ernie1979 Napisano Maj 25, 2010 Zgłoś Share Napisano Maj 25, 2010 Witam! Mam podejrzenie, że mam zainstalowany program Cain. Jak to sprawdzić? I go wywalić??? Link do komentarza Udostępnij na innych stronach More sharing options...
Stillborn Napisano Maj 25, 2010 Zgłoś Share Napisano Maj 25, 2010 Słyszałem, że można ten program usunąć za pomocą np. CopyLock. Sam się na tym nie znam, ale w google łatwo znaleźć strony, na których wytłumaczono jak to zrobić. Link do komentarza Udostępnij na innych stronach More sharing options...
ernie1979 Napisano Maj 25, 2010 Autor Zgłoś Share Napisano Maj 25, 2010 ale gdzie on może być??? Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Maj 25, 2010 Zgłoś Share Napisano Maj 25, 2010 Cain powinien być wykryty przez a-squared Free (o ile oczywiście go masz). To jest jednak w gruncie rzeczy normalny program, sprawdź na liście dodaj/usuń programy, czy go nie ma. Przeczytaj chociażby to. Ściągnij i uruchom OTL, pozaznaczaj opcje: Scan All Users, LOP Check, Purity Check. Zaznacz też opcję Use Safelist w Extra registry. Wklej oba wygenerowane przez OTL logi. Daj również log z GMERa. To zobaczymy co się dzieje w systemie. Link do komentarza Udostępnij na innych stronach More sharing options...
ernie1979 Napisano Maj 25, 2010 Autor Zgłoś Share Napisano Maj 25, 2010 OTL Extras logfile created on: 2010-05-26 01:11:48 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = E:\zdarte2 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 76,17 Gb Total Space | 43,12 Gb Free Space | 56,61% Space Free | Partition Type: NTFS Drive D: | 111,98 Gb Total Space | 8,71 Gb Free Space | 7,77% Space Free | Partition Type: NTFS Drive E: | 100,89 Gb Total Space | 13,18 Gb Free Space | 13,06% Space Free | Partition Type: NTFS Drive F: | 170,00 Gb Total Space | 91,70 Gb Free Space | 53,94% Space Free | Partition Type: NTFS Drive G: | 350,00 Gb Total Space | 181,18 Gb Free Space | 51,77% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Drive P: | 20,00 Gb Total Space | 12,02 Gb Free Space | 60,08% Space Free | Partition Type: NTFS Computer Name: DEMON Current User Name: Ernie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2264206899-3994682373-1461917315-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software "CPUID CPU-Z_is1" = CPUID CPU-Z 1.54 "Hide Folders 2009_is1" = Hide Folders 2009 3.3 for Windows XP/Vista "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = Archiwizator WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands "{206A4CDF-6EEF-4774-BF98-5B84D2A8B517}_is1" = MATMIC Weather (1.70.1) "{217EC467-61C4-1939-3BBF-4FA4CAEA42FF}" = EA Shared Game Component: Activation "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14 "{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations "{3A609C6D-9BB0-47BB-B0C4-B222F8EA98B6}" = HDDlife "{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Zew Prypeci [v1.6.01] "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands "{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{60CE924D-12CB-4A96-8B75-18F92CE1D585}" = CrazyTalk v6.0 PRO "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2 "{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0711.1 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{90280415-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional z programem FrontPage "{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable "{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A6297093-E4C1-40F8-AEB6-104DD3BD4EAF}" = KeyProwler Full Version "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3.2 - Polish "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Początek "{B0625F16-B742-4F75-9FD8-20B47ACC7DE2}" = ACDSee 7.0 PowerPack "{C4FFCD8D-3A06-E243-2747-2CE771A8B7D4}" = EA Download Manager UI "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype? 4.1 "{D6D5CB84-0E6E-4E69-B300-C690B6911045}" = Nero 8 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "7-Zip" = 7-Zip 4.65 "AC3Filter_is1" = AC3Filter 1.63b "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AQQ" = WapSter AQQ "avast5" = avast! Free Antivirus "Borderlands 1.20 PL_pfu1" = Borderlands 1.20 PL "CCleaner" = CCleaner "CDisplay_is1" = CDisplay 1.8 "com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "EA Download Manager" = EA Download Manager "EA Installer.1214342719" = EA Installer "FastStone Capture" = FastStone Capture 5.3 "FLV Player" = FLV Player 2.0 (build 25) "Gadu-Gadu 10" = Gadu-Gadu 10 "HD Tune_is1" = HD Tune 2.55 "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2 "NTP 32-bit Network Time Protocol v4.2.4p7_is1" = NTP for Windows XP/Vista/7 "NuPagadi!3D 1.01_is1" = NuPagadi!3D 1.01 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "RealAlt_is1" = Real Alternative 1.9.0 Lite "Skuteczne Uwodzenie 2_is1" = Skuteczne Uwodzenie 2 "TC UP 1.8_is1" = TC UP 1.8 "UndeleteMyFiles_is1" = UndeleteMyFiles "uTorrent" = ?Torrent "WinGimp-2.0_is1" = GIMP 2.6.7 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2010-05-25 03:05:54 | Computer Name = Demon | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: GSvr.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x48773c29 Nazwa modułu powodującego błąd: GSvr.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x48773c29 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000025e5 Identyfikator procesu powodującego błąd: 0x838 Godzina uruchomienia aplikacji powodującej błąd: 0x01cafbd12e8394fb Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe Identyfikator raportu: f50bb315-67cb-11df-b69b-001fd09a5696 Error - 2010-05-25 07:26:11 | Computer Name = Demon | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2010-05-25 08:20:24 | Computer Name = Demon | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: GSvr.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x48773c29 Nazwa modułu powodującego błąd: GSvr.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x48773c29 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000025e5 Identyfikator procesu powodującego błąd: 0x82c Godzina uruchomienia aplikacji powodującej błąd: 0x01cafbfd17dfab1c Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe Identyfikator raportu: e476d0b2-67f7-11df-9d11-001fd09a5696 Error - 2010-05-25 11:51:44 | Computer Name = Demon | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2010-05-25 13:58:16 | Computer Name = Demon | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2010-05-25 14:54:50 | Computer Name = Demon | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: GSvr.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x48773c29 Nazwa modułu powodującego błąd: GSvr.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x48773c29 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000025e5 Identyfikator procesu powodującego błąd: 0x4fc Godzina uruchomienia aplikacji powodującej błąd: 0x01cafc33de257352 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe Identyfikator raportu: febaaacc-682e-11df-815b-001fd09a5696 Error - 2010-05-25 15:10:34 | Computer Name = Demon | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2010-05-25 16:04:52 | Computer Name = Demon | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: GSvr.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x48773c29 Nazwa modułu powodującego błąd: GSvr.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x48773c29 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000025e5 Identyfikator procesu powodującego błąd: 0xa50 Godzina uruchomienia aplikacji powodującej błąd: 0x01cafc3df9c7da82 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe Identyfikator raportu: c73a4e3f-6838-11df-b38e-001fd09a5696 Error - 2010-05-25 17:40:51 | Computer Name = Demon | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2010-05-25 18:36:16 | Computer Name = Demon | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: GSvr.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x48773c29 Nazwa modułu powodującego błąd: GSvr.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x48773c29 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000025e5 Identyfikator procesu powodującego błąd: 0xa68 Godzina uruchomienia aplikacji powodującej błąd: 0x01cafc53217d6d5b Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe Identyfikator raportu: edaa6d3f-684d-11df-8b4a-001fd09a5696 [ System Events ] Error - 2010-04-02 02:35:02 | Computer Name = Demon | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \??\C:\Windows\system32\drivers\SBREdrv.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2010-04-02 02:35:22 | Computer Name = Demon | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: SBRE Error - 2010-04-02 03:29:28 | Computer Name = Demon | Source = Service Control Manager | ID = 7034 Description = Usługa GEST Service for program management. niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-04-02 10:00:11 | Computer Name = Demon | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \??\C:\Windows\system32\drivers\SBREdrv.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2010-04-02 10:00:31 | Computer Name = Demon | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: SBRE Error - 2010-04-02 10:54:50 | Computer Name = Demon | Source = Service Control Manager | ID = 7034 Description = Usługa GEST Service for program management. niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-04-02 12:24:52 | Computer Name = Demon | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \??\C:\Windows\system32\drivers\SBREdrv.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2010-04-02 12:25:11 | Computer Name = Demon | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: SBRE Error - 2010-04-02 13:19:38 | Computer Name = Demon | Source = Service Control Manager | ID = 7034 Description = Usługa GEST Service for program management. niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-04-03 02:43:33 | Computer Name = Demon | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \??\C:\Windows\system32\drivers\SBREdrv.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. < End of report > OTL logfile created on: 2010-05-26 01:11:48 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = E:\zdarte2 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 76,17 Gb Total Space | 43,12 Gb Free Space | 56,61% Space Free | Partition Type: NTFS Drive D: | 111,98 Gb Total Space | 8,71 Gb Free Space | 7,77% Space Free | Partition Type: NTFS Drive E: | 100,89 Gb Total Space | 13,18 Gb Free Space | 13,06% Space Free | Partition Type: NTFS Drive F: | 170,00 Gb Total Space | 91,70 Gb Free Space | 53,94% Space Free | Partition Type: NTFS Drive G: | 350,00 Gb Total Space | 181,18 Gb Free Space | 51,77% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Drive P: | 20,00 Gb Total Space | 12,02 Gb Free Space | 60,08% Space Free | Partition Type: NTFS Computer Name: DEMON Current User Name: Ernie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010-05-26 01:10:20 | 000,571,904 | ---- | M] (OldTimer Tools) -- E:\zdarte2\OTL.exe PRC - [2010-05-23 00:24:01 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010-05-23 00:23:48 | 001,314,704 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010-05-06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-04-28 13:45:50 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2010-03-21 09:34:08 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2009-12-12 19:44:45 | 001,945,646 | ---- | M] (FSPro Labs) -- C:\Program Files\Hide Folders 2009\hf.exe PRC - [2009-12-04 09:56:24 | 000,139,952 | ---- | M] (FSPro Labs) -- C:\Windows\SysWOW64\fsproflt.exe PRC - [2009-11-20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009-10-07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe PRC - [2009-09-30 13:59:12 | 000,828,928 | ---- | M] () -- C:\Windows\SysWOW64\ntpd.exe PRC - [2009-08-29 08:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe ========== Modules (SafeList) ========== MOD - [2010-05-26 01:10:20 | 000,571,904 | ---- | M] (OldTimer Tools) -- E:\zdarte2\OTL.exe MOD - [2009-07-14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010-05-20 13:49:41 | 001,255,736 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV:64bit: - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV:64bit: - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV:64bit: - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2009-10-07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV:64bit: - [2009-07-14 03:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc) SRV:64bit: - [2009-07-14 03:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc) SRV:64bit: - [2009-07-14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:64bit: - [2009-07-14 03:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power) SRV:64bit: - [2009-07-14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:64bit: - [2009-07-14 03:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify) SRV:64bit: - [2009-07-14 03:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc) SRV:64bit: - [2009-07-14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc) SRV:64bit: - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc) SRV:64bit: - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc) SRV:64bit: - [2009-07-14 03:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider) SRV:64bit: - [2009-07-14 03:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper) SRV:64bit: - [2009-07-14 03:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg) SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009-07-14 03:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener) SRV:64bit: - [2009-07-14 03:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:64bit: - [2009-07-14 03:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV:64bit: - [2009-07-14 03:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc) SRV:64bit: - [2009-07-14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:64bit: - [2009-07-14 03:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv) SRV:64bit: - [2009-07-14 03:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC) SRV:64bit: - [2009-07-14 03:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV) SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009-07-14 03:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc) SRV:64bit: - [2009-07-14 03:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:64bit: - [2009-07-14 03:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc) SRV:64bit: - [2009-07-14 03:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax) SRV - [2010-05-23 00:23:48 | 001,314,704 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2009-12-04 09:56:24 | 000,139,952 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt) SRV - [2009-11-20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009-09-30 13:59:12 | 000,828,928 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ntpd.exe -- (NTP) SRV - [2009-07-26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- F:\GRY\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009-07-14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS) SRV - [2009-07-14 05:20:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009-07-14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV - [2009-07-13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009-06-10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2008-07-11 20:00:06 | 000,080,392 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service) SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010-05-06 22:39:27 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2010-05-06 22:39:06 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2010-05-06 22:34:30 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2010-05-06 22:34:14 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2010-05-06 22:33:50 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2010-03-30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133) DRV:64bit: - [2010-03-30 21:04:49 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE) DRV:64bit: - [2010-03-30 20:59:23 | 000,063,536 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs) DRV:64bit: - [2010-02-01 15:29:01 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2010-01-17 16:14:12 | 000,867,824 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009-12-11 12:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg) DRV:64bit: - [2009-10-07 09:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 200(UVC) DRV:64bit: - [2009-10-07 09:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2009-10-07 09:45:38 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64) DRV:64bit: - [2009-10-07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2009-10-07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009-09-26 08:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol) DRV:64bit: - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy) DRV:64bit: - [2009-07-14 03:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends) DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009-07-14 03:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount) DRV:64bit: - [2009-07-14 03:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp) DRV:64bit: - [2009-07-14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus) DRV:64bit: - [2009-07-14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt) DRV:64bit: - [2009-07-14 03:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot) DRV:64bit: - [2009-07-14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-07-14 03:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost) DRV:64bit: - [2009-07-14 03:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw) DRV:64bit: - [2009-07-14 03:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG) DRV:64bit: - [2009-07-14 02:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus) DRV:64bit: - [2009-07-14 02:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP) DRV:64bit: - [2009-07-14 02:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV:64bit: - [2009-07-14 02:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf) DRV:64bit: - [2009-07-14 02:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap) DRV:64bit: - [2009-07-14 02:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus) DRV:64bit: - [2009-07-14 02:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci) DRV:64bit: - [2009-07-14 02:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService) DRV:64bit: - [2009-07-14 02:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) Urządzenie wideo USB (WDM) DRV:64bit: - [2009-07-14 02:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass) DRV:64bit: - [2009-07-14 02:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM) DRV:64bit: - [2009-07-14 02:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb) DRV:64bit: - [2009-07-14 02:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf) DRV:64bit: - [2009-07-14 02:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf) DRV:64bit: - [2009-07-14 02:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig) DRV:64bit: - [2009-07-14 02:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus) DRV:64bit: - [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep) DRV:64bit: - [2009-07-14 01:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID) DRV:64bit: - [2009-07-14 01:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter) DRV:64bit: - [2009-07-14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap) DRV:64bit: - [2009-07-14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID) DRV:64bit: - [2009-07-14 01:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache) DRV:64bit: - [2009-07-14 01:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt) DRV:64bit: - [2009-07-14 01:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt) DRV:64bit: - [2009-07-14 01:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi) DRV:64bit: - [2009-07-14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC) DRV:64bit: - [2009-07-14 01:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM) DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009-03-02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2008-06-06 16:35:46 | 000,055,440 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter) DRV - [2010-05-25 23:42:14 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010-01-17 12:57:49 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009-07-14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb) DRV - [2009-07-14 03:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS) DRV - [2009-06-10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2009-06-10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2264206899-3994682373-1461917315-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = wyborcza.pl/0,0.html?p=027 IE - HKU\S-1-5-21-2264206899-3994682373-1461917315-1000\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.) IE - HKU\S-1-5-21-2264206899-3994682373-1461917315-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.4 FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox3.6\components [2010-04-22 20:46:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox3.6\plugins [2010-04-22 20:46:42 | 000,000,000 | ---D | M] [2010-01-17 14:03:47 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\mozilla\Extensions [2010-05-25 18:28:49 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\mozilla\Firefox\Profiles\upfv18ks.default\extensions [2010-05-01 07:04:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ernie\AppData\Roaming\mozilla\Firefox\Profiles\upfv18ks.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010-02-23 17:51:55 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Ernie\AppData\Roaming\mozilla\Firefox\Profiles\upfv18ks.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2010-05-01 07:04:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ernie\AppData\Roaming\mozilla\Firefox\Profiles\upfv18ks.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-05-01 07:04:58 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Ernie\AppData\Roaming\mozilla\Firefox\Profiles\upfv18ks.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010-05-01 07:04:59 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\mozilla\Firefox\Profiles\upfv18ks.default\extensions\anttoolbar@ant.com [2010-02-23 17:51:55 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\mozilla\Firefox\Profiles\upfv18ks.default\extensions\noia2_option@kk.noia [2010-01-24 10:25:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2264206899-3994682373-1461917315-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-2264206899-3994682373-1461917315-1000..\Run: [hf2009] C:\Program Files\Hide Folders 2009\hf.exe (FSPro Labs) O4 - HKU\S-1-5-21-2264206899-3994682373-1461917315-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKLM..\RunOnce: [RealtekHDAUpgrade] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - Startup: C:\Users\Ernie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk = C:\Program Files (x86)\BinarySense\HDDlife\HDDlifePro.exe (BinarySense, Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 188.121.0.1 188.121.0.2 O18:64bit: - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-05-23 19:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2010-05-23 19:11:51 | 000,000,000 | ---D | C] -- C:\Users\Ernie\AppData\Local\Google [2010-05-20 13:49:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010-05-20 13:49:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2010-04-28 11:07:34 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys [2010-04-28 11:07:32 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2010-04-28 11:07:32 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010-05-26 01:29:12 | 002,097,152 | -HS- | M] () -- C:\Users\Ernie\NTUSER.DAT [2010-05-26 01:17:02 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010-05-26 00:55:26 | 000,000,140 | -H-- | M] () -- C:\aaw7boot.cmd [2010-05-26 00:42:15 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll [2010-05-25 23:47:19 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010-05-25 23:47:19 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2010-05-25 23:47:19 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010-05-25 23:47:19 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2010-05-25 23:47:19 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010-05-25 23:42:14 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2010-05-25 23:41:59 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010-05-25 23:40:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-05-25 23:40:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-05-25 23:40:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2010-05-25 23:40:47 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010-05-25 22:56:56 | 000,002,432 | ---- | M] () -- C:\Users\Ernie\AppData\Local\Tempsj1092.html [2010-05-25 22:56:56 | 000,002,089 | ---- | M] () -- C:\Users\Ernie\AppData\Local\TempFY1092.html [2010-05-25 21:09:36 | 019,233,196 | -H-- | M] () -- C:\Users\Ernie\AppData\Local\IconCache.db [2010-05-25 01:09:50 | 000,022,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010-05-25 01:09:50 | 000,022,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010-05-25 01:04:18 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll [2010-05-25 01:04:18 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll [2010-05-25 01:04:17 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll [2010-05-25 01:04:13 | 001,008,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll [2010-05-24 23:07:08 | 000,000,009 | ---- | M] () -- C:\7Loader.TAG [2010-05-23 20:46:52 | 000,001,200 | ---- | M] () -- C:\Users\Ernie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk [2010-05-23 17:15:46 | 000,014,336 | ---- | M] () -- C:\Users\Ernie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-05-21 14:47:58 | 000,002,432 | ---- | M] () -- C:\Users\Ernie\AppData\Local\TempwH3284.html [2010-05-21 14:47:58 | 000,002,089 | ---- | M] () -- C:\Users\Ernie\AppData\Local\Tempek3284.html [2010-05-07 08:12:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2010-05-06 22:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe [2010-05-06 22:39:27 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2010-05-06 22:39:06 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2010-05-06 22:34:30 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2010-05-06 22:34:14 | 000,063,568 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2010-05-06 22:33:50 | 000,022,096 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2010-05-05 20:28:57 | 000,002,432 | ---- | M] () -- C:\Users\Ernie\AppData\Local\TempDu2536.html [2010-05-05 20:28:57 | 000,002,089 | ---- | M] () -- C:\Users\Ernie\AppData\Local\TempHR2536.html [2010-04-28 23:38:09 | 000,002,432 | ---- | M] () -- C:\Users\Ernie\AppData\Local\TempMD3688.html [2010-04-28 23:38:09 | 000,002,089 | ---- | M] () -- C:\Users\Ernie\AppData\Local\TempRw3688.html [2010-04-27 18:11:41 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe [2010-04-26 14:53:50 | 000,002,432 | ---- | M] () -- C:\Users\Ernie\AppData\Local\Tempxq3704.html [2010-04-26 14:53:50 | 000,002,089 | ---- | M] () -- C:\Users\Ernie\AppData\Local\TempPS3704.html [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010-05-26 00:45:07 | 000,000,140 | -H-- | C] () -- C:\aaw7boot.cmd [2010-05-25 22:56:33 | 000,002,432 | ---- | C] () -- C:\Users\Ernie\AppData\Local\Tempsj1092.html [2010-05-25 22:56:33 | 000,002,089 | ---- | C] () -- C:\Users\Ernie\AppData\Local\TempFY1092.html [2010-05-23 19:12:09 | 000,001,046 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010-05-23 19:12:08 | 000,001,042 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010-05-21 14:46:33 | 000,002,432 | ---- | C] () -- C:\Users\Ernie\AppData\Local\TempwH3284.html [2010-05-21 14:46:33 | 000,002,089 | ---- | C] () -- C:\Users\Ernie\AppData\Local\Tempek3284.html [2010-05-05 20:27:48 | 000,002,432 | ---- | C] () -- C:\Users\Ernie\AppData\Local\TempDu2536.html [2010-05-05 20:27:48 | 000,002,089 | ---- | C] () -- C:\Users\Ernie\AppData\Local\TempHR2536.html [2010-04-28 23:37:48 | 000,002,432 | ---- | C] () -- C:\Users\Ernie\AppData\Local\TempMD3688.html [2010-04-28 23:37:48 | 000,002,089 | ---- | C] () -- C:\Users\Ernie\AppData\Local\TempRw3688.html [2010-04-26 14:53:31 | 000,002,432 | ---- | C] () -- C:\Users\Ernie\AppData\Local\Tempxq3704.html [2010-04-26 14:53:31 | 000,002,089 | ---- | C] () -- C:\Users\Ernie\AppData\Local\TempPS3704.html [2010-01-23 13:32:14 | 000,165,888 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2010-01-21 10:20:02 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI [2010-01-20 17:00:56 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010-01-17 13:39:20 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2007-11-26 22:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2002-03-21 15:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\UNACEV2.DLL ========== LOP Check ========== [2010-03-11 18:38:40 | 000,000,000 | -HSD | M] -- C:\Users\Ernie\AppData\Roaming\.# [2010-01-17 18:47:04 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\ACD Systems [2010-04-28 17:57:23 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\BESTplayer [2010-01-17 16:19:25 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\BinarySense [2010-04-04 16:35:48 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\EurekaLog [2010-01-17 15:40:44 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\Gadu-Gadu [2010-03-22 14:38:46 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\Gadu-Gadu 10 [2010-04-04 16:25:53 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\gtk-2.0 [2010-01-17 13:10:05 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\Leadertech [2010-03-22 11:16:41 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\Mikrotik [2010-03-09 09:36:36 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\Nowe Gadu-Gadu [2010-01-21 11:05:55 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\Opera [2010-01-28 16:48:53 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\Sports Interactive [2010-02-16 16:47:12 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\The Creative Assembly [2010-04-26 14:54:17 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\Tlen.pl [2010-03-07 17:55:14 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\Tropico 3 [2010-04-22 16:11:46 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\Ubisoft [2010-05-26 01:35:29 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\uTorrent [2010-04-10 12:34:43 | 000,000,000 | ---D | M] -- C:\Users\Ernie\AppData\Roaming\{EE39828C-2A06-4F25-B087-B0BC4CB965DC} [2010-05-22 15:06:45 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Maj 26, 2010 Zgłoś Share Napisano Maj 26, 2010 Nie widzę, żeby coś takiego jak cain działało w systemie. Link do komentarza Udostępnij na innych stronach More sharing options...
politan Napisano Maj 26, 2010 Zgłoś Share Napisano Maj 26, 2010 Zainstalowany Cain w systemie nic ci nie zrobi praktycznie. Raczej to ty możesz zrobić komuś coś mając go. To jest program głównie do śledzenia pakietów (taki odpowiednik powiedzmy tcpdump). Sam ci nic nie zrobi. Link do komentarza Udostępnij na innych stronach More sharing options...
