Problem z aplikacją explorer.exe!


(Andy0001) #1

Witam!

Mam taki problem gdy chcę wejść do obojętnie jakiego folderu na dysku wyskakuje: Wystąpił problem z aplikacją explorer.exe i zostanie ona zamknięta. AppName: explorer.exe AppVer: 6.0.2900.2180 ModName: shell32.dll

ModVer: 6.0.2900.3402 Offset: 00091686

Zrzut z ComboFixa:

ComboFix 09-08-01.06 - Wanda 2009-08-02 15:17.2.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.220 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Wanda\Pulpit\ComboFix.exe

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((( Pliki utworzone od 2009-07-02 do 2009-08-02 )))))))))))))))))))))))))))))))

.

2009-08-02 10:51 . 2008-07-30 15:42 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys

2009-07-29 18:44 . 2009-07-29 18:44 -------- d-----w- c:\program files\Microsoft ActiveSync

2009-07-26 17:07 . 2009-07-26 17:07 -------- d-sh--w- C:\FOUND.000

2009-07-23 20:16 . 2009-07-23 20:16 -------- d-----w- c:\documents and settings\Wanda\Ustawienia lokalne\Dane aplikacji\Adobe

2009-07-23 19:10 . 2009-07-23 19:10 -------- d-----w- c:\windows\system32\CatRoot_bak

2009-07-23 19:07 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll

2009-07-23 19:06 . 2009-07-23 19:06 -------- d-----w- c:\windows\SHELLNEW

2009-07-23 18:58 . 2009-07-23 18:58 -------- d--h--w- c:\windows\$hf_mig$

2009-07-23 16:26 . 2009-07-23 16:26 -------- d-----w- c:\program files\Webshots

2009-07-23 16:26 . 2009-07-23 16:26 -------- d-----w- c:\documents and settings\Wanda\Dane aplikacji\Webshots

2009-07-23 16:25 . 2009-07-23 16:25 -------- d-----w- c:\documents and settings\Wanda\Dane aplikacji\SolSuite

2009-07-23 16:25 . 2009-07-23 16:25 -------- d-----w- c:\program files\SolSuite

2009-07-23 16:23 . 2009-07-23 16:23 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\nView_Profiles

2009-07-23 16:22 . 2009-07-23 16:22 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NVIDIA

2009-07-23 16:20 . 2009-08-02 11:41 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000001-00000000-00000005-00001102-00000002-80271102}.dat

2009-07-23 16:20 . 2009-08-02 11:41 24 ----a-w- c:\windows\system32\DVCState-{00000001-00000000-00000005-00001102-00000002-80271102}.dat

2009-07-23 16:17 . 2009-07-23 16:17 -------- d-----w- c:\program files\Common Files\Adobe

2009-07-23 16:13 . 2009-07-23 16:13 -------- d-----w- c:\program files\Real Alternative

2009-07-23 16:12 . 2009-07-23 16:12 -------- d-----w- c:\program files\AC3Filter

2009-07-23 16:11 . 2007-09-04 15:56 164352 ----a-w- c:\windows\system32\unrar.dll

2009-07-23 16:11 . 2004-01-25 15:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2009-07-23 16:11 . 2008-01-10 11:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll

2009-07-23 16:11 . 2008-01-10 11:15 755027 ----a-w- c:\windows\system32\xvidcore.dll

2009-07-23 16:11 . 2007-11-29 21:30 3596288 ----a-w- c:\windows\system32\qt-dx331.dll

2009-07-23 16:11 . 2007-11-29 21:28 81920 ----a-w- c:\windows\system32\dpl100.dll

2009-07-23 16:11 . 2007-12-24 11:49 7680 ----a-w- c:\windows\system32\ff_vfw.dll

2009-07-23 16:11 . 2007-12-04 00:33 682496 ----a-w- c:\windows\system32\divx.dll

2009-07-23 16:11 . 2009-07-23 16:11 -------- d-----w- c:\program files\K-Lite Codec Pack

2009-07-23 16:09 . 2009-07-23 16:09 -------- d-----w- c:\program files\MarBit

2009-07-23 15:58 . 2009-07-23 15:58 -------- d-----w- c:\program files\Norton Internet Security

2009-07-23 15:57 . 2009-08-02 10:48 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2009-07-23 15:57 . 2009-08-02 10:48 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-07-23 15:57 . 2009-07-23 15:57 -------- d-----w- c:\program files\Symantec

2009-07-23 15:57 . 2009-07-23 15:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Symantec

2009-07-23 15:57 . 2009-07-23 15:57 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-07-23 15:52 . 2009-07-23 15:52 13104 ----a-w- c:\documents and settings\Wanda\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-07-23 15:52 . 2009-07-23 15:52 -------- d-----w- c:\documents and settings\LocalService\Menu Start

2009-07-23 15:51 . 2009-07-23 15:51 -------- d-----w- c:\windows\system32\wbem\AutoRecover

2009-07-23 15:46 . 2004-08-03 22:43 97280 ------w- c:\windows\system32\dllcache\dpcdll.dll

2009-07-23 15:46 . 2004-08-03 21:08 40832 ------w- c:\windows\system32\drivers\irbus.sys

2009-07-23 15:46 . 2004-08-03 20:59 9728 ------w- c:\windows\system32\comsdupd.exe

2009-07-23 15:42 . 2009-07-23 15:42 -------- d-----w- c:\windows\ServicePackFiles

2009-07-23 15:38 . 2005-02-25 03:36 22752 ----a-w- c:\windows\system32\spupdsvc.exe

2009-07-23 15:36 . 2009-07-23 15:36 -------- d-----w- c:\windows\EHome

2009-07-23 15:33 . 2009-07-23 15:33 -------- d-----w- c:\windows\nview

2009-07-23 15:33 . 2006-08-11 19:42 208896 ----a-w- c:\windows\system32\nvudisp.exe

2009-07-23 15:33 . 2006-08-16 15:55 208896 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-07-23 15:33 . 2009-07-23 15:33 -------- d-----w- C:\NVIDIA

2009-07-23 15:31 . 2009-07-23 15:31 -------- d-----w- c:\program files\Creative

2009-07-23 15:31 . 1999-12-16 23:00 6752 ------w- c:\windows\system32\PFMODNT.SYS

2009-07-23 15:31 . 2004-08-03 20:59 25088 ----a-w- c:\windows\system32\drivers\pciidex.sys

2009-07-23 15:31 . 2004-08-03 20:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys

2009-07-23 15:31 . 2001-10-26 14:56 3456 ----a-w- c:\windows\system32\drivers\pciide.sys

2009-07-23 15:31 . 2001-10-26 14:56 3456 ----a-w- c:\windows\system32\dllcache\pciide.sys

2009-07-23 15:31 . 2002-11-27 17:52 80896 ----a-r- c:\windows\system32\drivers\NVENET.sys

2009-07-23 15:31 . 2002-11-27 17:52 122 ----a-r- c:\windows\system32\drivers\ramsed.bin

2009-07-23 15:31 . 2002-11-27 17:52 1024 ----a-r- c:\windows\system32\drivers\jedih2rx.bin

2009-07-23 15:30 . 2006-08-16 15:55 208896 ----a-w- c:\windows\system32\nvugart.exe

2009-07-23 15:30 . 2003-03-19 13:51 18688 ----a-r- c:\windows\system32\drivers\nv_agp.SYS

2009-07-06 18:17 . 2003-01-17 13:03 126976 ------w- c:\windows\system32\NVNFINST.DLL

2009-07-06 18:16 . 2009-07-06 18:16 -------- d-----w- c:\program files\Common Files\InstallShield

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-02 10:48 . 2009-07-23 16:13 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2009-08-02 10:48 . 2009-07-23 16:13 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2009-07-23 16:23 . 2001-10-26 14:15 49492 ----a-w- c:\windows\system32\perfc015.dat

2009-07-23 16:23 . 2001-10-26 14:15 355486 ----a-w- c:\windows\system32\perfh015.dat

2009-07-23 16:10 . 2009-07-23 16:10 -------- d-----w- c:\program files\Winamp

2009-07-23 16:10 . 2009-07-23 16:10 -------- d-----w- c:\documents and settings\Wanda\Dane aplikacji\Winamp

2009-07-23 15:48 . 2009-07-01 10:52 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat

2009-07-23 15:32 . 2009-07-23 15:32 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-01 10:53 . 2009-07-01 10:53 -------- d-----w- c:\program files\microsoft frontpage

2009-07-01 10:52 . 2009-07-01 10:52 2678 ----a-w- c:\windows\java\Packages\Data\JH79NXZV.DAT

2009-07-01 10:52 . 2009-07-01 10:52 558142 ----a-w- c:\windows\java\Packages\CID75RHR.ZIP

2009-07-01 10:52 . 2009-07-01 10:52 2678 ----a-w- c:\windows\java\Packages\Data\S08Y3VXN.DAT

2009-07-01 10:52 . 2009-07-01 10:52 2678 ----a-w- c:\windows\java\Packages\Data\NNJXZJPB.DAT

2009-07-01 10:52 . 2009-07-01 10:52 2678 ----a-w- c:\windows\java\Packages\Data\KGRBJ3HB.DAT

2009-07-01 10:52 . 2009-07-01 10:52 2678 ----a-w- c:\windows\java\Packages\Data\5FDVZ77H.DAT

2009-07-01 10:52 . 2009-07-01 10:52 155995 ----a-w- c:\windows\java\Packages\0EPJPZNJ.ZIP

2009-07-01 10:50 . 2009-07-01 10:50 21856 ----a-w- c:\windows\system32\emptyregdb.dat

2009-07-01 10:50 . 2009-07-01 10:50 -------- d-----w- c:\program files\Usługi online

2009-06-26 16:19 . 2002-09-20 14:05 662016 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 16:19 . 2009-07-23 15:45 81920 ------w- c:\windows\system32\ieencode.dll

2009-06-16 14:55 . 2001-10-26 15:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:55 . 2001-10-26 15:29 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-03 19:27 . 2002-09-20 14:04 1294336 ----a-w- c:\windows\system32\quartz.dll

2009-05-07 15:44 . 2002-09-20 14:04 346112 ----a-w- c:\windows\system32\localspl.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]

"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-08-11 7630848]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-09-02 84640]

"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-09-05 26248]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"WINDVDPatch"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2002-07-02 24576]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]

"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-08-11 86016]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2009-07-23 198336]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-07-26 101936]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - COMHOST

.

Zawartość folderu 'Zaplanowane zadania'

2009-07-23 c:\windows\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Wanda.job

  • c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-09-06 21:38]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.wp.pl/

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-02 15:20

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2009-08-02 15:20

ComboFix-quarantined-files.txt 2009-08-02 13:20

ComboFix2.txt 2009-08-02 13:14

Przed: 9 042 337 792 bajtów wolnych

Po: 9 031 409 664 bajtów wolnych

166 --- E O F --- 2009-07-29 16:09

POMOCY :!:


(Olixxx94) #2

Uruchom komputer z płyty instalacyjnej systemu, wejdź do konsoli odzyskiwania (kl. R), wpisz

expand X:/i386/explorer.ex_ C:/Windows/explorer.exe, gdzie X to litera napędu CD/DVD, a C - partycji systemowej.