Problem z recysled\boot.com

Oprogramowanie komputerowe Problemy z oprogramowaniem
#1

podczas otwierania dysków wuświetla mi się C: \ recycled \ boot.com nie jest prawidłową aplikacją systemu Win 32

log po przeskanowaniu przez HijackThis wygląda tak :

http://wklej.eu/index.php?id=958f36907b

Dodane 04.08.2009 (Wt) 19:55

nie mam pojęcia co skasować by było dobrze, bardzo prosze o pomoc

Dodane 04.08.2009 (Wt) 19:58

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:58:00, on 2009-08-04

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files\Cyberlink\Shared Files\brs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Opera\opera.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\marlena\USTAWI~1\Temp\Katalog tymczasowy 5 dla HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O4 - HKLM…\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM…\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM…\Run: [soundMAX] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM…\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [RemoteControl9] “C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe”

O4 - HKLM…\Run: [PDVD9LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe”

O4 - HKLM…\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [ALLUpdate] “C:\Program Files\ALLPlayer\ALLUpdate.exe” “sleep”

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Usługa Autoochrony w programie Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

End of file - 5721 bytes

#2

Pisałem, że temat ma być w dziale z logami.

Logi wklejasz na wklej.org lub wklej.to, bo na wklej.eu się ciężko je czyta.

Zastosuj Flash Disinfector.

Fix w HiJackThis: ( Do a system scan only -> zaznaczasz pola przy podanych niżej wpisach -> Fix checked )

Pokaż log OTL.

#3

zrobiłam i nadal nie da się włączyć a log wygląda tak

http://wklej.org/id/130504/

#4

:slight_smile:

#5

OTL logfile created on: 2009-08-04 20:20:52 - Run 1

OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\marlena\Pulpit

Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,42% Memory free

3,85 Gb Paging File | 3,45 Gb Available in Paging File | 89,79% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48,83 Gb Total Space | 43,04 Gb Free Space | 88,15% Space Free | Partition Type: NTFS

Drive D: | 208,45 Gb Total Space | 148,94 Gb Free Space | 71,45% Space Free | Partition Type: NTFS

Drive E: | 208,48 Gb Total Space | 152,14 Gb Free Space | 72,98% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CZORNO

Current User Name: marlena

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2006-12-18 15:34:36 | 00,868,352 | R— | M] (Analog Devices, Inc.) – C:\Program Files\Analog Devices\Core\smax4pnp.exe

PRC - [2006-07-13 07:12:26 | 00,729,088 | ---- | M] (Analog Devices, Inc.) – C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

PRC - [2002-11-03 22:49:39 | 00,188,416 | ---- | M] (HP) – C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

PRC - [2001-09-25 10:51:16 | 00,078,928 | ---- | M] (Symantec Corporation) – C:\Program Files\Norton AntiVirus\Navapw32.exe

PRC - [2009-04-27 20:41:58 | 00,087,336 | ---- | M] (CyberLink Corp.) – C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

PRC - [2009-05-07 21:05:44 | 00,075,048 | ---- | M] (cyberlink) – C:\Program Files\Cyberlink\Shared Files\brs.exe

PRC - [2004-08-04 00:55:54 | 01,667,584 | ---- | M] (Microsoft Corporation) – C:\Program Files\Messenger\msmsgs.exe

PRC - [2008-03-20 12:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) – C:\Program Files\Gadu-Gadu\gg.exe

PRC - [2001-09-25 10:51:38 | 00,115,792 | ---- | M] (Symantec Corporation) – C:\Program Files\Norton AntiVirus\navapsvc.exe

PRC - [2006-08-11 15:42:50 | 00,155,715 | ---- | M] (NVIDIA Corporation) – C:\WINDOWS\System32\nvsvc32.exe

PRC - [2009-04-27 18:22:34 | 00,271,760 | ---- | M] () – C:\Program Files\CyberLink\Shared files\RichVideo.exe

PRC - [2009-02-26 10:49:18 | 00,099,328 | ---- | M] (Opera Software) – C:\Program Files\Opera\opera.exe

PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\wdfmgr.exe

PRC - [2006-03-02 14:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

PRC - [2009-08-04 20:20:13 | 00,514,048 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\marlena\Pulpit\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006-03-02 14:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll – (helpsvc [Auto | Running])

SRV - [2001-09-25 10:51:38 | 00,115,792 | ---- | M] (Symantec Corporation) – C:\Program Files\Norton AntiVirus\navapsvc.exe – (navapsvc [Auto | Running])

SRV - [2006-08-11 15:42:50 | 00,155,715 | ---- | M] (NVIDIA Corporation) – C:\WINDOWS\System32\nvsvc32.exe – (NVSvc [Auto | Running])

SRV - [2009-04-27 18:22:34 | 00,271,760 | ---- | M] () – C:\Program Files\CyberLink\Shared files\RichVideo.exe – (RichVideo [Auto | Running])

SRV - [2001-08-13 23:18:36 | 00,054,408 | ---- | M] (Symantec Corporation) – C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe – (SBService [Auto | Stopped])

SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\wdfmgr.exe – (UMWdf [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2007-01-16 03:09:06 | 00,293,888 | R— | M] (Analog Devices, Inc.) – C:\WINDOWS\System32\drivers\ADIHdAud.sys – (ADIHdAudAddService [On_Demand | Running])

DRV - [2006-08-07 00:57:30 | 00,093,952 | R— | M] (Andrea Electronics Corporation) – C:\WINDOWS\System32\drivers\AEAudio.sys – (AEAudio [On_Demand | Running])

DRV - [2004-10-27 15:21:36 | 00,138,240 | ---- | M] (Windows ® Server 2003 DDK provider) – C:\WINDOWS\System32\DRIVERS\HDAudBus.sys – (HDAudBus [On_Demand | Running])

DRV - [2006-02-07 13:52:58 | 00,006,912 | R— | M] (JMicron ) – C:\WINDOWS\system32\DRIVERS\JGOGO.sys – (JGOGO [boot | Running])

DRV - [2006-10-30 05:31:58 | 00,043,648 | R— | M] (JMicron Technology Corp.) – C:\WINDOWS\system32\DRIVERS\jraid.sys – (JRAID [boot | Running])

DRV - [2004-08-13 04:56:20 | 00,005,810 | R— | M] () – C:\WINDOWS\System32\DRIVERS\ASACPI.sys – (MTsensor [On_Demand | Running])

DRV - [2001-08-03 19:22:00 | 00,182,896 | ---- | M] () – C:\WINDOWS\System32\Drivers\NAVAP.SYS – (NAVAP [On_Demand | Running])

DRV - [2009-07-29 10:00:00 | 00,087,888 | ---- | M] (Symantec Corporation) – C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090729.005\NAVENG.SYS – (NAVENG [On_Demand | Running])

DRV - [2009-07-29 10:00:00 | 00,875,728 | ---- | M] (Symantec Corporation) – C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090729.005\NAVEX15.SYS – (NAVEX15 [On_Demand | Running])

DRV - [2006-08-11 15:42:42 | 03,958,496 | ---- | M] (NVIDIA Corporation) – C:\WINDOWS\System32\DRIVERS\nv4_mini.sys – (nv [On_Demand | Running])

DRV - [2006-08-21 12:24:28 | 00,105,344 | R— | M] (NVIDIA Corporation) – C:\WINDOWS\system32\DRIVERS\nvata.sys – (nvata [boot | Running])

DRV - [2006-09-11 13:45:36 | 00,057,856 | R— | M] (NVIDIA Corporation) – C:\WINDOWS\System32\DRIVERS\NVENETFD.sys – (NVENETFD [On_Demand | Running])

DRV - [2006-09-11 13:45:38 | 00,019,968 | R— | M] (NVIDIA Corporation) – C:\WINDOWS\System32\DRIVERS\nvnetbus.sys – (nvnetbus [On_Demand | Running])

DRV - [2006-03-02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) – C:\WINDOWS\System32\DRIVERS\ptilink.sys – (Ptilink [On_Demand | Running])

DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) – C:\WINDOWS\System32\Drivers\PxHelp20.sys – (PxHelp20 [boot | Running])

DRV - [2006-03-02 14:00:00 | 00,027,440 | ---- | M] () – C:\WINDOWS\System32\DRIVERS\secdrv.sys – (Secdrv [On_Demand | Stopped])

DRV - [2006-03-17 11:18:58 | 00,392,960 | R— | M] (Sensaura) – C:\WINDOWS\System32\drivers\Senfilt.sys – (SenFiltService [On_Demand | Running])

DRV - [2001-08-15 15:20:44 | 00,057,696 | ---- | M] (Symantec Corporation) – C:\Program Files\Symantec\SYMEVENT.SYS – (SymEvent [On_Demand | Running])

DRV - [2001-08-06 12:10:20 | 00,014,120 | ---- | M] (Symantec Corporation) – C:\WINDOWS\System32\Drivers\SYMREDRV.SYS – (SYMREDRV [On_Demand | Running])

DRV - [2001-08-06 12:10:24 | 00,131,040 | ---- | M] (Symantec Corporation) – C:\WINDOWS\System32\Drivers\SYMTDI.SYS – (SYMTDI [Auto | Running])

DRV - [2008-09-26 17:06:24 | 00,032,048 | ---- | M] (Windows ® 2000 DDK provider) – C:\WINDOWS\System32\DRIVERS\UimBus.sys – (UimBus [system | Running])

DRV - [2008-09-26 17:06:24 | 00,129,824 | ---- | M] (Paragon) – C:\WINDOWS\System32\Drivers\Uim_IM.sys – (Uim_IM [system | Running])

DRV - [2009-05-07 21:05:22 | 00,087,536 | ---- | M] (CyberLink Corp.) – C:\Program Files\CyberLink\PowerDVD9\000.fcl – ({B154377D-700F-42cc-9474-23858FBDF4BD} [Auto | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl … ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl … r=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl … r=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl … r=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

O3 - HKLM…\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

O3 - HKLM…\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O3 - HKCU…\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

O3 - HKCU…\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)

O3 - HKCU…\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)

O3 - HKCU…\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O4 - HKLM…\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe (cyberlink)

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe (HP)

O4 - HKLM…\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)

O4 - HKLM…\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()

O4 - HKLM…\Run: [NAV Agent] C:\Program Files\Norton AntiVirus\Navapw32.exe (Symantec Corporation)

O4 - HKLM…\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM…\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM…\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)

O4 - HKLM…\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM…\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)

O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKCU…\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()

O4 - HKCU…\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)

O4 - HKCU…\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra ‘Tools’ menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM…Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc … wflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.152.34 194.204.159.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-06-08 17:33:19 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O32 - AutoRun File - [2009-07-20 11:35:56 | 00,000,255 | RHS- | M] () - C:\autorun.inf – [NTFS]

O32 - AutoRun File - [2009-07-20 11:35:56 | 00,000,255 | RHS- | M] () - D:\autorun.inf – [NTFS]

O32 - AutoRun File - [2009-07-20 11:35:56 | 00,000,255 | RHS- | M] () - E:\autorun.inf – [NTFS]

O33 - MountPoints2{23a7a601-5450-11de-9a78-806d6172696f}\Shell - “” = AutoRun

O33 - MountPoints2{23a7a601-5450-11de-9a78-806d6172696f}\Shell\AutoRun\command - “” = F:\Setup.exe – File not found

O33 - MountPoints2{c6166602-6fb6-11de-ba96-001d6088aa5b}\Shell - “” = AutoRun

O33 - MountPoints2{c6166602-6fb6-11de-ba96-001d6088aa5b}\Shell\Open\command - “” = "r

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS*.tmp files]

[2009-08-04 20:20:12 | 00,514,048 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\marlena\Pulpit\OTL.exe

[2009-08-04 20:16:04 | 00,132,597 | ---- | C] () – C:\Flash_Disinfector.exe

[2009-08-04 19:27:12 | 00,318,369 | ---- | C] () – C:\HiJackThis.zip

[2009-07-28 17:51:29 | 00,809,144 | ---- | C] () – C:\Documents and Settings\marlena\Pulpit\index.pdf

[2009-07-28 17:47:45 | 00,009,730 | ---- | C] () – C:\Documents and Settings\marlena\Pulpit\Czerniecka.jpg

[2009-07-25 15:43:11 | 00,663,832 | ---- | C] () – C:\gamingharbor_installer.exe

[2009-07-20 10:26:42 | 00,000,255 | RHS- | C] () – C:\autorun.inf

[2009-07-20 10:26:42 | 00,000,000 | RHSD | C] – C:\resycled

[2009-07-14 11:23:57 | 00,001,162 | ---- | C] () – C:\Documents and Settings\marlena\Pulpit\Marlena Czerniecka.jpg

[2009-07-11 07:59:09 | 00,000,000 | —D | C] – C:\WINDOWS\Minidump

[2009-07-08 19:03:37 | 00,019,968 | ---- | C] () – C:\Documents and Settings\marlena\Pulpit\rzeczywistość.doc

[2009-07-06 09:21:50 | 00,030,453 | ---- | C] () – C:\Documents and Settings\marlena\Pulpit\deklaracja_oplat_semestralna.pdf

[2009-07-06 09:21:44 | 00,032,048 | ---- | C] () – C:\Documents and Settings\marlena\Pulpit\deklaracja_oplat_miesiecznych.pdf

[2009-07-06 09:14:53 | 00,064,925 | ---- | C] () – C:\Documents and Settings\marlena\Pulpit\karta_zgloszenia.pdf

[2009-07-06 09:11:27 | 00,047,059 | ---- | C] () – C:\Documents and Settings\marlena\Pulpit\podanie_lic_inz.pdf

[2009-06-08 18:18:44 | 00,164,352 | ---- | C] () – C:\WINDOWS\System32\unrar.dll

[2009-06-08 18:18:44 | 00,000,038 | ---- | C] () – C:\WINDOWS\avisplitter.ini

[2009-06-08 18:18:43 | 00,755,027 | ---- | C] () – C:\WINDOWS\System32\xvidcore.dll

[2009-06-08 18:18:43 | 00,159,839 | ---- | C] () – C:\WINDOWS\System32\xvidvfw.dll

[2009-06-08 18:18:42 | 03,596,288 | ---- | C] () – C:\WINDOWS\System32\qt-dx331.dll

[2009-06-08 18:18:41 | 00,057,344 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll

[2009-06-08 18:18:41 | 00,000,547 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009-06-08 18:16:54 | 00,000,427 | ---- | C] () – C:\WINDOWS\ODBC.INI

[2009-06-08 17:49:24 | 00,000,804 | R— | C] () – C:\WINDOWS\System32\AsusSetup.ini

[2009-06-08 17:49:24 | 00,000,396 | R— | C] () – C:\WINDOWS\System32\raidmgmt.ini

[2009-06-08 17:39:34 | 00,005,810 | R— | C] () – C:\WINDOWS\System32\drivers\ASACPI.sys

[2009-06-08 17:39:33 | 00,032,861 | ---- | C] () – C:\WINDOWS\Ascd_tmp.ini

[2009-06-08 17:39:17 | 00,010,288 | ---- | C] () – C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2006-08-11 15:45:20 | 00,581,632 | ---- | C] () – C:\WINDOWS\System32\nvhwvid.dll

[2006-08-11 15:43:10 | 00,196,608 | ---- | C] () – C:\WINDOWS\System32\nvapi.dll

[2006-08-11 15:43:00 | 01,662,976 | ---- | C] () – C:\WINDOWS\System32\nvwdmcpl.dll

[2006-08-11 15:43:00 | 01,470,464 | ---- | C] () – C:\WINDOWS\System32\nview.dll

[2006-08-11 15:43:00 | 01,019,904 | ---- | C] () – C:\WINDOWS\System32\nvwimg.dll

[2006-08-11 15:43:00 | 00,466,944 | ---- | C] () – C:\WINDOWS\System32\nvshell.dll

[2006-08-11 15:43:00 | 00,286,720 | ---- | C] () – C:\WINDOWS\System32\nvnt4cpl.dll

[2006-03-02 14:00:00 | 00,081,920 | ---- | C] () – C:\WINDOWS\System32\ieencode.dll

[2006-03-02 14:00:00 | 00,027,440 | ---- | C] () – C:\WINDOWS\System32\drivers\secdrv.sys

[2006-03-02 14:00:00 | 00,000,573 | ---- | C] () – C:\WINDOWS\win.ini

[2006-03-02 14:00:00 | 00,000,231 | ---- | C] () – C:\WINDOWS\system.ini

[2001-08-03 19:22:00 | 00,182,896 | ---- | C] () – C:\WINDOWS\System32\drivers\NAVAP.SYS

[1999-01-22 18:46:58 | 00,065,536 | ---- | C] () – C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32*.tmp files]

[4 C:\WINDOWS*.tmp files]

[2009-08-04 20:20:13 | 00,514,048 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\marlena\Pulpit\OTL.exe

[2009-08-04 20:16:04 | 00,132,597 | ---- | M] () – C:\Flash_Disinfector.exe

[2009-08-04 20:10:11 | 00,081,191 | ---- | M] () – C:\WINDOWS\System32\nvapps.xml

[2009-08-04 20:10:11 | 00,000,416 | ---- | M] () – C:\WINDOWS\tasks\Symantec NetDetect.job

[2009-08-04 20:10:10 | 00,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT

[2009-08-04 20:10:09 | 00,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2009-08-04 20:09:23 | 03,730,720 | -H-- | M] () – C:\Documents and Settings\marlena\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-08-04 19:27:12 | 00,318,369 | ---- | M] () – C:\HiJackThis.zip

[2009-07-28 17:51:29 | 00,809,144 | ---- | M] () – C:\Documents and Settings\marlena\Pulpit\index.pdf

[2009-07-28 11:05:30 | 00,009,730 | ---- | M] () – C:\Documents and Settings\marlena\Pulpit\Czerniecka.jpg

[2009-07-25 15:43:11 | 00,663,832 | ---- | M] () – C:\gamingharbor_installer.exe

[2009-07-25 08:42:20 | 00,013,646 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2009-07-20 11:35:56 | 00,000,255 | RHS- | M] () – C:\autorun.inf

[2009-07-18 22:10:30 | 00,009,216 | ---- | M] () – C:\Documents and Settings\marlena\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-07-14 11:23:57 | 00,001,162 | ---- | M] () – C:\Documents and Settings\marlena\Pulpit\Marlena Czerniecka.jpg

[2009-07-08 19:03:37 | 00,019,968 | ---- | M] () – C:\Documents and Settings\marlena\Pulpit\rzeczywistość.doc

[2009-07-06 09:23:37 | 00,000,516 | ---- | M] () – C:\hpfr3420.xml

[2009-07-06 09:21:50 | 00,030,453 | ---- | M] () – C:\Documents and Settings\marlena\Pulpit\deklaracja_oplat_semestralna.pdf

[2009-07-06 09:21:44 | 00,032,048 | ---- | M] () – C:\Documents and Settings\marlena\Pulpit\deklaracja_oplat_miesiecznych.pdf

[2009-07-06 09:14:53 | 00,064,925 | ---- | M] () – C:\Documents and Settings\marlena\Pulpit\karta_zgloszenia.pdf

[2009-07-06 09:11:27 | 00,047,059 | ---- | M] () – C:\Documents and Settings\marlena\Pulpit\podanie_lic_inz.pdf

========== LOP Check ==========

[2009-06-29 12:08:47 | 00,000,000 | RH-D | M] – C:\Documents and Settings\All Users\Dane aplikacji

[2009-06-28 22:04:58 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\3ABB

[2009-06-26 20:28:53 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\CyberLink

[2009-06-10 16:49:56 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Last.fm

[2009-06-26 20:17:22 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Temp

[2009-06-28 22:04:53 | 00,000,000 | RH-D | M] – C:\Documents and Settings\marlena\Dane aplikacji

[2009-06-26 20:28:49 | 00,000,000 | —D | M] – C:\Documents and Settings\marlena\Dane aplikacji\CyberLink

[2009-06-11 20:35:47 | 00,000,000 | —D | M] – C:\Documents and Settings\marlena\Dane aplikacji\Gadu-Gadu

[2009-06-10 10:48:06 | 00,000,000 | —D | M] – C:\Documents and Settings\marlena\Dane aplikacji\Nowe Gadu-Gadu

[2009-06-09 21:57:31 | 00,000,000 | —D | M] – C:\Documents and Settings\marlena\Dane aplikacji\Opera

[2006-03-02 14:00:00 | 00,000,065 | RH-- | M] () – C:\WINDOWS\Tasks\desktop.ini

[2009-08-04 20:10:10 | 00,000,006 | -H-- | M] () – C:\WINDOWS\Tasks\SA.DAT

[2009-08-04 20:10:11 | 00,000,416 | ---- | M] () – C:\WINDOWS\Tasks\Symantec NetDetect.job

========== Purity Check ==========

< End of report >

Dodane 04.08.2009 (Wt) 20:26

i przepraszam ,że tak chaotycznie ale od kiedy mam nowy komputer mam z nim o wiele wiecej problemow niz z tym starym

#6

Logi wklejasz na wklej.org lub wklej.to, a w poście dajesz link !!

W Custom Scans/Fixes w OTL wklej:

Run Fix. Restart, jeśli będzie potrzebny.

Po tym log z usuwania oraz nowy OTL.txt.

#7

zresetował się , po włączeniu wyskoczyła notka :

http://wklej.org/id/130519/

#8

Wszystko się udało. :slight_smile:

Zastosuj Flash Disinfector, jeśli go jeszcze nie stosowałaś.

W OTL kliknij CleanUp.

Wyczyść rejestr i dysk CCleaner.

Usuń zbędniki z autostartu.

Wykonaj pełny skan DR WEB CureIt.

Gdy będą wirusy pokaż raport.

#9

ten flash zastosowałam już wcześniej, za Twoją poradą :slight_smile: bardzo dziękuję!bałam się,że to coś poważnego i nie do usunięcia…:stuck_out_tongue: