wojtasss utworzono 12 września 2009 utworzono 12 września 2009 Witam, kupiłem sobie nowy dysk zewnętrzny i chciałbym na niego przegrać ważne dla mnie pliki, a resztę sformatować. Niestety pliki te są zawirusowane. Czym je przeskanować, żeby po przeniesieniu na nowy dysk były całkowicie czyste ?
MarekM25 komentarz 12 września 2009 komentarz 12 września 2009 Możesz powiedzieć konkretniej jakie to pliki??
MarekM25 komentarz 12 września 2009 komentarz 12 września 2009 Może powiem tak jakie wirusy wykrywa i w jakich lokalizacjach?
wojtasss komentarz 12 września 2009 Autor komentarz 12 września 2009 Nie wiem jakie wirusy, ponieważ nie mam antywirusa, stąd też moje pytanie - Czym przeskanować pliki by uzyskać pewność, że będą absolutnie wolne od wszelkich wirusów.
MarekM25 komentarz 13 września 2009 komentarz 13 września 2009 Jeżeli plików jest mało (znaczy kilka). To przeskanuj je pojedynczo na virustotal, jeżeli dużo to zrób to co mówił poprzednik. Poza tym daj loga z OTListIt2.
wojtasss komentarz 14 września 2009 Autor komentarz 14 września 2009 OTL logfile created on: 2009-09-13 11:40:13 - Run 1 OTL by OldTimer - Version 3.0.11.0 Folder = C:\Documents and Settings\Wojtek\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,38% Memory free 3,85 Gb Paging File | 3,50 Gb Available in Paging File | 90,87% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29,30 Gb Total Space | 6,89 Gb Free Space | 23,53% Space Free | Partition Type: NTFS Drive D: | 268,79 Gb Total Space | 78,81 Gb Free Space | 29,32% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: WOJTEK-33544FE6 Current User Name: Wojtek Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009-05-01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2004-08-04 00:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2006-12-18 15:34:36 | 00,868,352 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe PRC - [2006-07-13 07:12:26 | 00,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe PRC - [2006-10-27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2007-02-12 12:23:18 | 01,620,480 | ---- | M] (Nero AG) -- D:\Program Files\Nero 7\InCD\NBHGui.exe PRC - [2007-02-12 12:19:46 | 01,050,112 | ---- | M] (Nero AG) -- D:\Program Files\Nero 7\InCD\InCD.exe PRC - [2009-05-14 15:47:08 | 02,029,640 | ---- | M] (ESET) -- D:\Program Files\NOD\egui.exe PRC - [2009-08-31 18:07:34 | 11,391,592 | ---- | M] (GG Network S.A.) -- D:\Program Files\Nowe Gadu-Gadu\gg.exe PRC - [2007-09-06 15:08:02 | 00,136,136 | ---- | M] (DT Soft Ltd.) -- D:\Program Files\DAEMON Tools Pro\DTProAgent.exe PRC - [2009-05-14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- D:\Program Files\NOD\ekrn.exe PRC - [2007-02-12 12:18:50 | 00,924,160 | ---- | M] (Nero AG) -- D:\Program Files\Nero 7\InCD\InCDsrv.exe PRC - [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2009-08-31 16:56:26 | 00,077,824 | ---- | M] () -- D:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2004-08-04 00:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe PRC - [2009-09-11 16:37:37 | 00,908,280 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Firefox\firefox.exe PRC - [2009-02-12 14:22:42 | 03,116,544 | ---- | M] () -- D:\Program Files\Strong DC++\sdc222\StrongDC.exe PRC - [2009-09-13 11:39:19 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wojtek\Moje dokumenty\Pobieranie\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009-05-14 15:54:22 | 00,020,680 | ---- | M] (ESET) -- D:\Program Files\NOD\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped]) SRV - [2009-05-14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- D:\Program Files\NOD\ekrn.exe -- (ekrn [Auto | Running]) SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2009-06-17 18:39:26 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ef6a2faf1046 [Auto | Stopped]) SRV - [2009-06-17 18:38:33 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped]) SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) SRV - [2007-02-12 12:18:50 | 00,924,160 | ---- | M] (Nero AG) -- D:\Program Files\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running]) SRV - [2006-10-27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) SRV - [2007-01-05 13:41:10 | 00,774,144 | ---- | M] (Nero AG) -- D:\Program Files\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped]) SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2006-12-23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped]) SRV - [2009-05-01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running]) SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running]) ========== Driver Services (SafeList) ========== DRV - [2007-01-16 03:09:06 | 00,293,888 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running]) DRV - [2006-08-07 00:57:30 | 00,093,952 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\AEAudio.sys -- (AEAudio [On_Demand | Running]) DRV - [2009-05-14 15:41:10 | 00,114,472 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running]) DRV - [2009-05-14 15:47:14 | 00,107,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [system | Running]) DRV - [2009-05-14 15:49:32 | 00,094,360 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [system | Running]) DRV - [2009-08-06 22:48:40 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running]) DRV - [2004-10-27 15:21:36 | 00,138,240 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2007-02-12 12:14:42 | 00,112,384 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDfs [Disabled | Running]) DRV - [2007-02-12 12:17:24 | 00,031,360 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass [system | Running]) DRV - [2007-02-12 12:17:40 | 00,033,792 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (incdrm [system | Running]) DRV - [2006-02-07 13:52:58 | 00,006,912 | R--- | M] (JMicron ) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO [boot | Running]) DRV - [2006-10-30 05:31:58 | 00,043,648 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID [boot | Running]) DRV - [2004-08-13 04:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running]) DRV - [2009-04-30 22:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2006-07-27 03:49:10 | 00,083,712 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running]) DRV - [2004-07-17 11:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2006-03-17 11:18:58 | 00,392,960 | R--- | M] (Sensaura) -- C:\WINDOWS\System32\drivers\Senfilt.sys -- (SenFiltService [On_Demand | Running]) DRV - [2009-05-31 19:53:33 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1060284298-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1060284298-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1060284298-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKU\S-1-5-21-1060284298-879983540-839522115-1003\S-1-5-21-1060284298-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1060284298-879983540-839522115-1003\S-1-5-21-1060284298-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "chrome://fastdial/content/fastdial.html" FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b1 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-03 16:16:53 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Program Files\Firefox\components [2009-09-11 16:37:40 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Program Files\Firefox\plugins [2009-09-11 16:37:40 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\Program Files\NOD\Mozilla Thunderbird [2009-05-31 19:23:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\mozilla\Extensions [2009-05-31 19:23:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-09-12 23:39:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\mozilla\Firefox\Profiles\drtlx5n9.default\extensions [2009-09-03 21:05:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\mozilla\Firefox\Profiles\drtlx5n9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-08-09 11:51:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\mozilla\Firefox\Profiles\drtlx5n9.default\extensions\fastdial@telega.phpnet.us O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Wojtek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [egui] D:\Program Files\NOD\egui.exe (ESET) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [inCD] D:\Program Files\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [securDisc] D:\Program Files\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKU\S-1-5-21-1060284298-879983540-839522115-1003..\Run: [ALLUpdate] D:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-1060284298-879983540-839522115-1003..\Run: [cdoosoft] C:\DOCUME~1\Wojtek\USTAWI~1\Temp\herss.exe File not found O4 - HKU\S-1-5-21-1060284298-879983540-839522115-1003..\Run: [DAEMON Tools Pro Agent] D:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.) O4 - HKU\S-1-5-21-1060284298-879983540-839522115-1003..\Run: [Nowe Gadu-Gadu] D:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-1060284298-879983540-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-1060284298-879983540-839522115-1003..\Run: [wsctf.exe] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1060284298-879983540-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1060284298-879983540-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-1060284298-879983540-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O7 - HKU\S-1-5-21-1060284298-879983540-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {BB4C402F-882A-4526-8C08-51278EA437C1} - C:\WINDOWS\System32\e8main1.dll File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-05-31 17:12:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-09-10 22:48:46 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-09-10 22:48:46 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{11accfb4-7de2-11de-8ce2-001a92e127b0}\Shell\AutoRun\command - "" = G:\rx.exe -- File not found O33 - MountPoints2\{11accfb4-7de2-11de-8ce2-001a92e127b0}\Shell\open\Command - "" = G:\rx.exe -- File not found O33 - MountPoints2\{f8945542-4e04-11de-b664-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{f8945542-4e04-11de-b664-806d6172696f}\Shell\AutoRun\command - "" = E:\Bin\Assetup.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [3 C:\WINDOWS\*.tmp files] [2009-09-10 22:48:46 | 00,000,000 | RHSD | C] -- C:\autorun.inf [2009-09-10 18:21:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wojtek\Ustawienia lokalne\Dane aplikacji\cache [2009-09-10 18:20:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2009-08-30 23:12:29 | 05,508,880 | ---- | C] () -- C:\Documents and Settings\Wojtek\Pulpit\Coma - Ostrość na nieskończoność.mp3 [2009-08-29 20:03:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wojtek\Pulpit\czlowiek legenda [2009-08-18 18:36:59 | 07,486,154 | ---- | C] () -- C:\Documents and Settings\Wojtek\Pulpit\Audioslave - Be Yourself.mp3 [2009-08-17 00:19:09 | 08,883,798 | ---- | C] () -- C:\Documents and Settings\Wojtek\Pulpit\Marcel Woods - Inside Me (original mix).mp3 [2009-08-15 21:06:38 | 18,485,334 | ---- | C] () -- C:\Documents and Settings\Wojtek\Pulpit\Rank1 - L.E.D. There Be Light (Trance Energy 2009 Anthem).mp3 [2009-08-15 21:06:18 | 19,792,209 | ---- | C] () -- C:\Documents and Settings\Wojtek\Pulpit\Rank 1 - L.E.D. There Be Light (Marcel Woods Remix).mp3 [2009-06-02 17:47:37 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-05-31 22:23:39 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2009-05-31 19:53:33 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-05-31 19:12:05 | 00,019,320 | ---- | C] () -- C:\WINDOWS\System32\spmsg.dll [2009-05-31 18:47:17 | 00,014,682 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009-05-31 17:19:19 | 00,015,010 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2009-05-31 17:18:56 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2009-05-31 17:18:40 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2009-05-01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009-05-01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2009-05-01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009-05-01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2005-10-14 11:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2005-10-14 11:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll [2005-10-14 11:56:50 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2005-10-14 11:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2005-10-14 11:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2005-10-14 11:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2005-10-14 11:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2005-10-14 11:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2005-10-14 11:56:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll [2004-07-17 11:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2001-07-22 00:16:20 | 00,000,552 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 00:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini ========== Files - Modified Within 30 Days ========== [3 C:\WINDOWS\System32\*.tmp files] [3 C:\WINDOWS\*.tmp files] [2009-09-13 11:16:00 | 00,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2009-09-13 10:02:38 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2009-09-13 10:02:28 | 00,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2009-09-13 10:02:05 | 00,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2009-09-13 10:02:04 | 00,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009-09-13 10:02:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-09-13 10:02:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-09-13 03:03:32 | 05,334,094 | -H-- | M] () -- C:\Documents and Settings\Wojtek\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-09-13 01:56:17 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-09-12 21:48:52 | 00,098,304 | ---- | M] () -- C:\Documents and Settings\Wojtek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-12 10:20:05 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-09-10 18:16:23 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-08-30 23:12:39 | 05,508,880 | ---- | M] () -- C:\Documents and Settings\Wojtek\Pulpit\Coma - Ostrość na nieskończoność.mp3 [2009-08-30 08:28:12 | 00,068,880 | ---- | M] () -- C:\Documents and Settings\Wojtek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-08-28 23:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009-08-19 21:58:49 | 07,486,154 | ---- | M] () -- C:\Documents and Settings\Wojtek\Pulpit\Audioslave - Be Yourself.mp3 [2009-08-18 09:02:45 | 18,485,334 | ---- | M] () -- C:\Documents and Settings\Wojtek\Pulpit\Rank1 - L.E.D. There Be Light (Trance Energy 2009 Anthem).mp3 [2009-08-17 22:03:53 | 19,792,209 | ---- | M] () -- C:\Documents and Settings\Wojtek\Pulpit\Rank 1 - L.E.D. There Be Light (Marcel Woods Remix).mp3 [2009-08-17 08:26:11 | 08,883,798 | ---- | M] () -- C:\Documents and Settings\Wojtek\Pulpit\Marcel Woods - Inside Me (original mix).mp3 ========== LOP Check ========== [2009-08-04 21:51:15 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2009-06-03 14:30:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters [2009-05-31 19:57:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2009-06-02 16:50:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro [2009-07-27 20:29:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2009-06-23 18:46:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2009-05-31 19:04:24 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2009-05-31 17:16:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2009-05-31 17:15:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2009-08-06 22:49:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji [2009-06-02 17:46:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Ahead [2009-07-04 17:18:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\BESTplayer [2009-06-01 09:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\DAEMON Tools [2009-05-31 19:59:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\DAEMON Tools Lite [2009-06-02 16:49:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\DAEMON Tools Pro [2009-08-06 23:24:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Hamachi [2009-06-07 13:21:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Nowe Gadu-Gadu [2009-06-24 14:12:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Offline Explorer [2009-06-23 18:28:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\OpenFM [2001-07-22 00:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-09-13 10:02:28 | 00,000,972 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job [2009-09-13 10:02:04 | 00,001,032 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2009-09-13 11:16:00 | 00,001,036 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2009-09-13 10:02:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009-09-13 10:02:38 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== < End of report > I co z tym log'iem ? W porządku ?
MarekM25 komentarz 14 września 2009 komentarz 14 września 2009 Uruchom OTL i w oknie Custom Scans/Fixes wklej następujący skrypt: :OTLPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)O32 - AutoRun File - [2009-09-10 22:48:46 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2009-09-10 22:48:46 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]O33 - MountPoints2\{11accfb4-7de2-11de-8ce2-001a92e127b0}\Shell\AutoRun\command - "" = G:\rx.exe -- File not foundO33 - MountPoints2\{11accfb4-7de2-11de-8ce2-001a92e127b0}\Shell\open\Command - "" = G:\rx.exe -- File not foundO33 - MountPoints2\{f8945542-4e04-11de-b664-806d6172696f}\Shell - "" = AutoRunO33 - MountPoints2\{f8945542-4e04-11de-b664-806d6172696f}\Shell\AutoRun\command - "" = E:\Bin\Assetup.exe -- File not found:Commands[emptytemp][start explorer][Reboot] Kliknij w Run Fix. Zatwierdź restart komputera. +Przeskanuj komputer Dr web CureIT
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.