 24 Października 2011 Drugą ciekawostką dla mnie jest usługa: Andrea ADI Filters Service. Odprysk sterownikow dzwieku. Odnośnik do komentarza
Walkerowy Opublikowano 25 Października 2011 Autor Zgłoś Udostępnij Opublikowano 25 Października 2011 Jak usunąć tę usługę i czy z logów z tego posta wszystko wporządku? I jak skasować folder TDSSKiller_Quarantine z dysku C:? Czy jest jakaś funkcja tak jak np. w OTL Czyszczenie czy po prostu PPM i usuń? Odnośnik do komentarza
picasso Opublikowano 25 Października 2011 Zgłoś Udostępnij Opublikowano 25 Października 2011 Jak usunąć tę usługę Czy Ty aby nie przesadzasz? Nie widzę podstaw do zajmowania się tym. czy z logów z tego posta wszystko wporządku? Tak. I jeszcze możesz sobie zaktualizować wtyczkę Adobe Flash w IE, bo masz ją zainstalowaną w starszej wersji 10 (czyli: instalacja Flash musi się odbyć z poziomu IE). I jak skasować folder TDSSKiller_Quarantine z dysku C:?Czy jest jakaś funkcja tak jak np. w OTL Czyszczenie czy po prostu PPM i usuń? Nie ma żadnej funkcji auto, po prostu usuń to ręcznie. . Odnośnik do komentarza
Walkerowy Opublikowano 25 Października 2011 Autor Zgłoś Udostępnij Opublikowano 25 Października 2011 Czy Ty aby nie przesadzasz? Nie widzę podstaw do zajmowania się tym. Może jestem trochę pedantyczny, ale po prostu nie lubię mieć zbędnych rzeczy na komputerze ;-). Jeśli mówisz, że nie ma potrzeby, to nie ma. Dzięki za pomoc. Odnośnik do komentarza
Rekomendowane odpowiedzi