Zainfekowany pendrive

**martaa1404** · 08.10.2011, 14:47

Witam mam problem z moim pendrive.

Sprawa wygląda następująco:
Otóż porobiły mi się skróty do moich folderów umieszczonych na pendrive których nie da się otworzyć gdyż pojawia się informacja że nie można znaleźć kqluegx.exe lub kqluegx.scr. Ponadto potworzyły mi się skróty do my videos, my documents i passwords.txt. Chyba nie muszę wspominać że na tym penie znajują się tam pliki bardzo dla mnie ważne.
Zrobiłam skan malwarebytes, znalazł on 4 szkodniki po czym je usunął ale problem nadal jest. Włączyłam opcje pokaż ukryte pliki i foldery po czym na pendrive pokazały się moje wszystkie moje pliki które mogę bez problemu otworzyć.
Zrobiłam również skan OTL ale zupełnie się na tym nie znam, więc gdyby ktoś mógł mnie poinformować co dalej mam robić byłabym bardzo wdzięczna.

Daje logi z OTL:

Kod:

OTL logfile created on: 2011-10-08 14:52:36 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Documents and Settings\Marta\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd
 
1023,49 Mb Total Physical Memory | 372,77 Mb Available Physical Memory | 36,42% Memory free
2,40 Gb Paging File | 1,76 Gb Available in Paging File | 73,41% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,07 Gb Total Space | 0,31 Gb Free Space | 1,62% Space Free | Partition Type: NTFS
Drive D: | 19,07 Gb Total Space | 7,28 Gb Free Space | 38,17% Space Free | Partition Type: NTFS
Drive H: | 3,73 Gb Total Space | 1,19 Gb Free Space | 31,96% Space Free | Partition Type: FAT32
 
Computer Name: DARKEDITION | User Name: Marta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011-10-08 14:51:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marta\My Documents\Downloads\OTL.exe
PRC - [2011-10-01 01:38:03 | 001,030,200 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Marta\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011-04-26 08:57:54 | 008,989,184 | ---- | M] (Creative Team S.A.) -- C:\Program Files\WapSter\WapSter AQQ\AQQ.exe
PRC - [2010-05-06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009-10-14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009-10-14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009-10-07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009-02-24 14:00:00 | 001,641,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-05-01 19:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2006-10-05 15:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe
PRC - [2004-09-19 07:27:46 | 000,065,536 | ---- | M] () -- C:\Program Files\LClock\LClock.exe
PRC - [2001-12-20 03:37:32 | 000,124,416 | R--- | M] (Avance Logic, Inc.) -- C:\WINDOWS\soundman.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011-10-08 11:01:30 | 001,596,416 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11100800\algo.dll
MOD - [2011-10-06 11:55:24 | 000,212,640 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11100800\aswRep.dll
MOD - [2011-10-01 01:38:02 | 000,412,728 | ---- | M] () -- C:\Documents and Settings\Marta\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\ppgooglenaclpluginchrome.dll
MOD - [2011-10-01 01:38:00 | 003,696,184 | ---- | M] () -- C:\Documents and Settings\Marta\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\pdf.dll
MOD - [2011-10-01 01:37:30 | 000,352,824 | ---- | M] () -- C:\Documents and Settings\Marta\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\Locales\pl.dll
MOD - [2011-10-01 01:36:24 | 000,142,568 | ---- | M] () -- C:\Documents and Settings\Marta\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\avutil-51.dll
MOD - [2011-10-01 01:36:23 | 000,253,320 | ---- | M] () -- C:\Documents and Settings\Marta\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\avformat-53.dll
MOD - [2011-10-01 01:36:22 | 002,403,240 | ---- | M] () -- C:\Documents and Settings\Marta\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\avcodec-53.dll
MOD - [2011-09-30 23:07:32 | 006,338,720 | ---- | M] () -- C:\Documents and Settings\Marta\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\gcswf32.dll
MOD - [2011-04-07 12:33:30 | 000,890,368 | ---- | M] () -- C:\Program Files\WapSter\WapSter AQQ\System\Shared\Plugins\GGNet.dll
MOD - [2010-12-22 11:24:48 | 000,574,464 | ---- | M] () -- C:\Program Files\WapSter\WapSter AQQ\System\Shared\Plugins\SMS.dll
MOD - [2010-08-25 11:41:20 | 000,304,640 | ---- | M] () -- C:\Program Files\WapSter\WapSter AQQ\System\Shared\Plugins\Contact.dll
MOD - [2009-10-14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009-10-14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009-02-27 19:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL
MOD - [2009-02-24 14:00:00 | 001,532,416 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009-02-24 14:00:00 | 000,394,240 | ---- | M] () -- C:\WINDOWS\system32\HMTCD.dll
MOD - [2009-02-24 14:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2009-02-24 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008-05-01 19:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008-05-01 19:15:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006-10-05 15:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe
MOD - [2006-08-17 07:35:00 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2004-09-19 07:27:46 | 000,065,536 | ---- | M] () -- C:\Program Files\LClock\LClock.exe
MOD - [2004-09-19 07:27:36 | 000,069,632 | ---- | M] () -- C:\Program Files\LClock\LC.dll
MOD - [2004-09-19 07:27:32 | 000,081,920 | ---- | M] () -- C:\Program Files\LClock\Calendar.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2011-05-03 17:10:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009-10-07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010-05-06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-05-06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-05-06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-05-06 22:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-05-06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-05-06 22:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-10-07 10:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009-10-07 10:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC)
DRV - [2009-10-07 10:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009-10-07 10:46:12 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009-10-07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009-02-24 14:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2009-02-24 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2009-02-24 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008-04-13 19:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001-12-20 03:37:32 | 000,243,164 | R--- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Avance AC97 Audio (WDM)
DRV - [2001-12-19 06:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Program Files\System\CPL Bonus\vcdrom.sys -- (vcdrom)
DRV - [2001-12-13 07:57:00 | 000,003,279 | ---- | M] (VIA Technologies. Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS -- (VIAPFD)
DRV - [2001-10-18 06:00:00 | 000,006,144 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaidexp.sys -- (ViaIde)
DRV - [2001-08-23 21:03:54 | 000,025,434 | ---- | M] (Realtek Semiconductor Corporation                                                ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2001-08-17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKU\S-1-5-21-1844237615-152049171-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1844237615-152049171-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1844237615-152049171-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Marta\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Marta\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
 
 
[2010-12-13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Marta\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Marta\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Marta\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Marta\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Facemoods = C:\Documents and Settings\Marta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0\
CHR - Extension: AT_ScottDraves = C:\Documents and Settings\Marta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lefeecbpfmnmdoajflbekahgnbcjihcc\2_0\
 
O1 HOSTS File: ([2009-02-24 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Avance Logic, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe ()
O4 - HKU\S-1-5-21-1844237615-152049171-839522115-1003..\Run: [AQQ] C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (Creative Team S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1844237615-152049171-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-152049171-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1844237615-152049171-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.4.1 212.87.224.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C806BDA-A7C3-478D-BCAA-DAC55E4412AE}: DhcpNameServer = 192.168.4.1 212.87.224.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Marta\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marta\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-04-30 07:42:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011-10-08 14:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marta\Application Data\Malwarebytes
[2011-10-08 14:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-10-08 14:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-10-08 14:11:42 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-10-07 19:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011-10-06 20:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marta\Desktop\HTML
[2011-09-27 18:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marta\Desktop\obrobione
[2011-09-26 18:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marta\Desktop\kaczka
[2011-09-25 17:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marta\Application Data\Google
[2011-09-23 20:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\kED
[2011-09-19 23:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marta\Desktop\nowee
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011-10-08 14:49:00 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-152049171-839522115-1004UA.job
[2011-10-08 14:33:00 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-152049171-839522115-1003UA.job
[2011-10-08 14:29:56 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011-10-08 14:29:44 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-10-08 14:29:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-10-08 14:29:18 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys
[2011-10-08 14:11:47 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\Marta\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011-10-08 14:11:47 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-10-08 14:08:02 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-10-08 12:56:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011-10-08 12:56:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011-10-07 21:33:04 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-152049171-839522115-1003Core.job
[2011-10-07 19:49:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-152049171-839522115-1004Core.job
[2011-10-07 19:31:14 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011-10-06 20:51:25 | 000,029,328 | ---- | M] () -- C:\Documents and Settings\Marta\.recently-used.xbel
[2011-10-06 19:27:52 | 000,056,417 | ---- | M] () -- C:\Documents and Settings\Marta\Desktop\czerowny button.xcf
[2011-10-04 20:12:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-10-03 17:41:00 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Marta\Desktop\Google Chrome.lnk
[2011-10-03 17:41:00 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Marta\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011-10-02 08:59:37 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011-09-26 17:59:30 | 000,057,763 | ---- | M] () -- C:\WINDOWS\FontData.fdb
[2011-09-26 17:58:13 | 000,021,704 | ---- | M] () -- C:\Documents and Settings\Marta\Desktop\legitymacja IId mk.cdr
[2011-09-25 16:33:30 | 000,752,137 | ---- | M] () -- C:\Documents and Settings\Marta\My Documents\d1ff5dff873af0ab47315da21371093f.png
[2011-09-23 20:56:54 | 000,343,307 | ---- | M] () -- C:\Documents and Settings\Marta\Desktop\eng.png
[2011-09-23 20:48:16 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\Marta\Desktop\angielski.html
[2011-09-23 20:44:00 | 001,219,120 | ---- | M] () -- C:\Documents and Settings\Marta\Desktop\welcome2.xcf
[2011-09-23 20:44:00 | 001,219,120 | ---- | M] () -- C:\Documents and Settings\Marta\Desktop\welcome1.xcf
[2011-09-08 20:28:01 | 001,871,653 | ---- | M] () -- C:\Documents and Settings\Marta\Desktop\Ray Charles - Hit the road, Jack [zapiska.pl].mp3
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011-10-08 14:11:47 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\Marta\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011-10-08 14:11:47 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-10-07 19:31:14 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011-10-06 20:51:25 | 000,029,328 | ---- | C] () -- C:\Documents and Settings\Marta\.recently-used.xbel
[2011-10-06 19:27:52 | 000,056,417 | ---- | C] () -- C:\Documents and Settings\Marta\Desktop\czerowny button.xcf
[2011-09-26 17:59:21 | 000,057,763 | ---- | C] () -- C:\WINDOWS\FontData.fdb
[2011-09-26 17:58:14 | 000,021,704 | ---- | C] () -- C:\Documents and Settings\Marta\Desktop\legitymacja IId mk.cdr
[2011-09-25 17:03:40 | 000,001,034 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-09-25 17:03:39 | 000,001,030 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-09-25 16:33:47 | 000,752,137 | ---- | C] () -- C:\Documents and Settings\Marta\My Documents\d1ff5dff873af0ab47315da21371093f.png
[2011-09-23 21:28:45 | 001,219,120 | ---- | C] () -- C:\Documents and Settings\Marta\Desktop\welcome2.xcf
[2011-09-23 20:56:53 | 000,343,307 | ---- | C] () -- C:\Documents and Settings\Marta\Desktop\eng.png
[2011-09-23 20:48:16 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\Marta\Desktop\angielski.html
[2011-09-23 20:44:00 | 001,219,120 | ---- | C] () -- C:\Documents and Settings\Marta\Desktop\welcome1.xcf
[2011-09-08 20:23:36 | 001,871,653 | ---- | C] () -- C:\Documents and Settings\Marta\Desktop\Ray Charles - Hit the road, Jack [zapiska.pl].mp3
[2011-05-14 09:42:22 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011-05-04 10:00:39 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011-04-30 14:27:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-04-30 14:24:08 | 001,651,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-04-30 13:11:45 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011-04-30 13:11:45 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011-04-30 13:11:45 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011-04-30 13:11:45 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011-04-30 13:11:44 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011-04-30 13:11:44 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011-04-30 13:11:44 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011-04-30 13:11:44 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2011-04-30 13:11:44 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011-04-30 13:11:44 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2011-04-30 13:11:30 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2011-04-30 13:06:53 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2011-04-30 13:06:52 | 000,000,584 | R--- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2011-04-30 13:02:35 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\DeleteFiles.exe
[2011-04-30 13:02:35 | 000,387,584 | ---- | C] () -- C:\WINDOWS\System32\LostRun.exe
[2011-04-30 13:02:35 | 000,381,440 | ---- | C] () -- C:\WINDOWS\System32\Counter.exe
[2011-04-30 13:02:35 | 000,351,232 | ---- | C] () -- C:\WINDOWS\System32\CheckPath.exe
[2011-04-30 13:02:34 | 000,382,464 | ---- | C] () -- C:\WINDOWS\System32\Restart.exe
[2011-04-30 13:02:34 | 000,374,784 | ---- | C] () -- C:\WINDOWS\System32\RunAP.exe
[2011-04-30 13:02:34 | 000,363,008 | ---- | C] () -- C:\WINDOWS\System32\Change.exe
[2011-04-30 07:43:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-04-30 07:42:39 | 000,001,651 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011-04-30 07:37:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009-10-07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009-10-07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009-02-24 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009-02-24 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009-02-24 14:00:00 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2009-02-24 14:00:00 | 000,308,358 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009-02-24 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009-02-24 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009-02-24 14:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2009-02-24 14:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2009-02-24 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009-02-24 14:00:00 | 000,038,740 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009-02-24 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009-02-24 14:00:00 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe
[2009-02-24 14:00:00 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe
[2009-02-24 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009-02-24 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009-02-24 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009-02-24 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2011-05-01 13:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011-05-15 16:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011-05-03 16:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10
[2011-08-13 21:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenFM
[2011-07-30 13:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Application Data\facemoods.com
[2011-05-25 20:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Application Data\Gadu-Gadu 10
[2011-10-02 08:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Application Data\go
[2011-05-26 15:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Application Data\OpenFM
[2011-04-30 20:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marta\Application Data\CometPlayer
[2011-05-27 18:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marta\Application Data\EurekaLog
[2011-08-16 14:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marta\Application Data\facemoods.com
[2011-05-07 14:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marta\Application Data\Gadu-Gadu 10
[2011-10-08 10:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marta\Application Data\go
[2011-10-06 20:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marta\Application Data\gtk-2.0
[2011-05-14 09:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marta\Application Data\Leadertech
[2011-05-06 12:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marta\Application Data\OpenFM
[2011-04-30 20:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marta\Application Data\tigerplayer
[2011-05-27 18:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marta\Application Data\VSRevoGroup
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %systemdrive%\*.* >
[2011-04-30 07:42:34 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011-04-30 07:33:29 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011-04-30 07:42:34 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011-10-08 14:29:18 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys
[2011-04-30 07:42:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011-04-30 07:42:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009-02-24 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-02-24 14:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011-10-08 14:29:16 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

< End of report >

Kod:

OTL Extras logfile created on: 2011-10-08 14:52:36 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Documents and Settings\Marta\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd
 
1023,49 Mb Total Physical Memory | 372,77 Mb Available Physical Memory | 36,42% Memory free
2,40 Gb Paging File | 1,76 Gb Available in Paging File | 73,41% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,07 Gb Total Space | 0,31 Gb Free Space | 1,62% Space Free | Partition Type: NTFS
Drive D: | 19,07 Gb Total Space | 7,28 Gb Free Space | 38,17% Space Free | Partition Type: NTFS
Drive H: | 3,73 Gb Total Space | 1,19 Gb Free Space | 31,96% Space Free | Partition Type: FAT32
 
Computer Name: DARKEDITION | User Name: Marta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1844237615-152049171-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Command Prompt Here] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Find.Target] -- "explorer.exe" /select,"%1" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"C:\Program Files\Gadu-Gadu 10\Gadu - gadu.exe" = C:\Program Files\Gadu-Gadu 10\Gadu - gadu.exe:*:Enabled:Gadu-Gadu 10
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\WapSter\WapSter AQQ\AQQ.exe" = C:\Program Files\WapSter\WapSter AQQ\AQQ.exe:*:Enabled:AQQ Instant Messenger -- (Creative Team S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D5219EC-BFF8-4B7F-AB92-6D827BB37CB0}" = Windows Live Messenger
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{7EDFCB74-81C0-4FB6-9FDF-1BC7CD098638}" = Adobe InDesign CS3
"{7F0F5F58-0EE4-4DAB-B5C2-C047A250C696}" = Adobe Setup
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3 - Polish
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5096D00-8B9C-41DB-8472-9D721E982DF0}" = Podstawowe programy Windows Live
"{CFCD2A80-EC16-11E0-A273-B8AC6F97B88E}" = Google Earth
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_c6130331409d42b2f62a7cc73ec2c87" = Adobe InDesign CS3
"AQQ" = WapSter AQQ
"CPLBonus" = Kels' CPL Bonus Pack!
"Ěî˙ ďđîăđŕěěŕ_is1" = Ěî˙ ďđîăđŕěěŕ 1.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gadu-Gadu 10" = Gadu-Gadu 10
"JDownloader" = JDownloader
"kED_is1" = kED 2.1.4.0
"LClock" = LClock
"lvdrivers_12.10" = Pakiet sterowników: Logitech Webcam Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.2.1300
"MpcStar" = MpcStar 4.9
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.88
"VDrive" = Vista Drive Indicator!
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Podstawowe programy Windows Live
"WinRAR archiver" = Archiwizator WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1844237615-152049171-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Detektor Winampa
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 2011-05-09 02:37:44 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd csi-miami.exe, wersja 9.0.0.383, moduł powodujący
 błąd binkw32.dll, wersja 1.5.21.0, adres błędu 0x00026e59.
 
Error - 2011-05-09 02:38:26 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd csi-miami.exe, wersja 9.0.0.383, moduł powodujący
 błąd binkw32.dll, wersja 1.5.21.0, adres błędu 0x00026e59.
 
Error - 2011-05-09 02:39:06 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd csi-miami.exe, wersja 9.0.0.383, moduł powodujący
 błąd binkw32.dll, wersja 1.5.21.0, adres błędu 0x00026e59.
 
Error - 2011-05-09 02:39:46 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd csi-miami.exe, wersja 9.0.0.383, moduł powodujący
 błąd binkw32.dll, wersja 1.5.21.0, adres błędu 0x00026e59.
 
Error - 2011-05-09 06:12:39 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd csi-miami.exe, wersja 9.0.0.383, moduł powodujący
 błąd binkw32.dll, wersja 1.5.21.0, adres błędu 0x00026e59.
 
Error - 2011-05-11 03:48:53 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd csi-miami.exe, wersja 9.0.0.383, moduł powodujący
 błąd binkw32.dll, wersja 1.5.21.0, adres błędu 0x00026e59.
 
Error - 2011-05-25 14:10:19 | Computer Name = DARKEDITION | Source = EventSystem | ID = 4621
Description = System zdarzeń modelu COM+ nie mógł usunąć obiektu EventSystem.EventSubscription
 {A82F0E80-1305-400C-BA56-375AE04264A1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.
 HRESULT 8007000
 
Error - 2011-05-25 14:41:57 | Computer Name = DARKEDITION | Source = EventSystem | ID = 4621
Description = System zdarzeń modelu COM+ nie mógł usunąć obiektu EventSystem.EventSubscription
 {45233130-B6C3-44FB-A6AF-487C47CEE611}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.
 HRESULT 8007000
 
Error - 2011-07-25 05:11:13 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący
 błąd gcswf32.dll, wersja 10.3.181.35, adres błędu 0x00191952.
 
Error - 2011-08-07 06:06:14 | Computer Name = DARKEDITION | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd skype.exe, wersja 4.2.0.169, moduł powodujący
 błąd kernel32.dll, wersja 5.1.2600.5719, adres błędu 0x00012aeb.
 
[ System Events ]
Error - 2011-09-19 12:24:17 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7034
Description = Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę.
 Wystąpiło to razy: 1.
 
Error - 2011-09-20 04:43:06 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
 z usługą Application Layer Gateway Service.
 
Error - 2011-09-20 04:43:06 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Application Layer Gateway Service z powodu
 następującego błędu:   %%1053
 
Error - 2011-09-23 03:33:01 | Computer Name = DARKEDITION | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F'
 podczas przetwarzania pliku 'desktop.ini' w woluminie 'HarddiskVolume1'. W rezultacie
 zostało zatrzymane monitorowanie woluminu.
 
Error - 2011-09-24 04:27:39 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7034
Description = Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę.
 Wystąpiło to razy: 1.
 
Error - 2011-09-25 07:00:35 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7034
Description = Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę.
 Wystąpiło to razy: 1.
 
Error - 2011-09-26 12:49:25 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7034
Description = Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę.
 Wystąpiło to razy: 1.
 
Error - 2011-09-28 12:52:52 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7034
Description = Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę.
 Wystąpiło to razy: 1.
 
Error - 2011-10-03 10:35:21 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7034
Description = Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę.
 Wystąpiło to razy: 1.
 
Error - 2011-10-04 14:14:50 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7011
Description = Limit czasu (30000 milisekund) podczas oczekiwania na odpowiedź transakcji
 z usługi NVSvc.
 
 
< End of report >

I z malwarebytes

Kod:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Wersja bazy: 7900

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2011-10-08 14:26:53
mbam-log-2011-10-08 (14-26-53).txt

Typ skanowania: Szybkie skanowanie
Przeskanowano obiektów: 1641
Upłynęło: 3 minut(y), 52 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 4

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
h:\bycfht.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
h:\kqlueg.exe (Worm.VB) -> Quarantined and deleted successfully.
h:\x.exe (Worm.VB) -> Quarantined and deleted successfully.
h:\kqlueg.scr (Worm.VB) -> Quarantined and deleted successfully.

Uwaga: To jest stary temat
Ta dyskusja jest starsza niż 90 dni. Informacje w niej zawarte mogą już nie być aktualne

ChceBycModem · 10.10.2011, 16:54

Użyj ComboFixa. Mi pomógł w niejednej sytuacji.

**martaa1404** · 10.10.2011, 19:23

Czytałam gdzieś na jakiejś stronie, że combofix to dla bardziej zaawansowanych użytkowników, którzy się znają... no a moja znajomość dotycząca usunięcia wirusów ogranicza się do przeskanowania malwarebytes lub jakże marnym programem o wdzięcznej nazwie avast. Nigdy się z aż takim dziwacznym wirusem nie spotkałam i zupelnie jestem z tych tematów zielona...

ChceBycModem · 11.10.2011, 07:19

Użyj go.

Kod:

http://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix

Proszę. Z tego linka możesz go pobrać (oficjalna strona CF) i dowiedzieć się, jak go używać, ale powiem w kilku punktach:
1.Podłącz pendrive. (no bo jego chcemy wyleczyć, nieprawdaż?)
2.Wyłącz Avasta! Bez tego nie zadziała.
3.CF zaproponuje zainstalować konsolę odzyskiwania. (W razie wypadku, przyda się! Zresztą, jak to będzie coś jeszcze, to i tak ci będzie kazał zainstalować)
4.Kiedy już przestaną wyskakiwać jakieś okienka, ZOSTAW komputer BEZ RUSZANIA MYSZKĄ ANI NAWET NIE DOTYKAJ KLAWIATURY. (sry za to, ale jeżeli coś takiego zrobisz, to masz szansę do użycia konsoli)
5.Jak skończy, będzie chciał zrestartować komputer (chyba, nie pamiętam). Wyskoczy ci notatnik z logiem. Wrzuć tak, jak log z OTL.
6.Sprawdź, czy pendrive został naprawiony.

Jeżeli wszystko zadziała, to napisz, jak nie to też.

P.S.
Uwaga: program ComboFix po uruchomieniu automatycznie usunie wszystkie pliki z następujących lokalizacji:

Kosz
Folder tymczasowych plików internetowych
Folder tymczasowy

więc się nie zdziw, jak coś ci usunie

**martaa1404** · 20.01.2012, 22:35

Przepraszam że tak długo nie pisałam, ale miałam małe problemy.

Więc oto mój sposób (troche zrobione okrężną drogą ale zawsze jednak coś)

Zdygałam co do użycia ComboFixa ale na ratunek przyszedł mi komputer z systemem mac os x

Jak wiadomo, tam podobnież nie ma wirusów (narazie), więc skopiowałam wszystkie poukrywane foldery na dysk a wirusy i te skróty do folderów pousuwałam ręcznie, po czym sformatowałam pendrive i wrzuciłam moje foldery i pliki i jest OK

Mimo to dziękuje za pomoc

**cross099** · 09.03.2012, 13:52

Na prośbę użytkowniczki zamykam temat.

Zainfekowany pendrive

LinkBack

Narzędzia wątku

Zainfekowany pendrive

Odp: Zainfekowany pendrive

Odp: Zainfekowany pendrive

Odp: Zainfekowany pendrive

Odp: Zainfekowany pendrive

Odp: Zainfekowany pendrive

Ranking tematów

Tagi dla tego wątku

Uprawnienia umieszczania postów

Szybkie linki

Forum Precyl.pl

O nas

Szukaj na Precyl.pl

Znajdziesz nas na: