Witam wszystkich :) Gdy klikam na dany folder to ciągle pojawia mi się komunikat: http://obrazki.elektroda.net/67_1224652215_thumb.jpg i przenosi mnie na jakąś stronę http://sc.videofreeforonline.com/id/4912933/4/1/ za pomocą której można przeskanować dysk. Występuje także problem z explorer..exe . Przeskanowałem dysk avastem i antytrojanem wykryto tylko jedengo wirusa. Wklejam log. Za każą odpowiedź z góry dziękuję.
ComboFix 08-10-21.04 - Administrator 2008-10-22 17:06:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.599 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usuniêto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Menu Start\Cheap Pharmacy Online.url
C:\Documents and Settings\Administrator\Menu Start\Search Online.url
C:\Documents and Settings\Administrator\Menu Start\VIP Casino.url
C:\Documents and Settings\Administrator\Ulubione\Cheap Pharmacy Online.url
C:\Documents and Settings\Administrator\Ulubione\Search Online.url
C:\Documents and Settings\Administrator\Ulubione\VIP Casino.url
C:\Program Files\SAV
C:\Program Files\SAV\sav.ooo
C:\Program Files\SAV\sav0.dat
C:\Program Files\SAV\sav1.dat
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\k.txt
C:\WINDOWS\system32\c.ico
C:\WINDOWS\system32\hlvdd.dll
C:\WINDOWS\system32\m.ico
C:\WINDOWS\system32\s.ico
C:\WINDOWS\system32\sv.exe
C:\WINDOWS\system32\wP0oXvWV.exe.a_a
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Us³ugi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Pliki utworzone od 2008-09-22 do 2008-10-22 )))))))))))))))))))))))))))))))
.
2008-10-22 17:09 . 2008-10-22 17:09 & lt; DIR & gt; d-------- C:\WINDOWS\system32\xircom
2008-10-22 17:09 . 2008-10-22 17:09 & lt; DIR & gt; d-------- C:\Program Files\microsoft frontpage
2008-10-21 17:31 . 2008-10-21 17:31 65,536 --a------ C:\WINDOWS\system32\gopfa.dll
2008-10-19 19:21 . 2008-10-19 19:21 & lt; DIR & gt; d-------- C:\Program Files\Opera
2008-10-12 16:56 . 2008-10-12 16:56 1,692,717 --a------ C:\Temp\FehlerCMF.bin
2008-10-09 20:49 . 2008-10-09 20:49 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-10-09 20:49 . 2008-10-09 20:49 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-10-09 20:49 . 2008-09-27 10:25 2,645 --a------ C:\WINDOWS\system32\config.hsp
2008-10-09 20:49 . 2008-10-09 20:49 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-10-09 20:48 . 2008-10-09 20:48 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-09 20:48 . 2006-11-22 10:01 693,760 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-10-09 20:47 . 2007-11-27 07:40 284,032 --a------ C:\WINDOWS\system32\xceedzip.dll
2008-10-09 20:46 . 2008-10-10 18:00 & lt; DIR & gt; d-------- C:\Program Files\aucotec
2008-10-02 22:43 . 2008-10-02 22:43 & lt; DIR & gt; d-------- C:\Program Files\RealVNC
2008-09-30 21:41 . 2008-09-30 21:41 0 --a------ C:\LOG1A0.tmp
2008-09-28 08:47 . 2008-09-28 09:58 & lt; DIR & gt; d-------- C:\Program Files\Trojan Remover
2008-09-28 08:47 . 2008-09-28 08:47 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software
2008-09-28 08:47 . 2008-09-28 08:47 & lt; DIR & gt; d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Simply Super Software
2008-09-28 08:47 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-09-28 08:47 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-09-28 08:47 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-09-28 08:47 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-09-28 08:47 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-09-27 07:02 . 2008-10-01 21:49 & lt; DIR & gt; d-------- C:\HWUpdates
2008-09-26 19:19 . 2008-09-26 19:26 & lt; DIR & gt; d-------- C:\Program Files\Oront Burning Kit 2
2008-09-26 19:19 . 2008-09-26 19:19 & lt; DIR & gt; d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Obsidium
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 15:10 --------- d-----w C:\Program Files\SpeedFan
2008-10-22 15:08 --------- d-----w C:\Program Files\Kalendarz XP
2008-10-21 21:24 244,420 ---h--w C:\Documents and Settings\Administrator\Dane aplikacji\TurboLaunch_IconCache.dat
2008-10-21 21:20 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\U3
2008-10-21 16:25 --------- d-----w C:\Program Files\Siemens
2008-10-21 15:44 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-10-21 15:38 --------- d-----w C:\Program Files\English Translator 3
2008-10-13 16:47 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\skypePM
2008-10-13 16:47 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Skype
2008-10-10 16:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-09 20:49 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\BSplayer Pro
2008-10-09 16:38 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
2008-10-02 18:51 --------- d-----w C:\Program Files\Winamp
2008-10-02 18:43 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\OpenOffice.org2
2008-09-30 14:54 --------- d-----w C:\Program Files\BearShare Pro
2008-09-28 07:34 --------- d-----w C:\Program Files\Azureus
2008-09-27 08:23 --------- d-----w C:\Program Files\Corel
2008-09-19 11:48 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Azureus
2008-09-16 17:10 --------- d-----w C:\Program Files\Java
2008-09-12 21:23 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-09-09 07:25 --------- d-----w C:\Program Files\Moeller Software
2008-09-09 07:25 --------- d-----w C:\Program Files\Common Files\Moeller
2008-09-06 09:03 --------- d-----w C:\Program Files\TransRus
2008-04-23 19:12 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawid³owe wpisy nie s¹ pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C420CF9F-D9D6-421F-958F-AA59906C2B12}]
2008-10-21 17:31 65536 --a------ C:\WINDOWS\system32\gopfa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ImageBridge reader Overlay]
@= " {65929490-CD79-4C89-BCC7-9D4224A3534B} "
[HKEY_CLASSES_ROOT\CLSID\{65929490-CD79-4C89-BCC7-9D4224A3534B}]
2002-03-18 15:39 503808 --a------ C:\Program Files\Digimarc\ImageBridgeReader\WMShell2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ImageBridge reader Unknown Overlay]
@= " {65929490-CD79-4C89-BCC7-9D4224A35150} "
[HKEY_CLASSES_ROOT\CLSID\{65929490-CD79-4C89-BCC7-9D4224A35150}]
2002-03-18 15:39 503808 --a------ C:\Program Files\Digimarc\ImageBridgeReader\WMShell2.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" C:\Program Files\NetMeter\NetMeter.exe " = " C:\Program Files\NetMeter\NetMeter.exe " [2007-08-11 331264]
" BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} " = " C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe " [2006-02-01 98304]
" Gadu-Gadu " = " C:\Program Files\Gadu-Gadu\gg.exe " [2008-03-20 2127296]
" ctfmon.exe " = " C:\WINDOWS\system32\ctfmon.exe " [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" igfxtray " = " C:\WINDOWS\system32\igfxtray.exe " [2005-09-20 94208]
" igfxhkcmd " = " C:\WINDOWS\system32\hkcmd.exe " [2005-09-20 77824]
" igfxpers " = " C:\WINDOWS\system32\igfxpers.exe " [2005-09-20 114688]
" SunJavaUpdateSched " = " C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe " [2008-06-10 144784]
" TkBellExe " = " C:\Program Files\Common Files\Real\Update_OB\realsched.exe " [2008-04-23 180269]
" ISUSPM Startup " = " C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe " [2005-08-11 249856]
" ISUSScheduler " = " C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe " [2005-08-11 81920]
" TrojanScanner " = " C:\Program Files\Trojan Remover\Trjscan.exe " [2008-09-20 922192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
" tscuninstall " = " C:\WINDOWS\system32\tscupgrd.exe " [2004-08-04 44544]
C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\
SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2007-09-17 2902528]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2008-04-21 882176]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
" ForceClassicControlPanel " = 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
" vidc.3iv2 " = 3ivxVfWCodec.dll
" VIDC.HFYU " = huffyuv.dll
" VIDC.VP31 " = vp31vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^TurboLaunch.lnk]
path=C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\TurboLaunch.lnk
backup=C:\WINDOWS\pss\TurboLaunch.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-06-29 12:13 1032192 C:\Program Files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-04-23 22:11 3053056 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]
--a------ 2002-09-01 18:27 1331200 C:\Program Files\EdHTML\EdHTML.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 12:04 2127296 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-06 18:21 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-11-24 01:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-20 20:41 33792 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinCC flexible Smart Start]
--a------ 2006-05-30 07:26 164816 C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2005 Micro\HmiSmartStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
" ose " =3 (0x3)
" Pml Driver HPZ12 " =2 (0x2)
" almservice " =2 (0x2)
" s7oiehsx " =2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
" AntiVirusDisableNotify " =dword:00000001
" UpdatesDisableNotify " =dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
" EnableFirewall " = 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" C:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2005 Micro\\HmiES.exe " =
" C:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2005 Micro\\TraceServer.exe " =
" C:\\Program Files\\uTorrent\\uTorrent.exe " =
" C:\\Program Files\\Skype\\Phone\\Skype.exe " =
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 CltAltDelFlt;CltAltDelFlt;C:\WINDOWS\system32\drivers\CltAltDelFlt.sys [1999-09-11 4068]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 MSSQL$WINCCFLEXIBLE;MSSQL$WINCCFLEXIBLE;C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe [2002-12-17 7520337]
R2 s7otranx;s7otranx;C:\WINDOWS\system32\Drivers\s7otranx.sys [2007-06-20 516168]
R2 s7snsrtx;PROFINET IO RT-Protocol;C:\WINDOWS\system32\DRIVERS\s7snsrtx.sys [2006-07-11 71168]
R2 S7TraceServiceX;S7TraceServiceX;C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [2007-03-22 163840]
R2 sbbotdi;sbbotdi;C:\PROGRA~2\SPEEDB~1\sbbotdi.sys [2008-04-23 35584]
R2 scpdrv;scpdrv;C:\PROGRAM FILES\COMMON\SIEMENS\SWS\PLUGINS\SCP\scpdrv.sys [2003-11-10 26944]
R2 SNTIE;SIMATIC Industrial Ethernet (ISO);C:\WINDOWS\system32\DRIVERS\sntie.sys [2007-04-17 180285]
R2 SQLAgent$WINCCFLEXIBLE;SQLAgent$WINCCFLEXIBLE;C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE [2002-12-17 311872]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe [2008-04-23 280184]
R3 cdiport;cdiport;C:\WINDOWS\system32\DRIVERS\cdiport.sys [2004-04-27 72320]
S0 nullcd;nullcd;C:\WINDOWS\system32\Drivers\nullcd.sys [ ]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 17280]
S3 s7oppitx;s7oppitx;C:\WINDOWS\system32\Drivers\S7oppitx.sys [2007-06-20 94792]
S3 Sbus_moni;Sbus_moni;C:\WINDOWS\sbus_moni.exe [2002-06-12 438344]
S4 almservice;Automation License Key Service;C:\program files\common\Siemens\sws\almsrv\almsrvx.exe [2004-02-03 426048]
S4 s7oiehsx;SIMATIC IEPG Help Service;C:\program files\common\Siemens\S7IEPG\s7oiehsx.exe [2007-06-20 213064]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
- - - - USUNIÊTO PUSTE WPISY - - - -
MSConfigStartUp-Corel File Shell Monitor - C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MSConfigStartUp-Corel Photo Downloader - C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
MSConfigStartUp-Somefox - C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\a.exe
.
------- Skan uzupe³niaj¹cy -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\eezbxdmf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.pl
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 17:10:03
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomylnie ukoñczone
ukryte pliki: 0
**************************************************************************
.
------------------------ Pozosta³e uruchomione procesy ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~2\Digimarc\IMAGEB~1\WMCache.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe
.
**************************************************************************
.
Czas ukoñczenia: 2008-10-22 17:15:11 - komputer zosta³ uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-10-22 15:15:05
Przed: 3,707,342,848 bajtów wolnych
Po: 3,606,908,928 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT= " Microsoft Windows Recovery Console " /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= " Microsoft Windows XP Professional " /noexecute=optin /fastdetect
243