Problem z działaniem pendrive

Post15 cze 2011, 23:46

Mam pendrive pqi 4GB Cool Drive U339. Mój OS: Windows XP SP3.

Zawartość pendrive: Dostępne tylko dla zarejestrowanych użytkowników
Potrzebuję go sformatować lub skasować plik tekstowy (o nazwie SPRAWOZDANIE.doc) który na nim jest. Jest to niestety niemożliwe.
Dodam, że pendrive ma przełącznik blokujący zapis. Próbowałam w obu pozycjach przeprowadzać formatowanie, ogólnie ustawiony jest na odblokowanie zapisywania.
Próbowałam sobie poradzić już na różne sposoby:
1. Standardowe formatowanie PPM -> Formatuj
Formatuje prawie do końca, potem wyświetla komunikat: System Windows nie był w stanie dokończyć formatowania.
Próbowałam tutaj zaznaczać różne opcje, szybkie formatowanie, zmiana systemu plików, ten sam skutek.
2. Próbowałam ręcznie usuwać pliki, wtedy komunikat:
Błąd usuwania pliku lub folderu
Nie można usunąć SPRAWOZDANIE:Nie można odnaleźć określonego pliku. Sprawdź, czy ścieżka i nazwa są określone poprawnie.
Plik (o dziwo) jednak potem znika. Po odłączeniu i ponownym podłączeniu pendriva plik wraca na swoje miejsce.
3. Próbowałam zmieniać zawartość pliku tekstowego, zmieniać atrybuty (np. na niewidoczny etc). Komunikaty:
a) Program Word nie może zapisać lub utworzyć pliku. Upewnij się, że dysk, na którym chcesz zapisać plik, nie jest zapełniony, zabezpieczony przed zapisem lub uszkodzony.
b) Wystąpił błąd podczas stosowania atrybutów do pliku: F:\SPRAWOZDANIE.doc Nie można wykonać żądania z powodu błędu urządzenia We/Wy.
4. Próbowałam formatować przez wiersz poleceń Start -> Uruchom -> cmd -> format f: Komunikat:
Nieprawidłowy nośnik lub uszkodzona ścieżka 0 - dysku nie można użyć.
5. Próbowałam formatować też na XP SP2 oraz linuxie (wersji nie pamiętam) również bez powodzenia.
6. Próbowałam formatować narzędziem HPUSBDisk.exe, komunikat:
Device media is write-protected.
Próbowałam też różnymi narzędziami tego typu, również (podobno) dedykowanymi dla tego typu pendrive, np. UrescueV1.0.0.21.exe - skutek: Wystąpił problem z aplikacją Urescue.exe i zostanie ona zamknięta.....
7. Próbowałam innych portów USB, formatowania w trybie awaryjnym - też bez skutków.
8. Korzystałam z porady znalezionej na jakimś forum - zgodnie z filmikiem Dostępne tylko dla zarejestrowanych użytkowników użyłam klucza StorageDevicePolicies, jednak dane wartości zmieniłam na 0 (w celu zdjęcia ochrony przed zapisem).
9. Korzystałam z konta administratora, sprawdzałam czy udostępnianie (PPM -> Właściwości -> Udostępnianie) nie jest zablokowane - wszystko wydaje się ok.

10. Wpadłam na to, że EXPLORER.EXE może zawierać wirusa, zainstalowałam Kaspersky'ego, komputer zaczął krzyczeć następująco:
Dostępne tylko dla zarejestrowanych użytkowników
oraz
Dostępne tylko dla zarejestrowanych użytkowników
Próby usunięcia, oczywiście, bez szans.
Próbowałam też mksvirem online, nie chce usunąć trojana.

Robiłam na pewno coś jeszcze, ale szczerze mówiąc, nie pamiętam już co.

Zależy mi wyłącznie na tym, żeby skasować plik SPRAWOZDANIE.doc, całkowity format nie jest mi potrzebny. Miło byłoby ożywić pendrive, ale nie jest to konieczne, o ile plik skasować się da.

Będę wdzięczna za cokolwiek...

Strona WWW · Post16 cze 2011, 00:03

Z podłączonymi urządzeniami przenośnymi, pendrivami itp pokaż log z USBFixa z opcji DELETION:
http://www.hotfix.pl/uzytkowanie-progra ... x-a310.htm
Następnie zaprezentuj logi z OTL według instrukcji:
http://www.hotfix.pl/obsluga-programu-otl-a143.htm
Próbowałaś usunąć plik programem unlocker?
http://www.hotfix.pl/infusions/pro_down ... r-p378.htm

Post16 cze 2011, 00:14

Unlocker skasował bez problemu plik .doc oraz plik .exe. Po wypięciu i ponownym wpięciu pliki znów się pojawiły.

USBfix:
przy 48% i 100% pokazał:
Dostępne tylko dla zarejestrowanych użytkowników
Stanął na 100% po naciśnięciu OK.
Druga próba - ten sam komunikat trzy razy po osiągnięciu 100% i zawisł i tak sobie wisi nadal. (Program nie odpowiada.)

Strona WWW · Post16 cze 2011, 00:19

USBFixa użyłaś z opcji DELETION??? jeśli tak to sprawdz czy tak samo będzie jak użyjesz opcji LISTING.
Możesz jeszcze spróbować uruchomić flash disinfector :
http://www.hotfix.pl/infusions/pro_down ... r-p165.htm
Pokaż jeszcze logi z OTL tak jak pisałem wyżej.

Post16 cze 2011, 00:35

Tak, użyłam opcji DELETION. Skanowanie, czy jak to nazwać, trwa około 3-5 minut i zawiesza się potem.

Z opcji LISTING dostaję:

Kod: Zaznacz cały

############################## | UsbFix 7.048 | [Listing]

User: Efa (Administrator) # LENOVO-079CDA3F [ ]
Updated 11/06/2011 by TeamXscript
Started at 00:25:50 | 16/06/2011
Website: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel(R) Core(TM) Duo CPU T2300 @ 1.66GHz
CPU 2: Intel(R) Core(TM) Duo CPU T2300 @ 1.66GHz
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 3
Internet Explorer 7.0.5730.11

Windows Firewall: Enabled
Antivirus: Kaspersky Anti-Virus 12.0.0.374 [(!) Disabled | Updated]
RAM -> 1014 Mb 
C:\ (%systemdrive%) -> Fixed drive # 70 Gb (9 Mb free - 12%) [Preload] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [] # FAT32

################## | Listing |

[02/03/2006 - 06:00:48 | N | 0]    C:\AUTOEXEC.BAT
[16/06/2011 - 00:21:24 | RASHD ]    C:\Autorun.inf
[10/02/2011 - 21:22:08 | N | 211]    C:\boot.ini
[04/08/2004 - 23:00:00 | N | 4952]    C:\bootfont.bin
[15/06/2011 - 22:18:15 | D ]    C:\Config.Msi
[02/03/2006 - 06:00:48 | N | 0]    C:\CONFIG.SYS
[10/11/2010 - 16:46:08 | D ]    C:\Documents and Settings
[11/11/2010 - 00:10:44 | D ]    C:\drivers
[10/11/2010 - 16:28:34 | N | 1932]    C:\drivez.log
[11/11/2010 - 12:42:58 | D ]    C:\EFA
[14/05/2011 - 21:44:31 | D ]    C:\Games
[15/06/2011 - 22:18:16 | ASH | 1063768064]    C:\hiberfil.sys
[10/11/2010 - 16:47:18 | D ]    C:\I386
[10/11/2010 - 16:31:38 | N | 3874354]    C:\install.log
[02/03/2006 - 06:00:48 | N | 0]    C:\IO.SYS
[10/05/2011 - 17:52:36 | N | 368]    C:\m.txt
[15/06/2011 - 10:52:22 | N | 75320]    C:\mksbasel.cpp.log
[02/03/2006 - 06:00:48 | N | 0]    C:\MSDOS.SYS
[16/11/2010 - 14:40:05 | RHD ]    C:\MSOCache
[04/08/2004 - 14:00:00 | N | 47564]    C:\NTDETECT.COM
[14/11/2010 - 11:24:25 | N | 251152]    C:\NTLDR
[15/06/2011 - 22:18:15 | ASH | 1598029824]    C:\pagefile.sys
[15/06/2011 - 23:52:00 | D ]    C:\Program Files
[16/06/2011 - 00:20:31 | SHD ]    C:\RECYCLER
[10/11/2010 - 17:03:54 | D ]    C:\SUPPORT
[15/06/2011 - 13:16:23 | D ]    C:\SWSHARE
[10/11/2010 - 16:46:15 | D ]    C:\SWTOOLS
[11/11/2010 - 00:10:42 | N | 93]    C:\syslevel.lgl
[15/06/2011 - 11:37:53 | SHD ]    C:\System Volume Information
[11/01/2011 - 15:28:27 | D ]    C:\Temp
[16/06/2011 - 00:20:31 | D ]    C:\UsbFix
[16/06/2011 - 00:25:48 | A | 2343]    C:\UsbFix.txt
[15/06/2011 - 23:59:33 | D ]    C:\UsbFix_Upload_Me
[10/11/2010 - 17:04:31 | D ]    C:\VALUEADD
[15/06/2011 - 23:23:41 | D ]    C:\WINDOWS
[30/05/2011 - 10:35:34 | N | 62976]    F:\SPRAWOZDANIE.doc
[30/05/2011 - 10:38:42 | N | 28672]    F:\Ocena dorobku zawodowego.doc
[30/05/2011 - 12:13:56 | N | 64512]    F:\~WRD0002.tmp
[21/09/2010 - 10:14:14 | N | 110]    F:\.~lock.grafik ptp.odt#

################## | E.O.F |

Extras:

Kod: Zaznacz cały

OTL Extras logfile created on: 2011-06-16 00:27:28 - Run 1
OTL by OldTimer - Version 3.2.24.0     Folder = C:\EFA\Downloads
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1014,42 Mb Total Physical Memory | 525,11 Mb Available Physical Memory | 51,76% Memory free
2,38 Gb Paging File | 2,06 Gb Available in Paging File | 86,65% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70,22 Gb Total Space | 8,57 Gb Free Space | 12,20% Space Free | Partition Type: NTFS
Drive F: | 3,76 Gb Total Space | 3,76 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: LENOVO-079CDA3F | User Name: Efa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-3709545403-2002330088-3204055122-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\EFA\Downloads\PDFConverterSetup.exe" = C:\EFA\Downloads\PDFConverterSetup.exe:*:Enabled:InstallCore?
"C:\Program Files\Miranda IM\miranda32.exe" = C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5AF71003-1797-4D93-9F37-4F2125CBF539}" = Microsoft .NET Framework 2.0 Language Pack - PLK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72005434-30E9-49D9-A5E4-D1AE5D34DB71}" = Windows Live Toolbar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype? 5.0
"{E76CDDCE-EFC0-4FE5-9972-9489CE49AA55}_is1" = NeoDownloader 2.6.3 (for GiveawayOfTheDay.com)
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD071DBA-2994-4350-93BB-EC245D0D3C74}_is1" = iResizer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALLPlayer_is1" = ALLPlayer V4.X
"Angielski z SuperMemo UX - poziom zaawan." = Angielski z SuperMemo UX - poziom zaawan.
"Atlantis Quest_is1" = Atlantis Quest
"Brickshooter Egypt_is1" = Brickshooter Egypt
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"DC++" = DC++ 0.699
"Dziobas Rar Player_is1" = Dziobas Rar Player 0.009.51
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fishdom_is1" = Fishdom
"FoxTab PDF Converter" = FoxTab PDF Converter
"Gadu-Gadu" = Gadu-Gadu 6.1
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Inca Ball_is1" = Inca Ball
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"ipla" = ipla 2.2.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Full)
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - PLK" = Microsoft .NET Framework 2.0 ? pakiet języka polskiego
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.9.23
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Oprogramowanie Intel(R) PROSet/Wireless
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"RealAlt_is1" = Real Alternative 2.0.2
"RichMan Games - Monopoly of New York GOTD Edition_is1" = RichMan Games Ver:1.4.388 GOTD Edition
"SkanerOnline" = Skaner on-line mks_vir
"SopCast" = SopCast 3.3.2
"StepMania" = StepMania (remove only)
"SuperMemo UX - Angielski. No problem!+ 2" = SuperMemo UX - Angielski. No problem!+ 2
"SuperMemo UX - Angielski. No problem!+ 3" = SuperMemo UX - Angielski. No problem!+ 3
"SystemTL+" = SystemTL+
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TrackPoint" = ThinkPad TrackPoint Driver
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"Unlocker" = Unlocker 1.9.1
"Usbfix" = UsbFix By TeamXscript
"vShare" = vShare Plugin
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Archiwizator WinRAR
"WMCSetup" = Windows Media Connect
"Yahoo! Messenger" = Yahoo! Messenger
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-3709545403-2002330088-3204055122-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

OTL:

Kod: Zaznacz cały

OTL logfile created on: 2011-06-16 00:27:28 - Run 1
OTL by OldTimer - Version 3.2.24.0     Folder = C:\EFA\Downloads
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1014,42 Mb Total Physical Memory | 525,11 Mb Available Physical Memory | 51,76% Memory free
2,38 Gb Paging File | 2,06 Gb Available in Paging File | 86,65% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70,22 Gb Total Space | 8,57 Gb Free Space | 12,20% Space Free | Partition Type: NTFS
Drive F: | 3,76 Gb Total Space | 3,76 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: LENOVO-079CDA3F | User Name: Efa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011-06-16 00:26:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\EFA\Downloads\OTL.exe
PRC - [2011-06-06 07:28:58 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Efa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
PRC - [2011-04-24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011-06-16 00:26:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\EFA\Downloads\OTL.exe
MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2011-06-15 10:55:34 | 000,045,056 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2011-04-24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2005-10-06 19:46:38 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005-06-06 22:26:22 | 000,032,768 | -H-- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011-06-15 10:55:32 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011-03-10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011-03-04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011-03-04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010-11-11 12:24:00 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-11-02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2006-08-02 02:27:48 | 000,012,544 | -H-- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006-05-25 18:13:00 | 000,004,442 | -H-- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006-03-09 10:20:10 | 000,152,064 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003-07-11 15:22:08 | 000,014,912 | ---- | M] (IBM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2001-10-26 18:00:44 | 000,322,432 | -H-- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3709545403-2002330088-3204055122-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-3709545403-2002330088-3204055122-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2011-06-15 10:56:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-04 14:41:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-04 14:41:31 | 000,000,000 | ---D | M]
 
[2010-12-09 18:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Efa\Dane aplikacji\Mozilla\Extensions
[2011-06-12 02:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Efa\Dane aplikacji\Mozilla\Firefox\Profiles\jt2ww418.default\extensions
[2010-12-10 18:58:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Efa\Dane aplikacji\Mozilla\Firefox\Profiles\jt2ww418.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-12-09 18:42:31 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Efa\Dane aplikacji\Mozilla\Firefox\Profiles\jt2ww418.default\extensions\vshare@toolbar
[2010-12-09 18:42:43 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Efa\Dane aplikacji\Mozilla\Firefox\Profiles\jt2ww418.default\searchplugins\web-search.xml
[2011-06-15 23:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-01-27 00:08:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011-03-16 10:11:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-06-10 11:35:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011-06-15 10:57:37 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011-06-15 23:52:06 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2010-12-02 21:08:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-05-04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011-03-20 11:06:31 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2011-03-20 11:06:31 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2011-03-20 11:06:31 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2011-03-20 11:06:31 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2011-03-20 11:06:31 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2011-03-20 11:06:31 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2004-08-04 23:00:00 | 000,000,742 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3709545403-2002330088-3204055122-1005\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-3709545403-2002330088-3204055122-1005\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-3709545403-2002330088-3204055122-1005..\Run: [EDesksoft Auto Update] C:\Program Files\EDesksoft\Update\EDesksoftUpdate.exe (EDesksoft Inc)
O4 - HKU\S-1-5-21-3709545403-2002330088-3204055122-1005..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (sms-express.com)
O4 - HKLM..\RunOnce: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3709545403-2002330088-3204055122-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3709545403-2002330088-3204055122-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.220.1 192.168.1.1
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3709545403-2002330088-3204055122-1005 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Efa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Efa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-03-02 06:00:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011-06-16 00:21:24 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011-06-16 00:21:24 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2011-06-15 23:59:33 | 000,000,000 | ---D | C] -- C:\UsbFix_Upload_Me
[2011-06-15 23:54:47 | 000,000,000 | ---D | C] -- C:\UsbFix
[2011-06-15 23:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Efa\Dane aplikacji\QuickStoresToolbar
[2011-06-15 23:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Efa\Menu Start\Programy\Unlocker
[2011-06-15 23:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011-06-15 17:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Efa\Pulpit\do druku władek
[2011-06-15 11:47:29 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011-06-15 10:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Kaspersky Anti-Virus 2012
[2011-06-15 10:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011-06-15 10:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
[2011-06-15 10:55:32 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011-06-13 07:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Efa\Menu Start\Programy\Miranda IM
[2011-06-12 13:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2011-06-12 12:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\RichMan Games
[2011-06-12 12:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\EDesksoft
[2011-06-12 12:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\RichMan
[2011-06-10 11:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011-06-10 11:35:16 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011-06-10 11:35:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011-06-10 11:35:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011-06-10 00:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Efa\Moje dokumenty\My Received Files
[2011-05-25 18:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Passware
[2011-05-24 21:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Efa\Dane aplikacji\Miranda
[2011-05-24 21:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\Miranda IM
[2011-05-21 07:27:27 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011-06-16 00:33:01 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job
[2011-06-16 00:29:21 | 000,116,224 | ---- | M] () -- C:\Documents and Settings\Efa\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-06-16 00:13:31 | 000,001,124 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3709545403-2002330088-3204055122-1005UA.job
[2011-06-16 00:02:27 | 000,140,789 | ---- | M] () -- C:\Documents and Settings\Efa\Pulpit\usbfix.JPG
[2011-06-15 23:52:06 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\Efa\Pulpit\QuickStores.url
[2011-06-15 23:39:36 | 000,152,398 | ---- | M] () -- C:\Documents and Settings\Efa\Pulpit\2.bmp
[2011-06-15 23:38:40 | 000,556,506 | ---- | M] () -- C:\Documents and Settings\Efa\Pulpit\1.bmp
[2011-06-15 23:35:16 | 000,052,109 | ---- | M] () -- C:\Documents and Settings\Efa\Pulpit\zawartosc.JPG
[2011-06-15 23:23:41 | 000,000,048 | -HS- | M] () -- C:\WINDOWS\KLIF.spi
[2011-06-15 23:04:25 | 000,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011-06-15 22:51:00 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011-06-15 22:18:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-06-15 22:18:16 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2011-06-15 22:18:16 | 000,199,344 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-06-15 22:17:14 | 000,000,394 | ---- | M] () -- C:\Documents and Settings\Efa\Dane aplikacji\Update.cfg
[2011-06-15 22:06:19 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\Skrót do Dysk wymienny (F).lnk
[2011-06-15 21:22:52 | 000,111,044 | ---- | M] () -- C:\Documents and Settings\Efa\Pulpit\bez tytułu.JPG
[2011-06-15 18:13:00 | 000,001,072 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3709545403-2002330088-3204055122-1005Core.job
[2011-06-15 11:38:48 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Efa\Ustawienia lokalne\Dane aplikacji\WebpageIcons.db
[2011-06-15 10:57:45 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011-06-15 10:55:34 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2011-06-15 10:55:32 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011-06-12 11:47:00 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011-06-09 09:51:27 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011-06-08 22:52:16 | 000,002,278 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011-06-16 00:02:27 | 000,140,789 | ---- | C] () -- C:\Documents and Settings\Efa\Pulpit\usbfix.JPG
[2011-06-15 23:52:06 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Efa\Pulpit\QuickStores.url
[2011-06-15 23:35:15 | 000,052,109 | ---- | C] () -- C:\Documents and Settings\Efa\Pulpit\zawartosc.JPG
[2011-06-15 23:23:41 | 000,000,048 | -HS- | C] () -- C:\WINDOWS\KLIF.spi
[2011-06-15 23:06:45 | 000,152,398 | ---- | C] () -- C:\Documents and Settings\Efa\Pulpit\2.bmp
[2011-06-15 23:06:34 | 000,556,506 | ---- | C] () -- C:\Documents and Settings\Efa\Pulpit\1.bmp
[2011-06-15 22:06:19 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\Skrót do Dysk wymienny (F).lnk
[2011-06-15 21:22:52 | 000,111,044 | ---- | C] () -- C:\Documents and Settings\Efa\Pulpit\bez tytułu.JPG
[2011-06-15 11:38:44 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Efa\Ustawienia lokalne\Dane aplikacji\WebpageIcons.db
[2011-06-15 11:37:23 | 1063,768,064 | -HS- | C] () -- C:\hiberfil.sys
[2011-06-15 10:57:45 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011-06-15 10:57:45 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011-06-15 10:55:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2011-06-13 01:09:50 | 000,000,394 | ---- | C] () -- C:\Documents and Settings\Efa\Dane aplikacji\Update.cfg
[2011-04-16 22:55:56 | 000,000,114 | ---- | C] () -- C:\WINDOWS\.ini
[2011-04-13 19:11:31 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011-03-11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2011-02-10 21:30:10 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-01-11 20:09:51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-12-09 18:41:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-11-12 22:31:36 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-11-11 12:45:28 | 000,122,884 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2010-11-11 08:30:23 | 000,000,227 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\tvt_userinfo.ini
[2010-11-11 00:10:38 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\tp4unins.exe
[2010-11-11 00:10:38 | 000,005,788 | -H-- | C] () -- C:\WINDOWS\System32\tp4table.dat
[2010-11-11 00:10:35 | 000,073,782 | -H-- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[2010-11-10 21:41:03 | 000,116,224 | ---- | C] () -- C:\Documents and Settings\Efa\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-11-10 19:42:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-11-10 19:42:47 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-11-10 19:42:46 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-11-10 17:55:56 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-11-10 17:53:02 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-11-10 17:53:02 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2010-11-10 17:49:37 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2010-11-10 17:04:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\vpc32.INI
[2010-11-10 17:04:35 | 000,004,293 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-11-10 17:04:35 | 000,002,035 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010-11-10 17:04:26 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010-11-10 17:04:26 | 000,458,260 | -H-- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2010-11-10 17:04:26 | 000,401,398 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010-11-10 17:04:26 | 000,313,828 | -H-- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2010-11-10 17:04:26 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010-11-10 17:04:26 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010-11-10 17:04:26 | 000,199,344 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-11-10 17:04:26 | 000,079,606 | -H-- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2010-11-10 17:04:26 | 000,062,678 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010-11-10 17:04:26 | 000,034,990 | -H-- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2010-11-10 17:04:26 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010-11-10 17:04:26 | 000,021,856 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-11-10 17:04:26 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010-11-10 17:04:26 | 000,004,547 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010-11-10 17:04:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-11-10 17:04:26 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2010-11-10 17:04:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010-11-10 17:03:59 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2010-11-10 17:03:59 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2010-11-10 16:46:09 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Efa\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2010-11-10 16:41:24 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2010-11-10 16:30:52 | 000,000,040 | -H-- | C] () -- C:\WINDOWS\System32\profile.dat
[2010-11-10 16:29:06 | 000,000,156 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2010-11-10 16:22:03 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2010-11-10 16:20:30 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2010-11-10 16:20:21 | 000,016,384 | -H-- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010-11-10 16:20:21 | 000,004,442 | -H-- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010-11-10 16:16:29 | 000,000,138 | -H-- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2010-11-10 16:11:43 | 000,122,880 | -H-- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[2006-08-03 03:27:54 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006-08-03 03:27:52 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\notifyf2.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010-11-11 11:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Lenovo
[2010-11-10 16:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\ThinkVantage
[2011-06-15 11:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
[2010-11-11 12:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2011-06-15 13:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DassaultSystemes
[2011-04-14 17:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2010-11-11 11:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Lenovo
[2010-12-07 21:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Playrix Entertainment
[2010-12-05 20:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RVLGames
[2010-11-17 09:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Teorex
[2010-11-11 11:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Lenovo
[2010-11-10 16:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\ThinkVantage
[2011-03-14 15:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\Autodesk
[2010-11-11 12:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\DAEMON Tools Lite
[2011-01-28 11:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\DassaultSystemes
[2011-05-08 10:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\ElementalsTheMagicKey
[2011-06-15 13:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\GHISLER
[2011-04-29 13:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\ipla
[2010-11-11 11:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\Lenovo
[2011-05-24 21:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\Miranda
[2011-04-14 21:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\NeoDownloader
[2011-05-16 20:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\Playrix Entertainment
[2011-06-15 23:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\QuickStoresToolbar
[2010-11-16 14:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\RDRM
[2010-12-07 11:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\SuperMemo World
[2011-03-12 23:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\TheGreatPharaoh
[2010-11-10 16:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\ThinkVantage
[2011-04-13 19:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\UDC Profiles
[2011-05-15 16:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\Vasilek Games
[2010-11-14 07:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Efa\Dane aplikacji\vShare
[2010-11-10 16:46:36 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2011-06-16 00:33:01 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

Post16 cze 2011, 10:16

witam może to pomoże
jeżeli logika ok to usunie wsio z pendriwe
HDD Low Level Format Tool
Dostępne tylko dla zarejestrowanych użytkowników

otwórz powyższy link poczekaj kilka sekund pobieranie zacznie się automatycznie

Strona WWW · Post16 cze 2011, 12:35

Wklej w białe okienko OTL z podłączonym pendrivem i naciśnij wykonaj skrypt:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-3709545403-2002330088-3204055122-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
[2010-12-09 18:42:31 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Efa\Dane aplikacji\Mozilla\Firefox\Profiles\jt2ww418.default\extensions\vshare@toolbar
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-3709545403-2002330088-3204055122-1005\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\RunOnce: [] File not found

:Files
F:\SPRAWOZDANIE.doc

:Commands
[emptytemp]

Pokaż log z usuwania, dodatkowo wykonaj pełne skanowanie porgramem Malwarebytes usuń co znajdzie i również pokaż raport:
http://www.hotfix.pl/obsluga-programu-m ... re-a55.htm

Post17 cze 2011, 14:57

HDD Low Level Format Tool
Nie dał rady. Najpierw się wieszał, później niby sformatował, pliki nadal są.

OTL
Log: (to chyba ten, bo mi się wszystko pozamykało, łącznie z explorer.exe i ikonami pulpitu)

Kod: Zaznacz cały

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3709545403-2002330088-3204055122-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" removed from keyword.URL
C:\Documents and Settings\Efa\Dane aplikacji\Mozilla\Firefox\Profiles\jt2ww418.default\extensions\vshare@toolbar\modules folder moved successfully.
C:\Documents and Settings\Efa\Dane aplikacji\Mozilla\Firefox\Profiles\jt2ww418.default\extensions\vshare@toolbar\locale\en-US folder moved successfully.
C:\Documents and Settings\Efa\Dane aplikacji\Mozilla\Firefox\Profiles\jt2ww418.default\extensions\vshare@toolbar\locale folder moved successfully.
C:\Documents and Settings\Efa\Dane aplikacji\Mozilla\Firefox\Profiles\jt2ww418.default\extensions\vshare@toolbar\components folder moved successfully.
C:\Documents and Settings\Efa\Dane aplikacji\Mozilla\Firefox\Profiles\jt2ww418.default\extensions\vshare@toolbar\chrome folder moved successfully.
C:\Documents and Settings\Efa\Dane aplikacji\Mozilla\Firefox\Profiles\jt2ww418.default\extensions\vshare@toolbar folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
C:\Program Files\vShare\vshare_toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Program Files\vShare\vshare_toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3709545403-2002330088-3204055122-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Program Files\vShare\vshare_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
========== FILES ==========
F:\SPRAWOZDANIE.doc moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 150619 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Efa
->Temp folder emptied: 70355288 bytes
->Temporary Internet Files folder emptied: 28313546 bytes
->Java cache emptied: 12089958 bytes
->FireFox cache emptied: 94630443 bytes
->Google Chrome cache emptied: 262050340 bytes
->Flash cache emptied: 46594 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 150619 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 64764 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 1017534 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5064251 bytes
RecycleBin emptied: 1149782064 bytes
 
Total Files Cleaned = 1 549,00 mb
 
 
OTL by OldTimer - Version 3.2.24.0 log created on 06172011_111619

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\klsE1BF.tmp not found!

Registry entries deleted on Reboot...

Malwarebytes
Znalazł robaka w explorer.exe, usunął bez problemu.
Raport:

Kod: Zaznacz cały

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Wersja bazy: 6875

Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 7.0.5730.11

2011-06-17 14:52:01
mbam-log-2011-06-17 (14-52-01).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|)
Przeskanowano obiektów: 230772
Upłynęło: 1 godzin(y), 37 minut(y), 35 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 1
Zainfekowanych folderów: 0
Zainfekowanych plików: 1

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
f:\EXPLORER.EXE (Password.Stealer) -> Quarantined and deleted successfully.

Strona WWW · Post17 cze 2011, 15:01

Naciśnij w OTL sprzątanie to go usunie, ale problem mam rozumieć nadal występuje??

Post17 cze 2011, 15:11

System wymagał ponownego uruchomienia.

Przez chwilę na pendrive były 4 pliki - oprócz explorer.exe.

Nadal - system Windows nie był w stanie dokończyć formatowania.

Po tym plik explorer.exe wrócił na pendrive.

Usuwanie pliku SPRAWOZDANIE.doc - to samo (nie można odnaleźć określonego pliku).

"Sprzątanie" w OTL wymaga kolejnego rebootu, nacisnęłam - log nic nie pokazał, uruchomię ponownie później.

Strona WWW · Post17 cze 2011, 15:17

Przeskanuj jeszcze wszytko dr webem:
http://www.hotfix.pl/infusions/pro_down ... --p128.htm

Post18 cze 2011, 10:01

4. Próbowałam formatować przez wiersz poleceń Start -> Uruchom -> cmd -> format f: Komunikat:
Nieprawidłowy nośnik lub uszkodzona ścieżka 0 - dysku nie można użyć.

Spróbuj formatowania z poziomu WinPE z wykorzystaniem narzędzia diskpart.
Instrukcja => Dostępne tylko dla zarejestrowanych użytkowników

Post18 cze 2011, 10:49

witam
poniżej link typowy do tego pendrive
Dostępne tylko dla zarejestrowanych użytkowników

pobierz program chipgenius
i pokaż co on odczytał

Dostępne tylko dla zarejestrowanych użytkowników