Witam!
Mam taki problem gdy chcę wejść do obojętnie jakiego folderu na dysku wyskakuje: Wystąpił problem z aplikacją explorer.exe i zostanie ona zamknięta. AppName: explorer.exe AppVer: 6.0.2900.2180 ModName: shell32.dll
ModVer: 6.0.2900.3402 Offset: 00091686
Zrzut z ComboFixa:
ComboFix 09-08-01.06 - Wanda 2009-08-02 15:17.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.220 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Wanda\Pulpit\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((( Pliki utworzone od 2009-07-02 do 2009-08-02 )))))))))))))))))))))))))))))))
.
2009-08-02 10:51 . 2008-07-30 15:42 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys
2009-07-29 18:44 . 2009-07-29 18:44 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-07-26 17:07 . 2009-07-26 17:07 -------- d-sh–w- C:\FOUND.000
2009-07-23 20:16 . 2009-07-23 20:16 -------- d-----w- c:\documents and settings\Wanda\Ustawienia lokalne\Dane aplikacji\Adobe
2009-07-23 19:10 . 2009-07-23 19:10 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-07-23 19:07 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-07-23 19:06 . 2009-07-23 19:06 -------- d-----w- c:\windows\SHELLNEW
2009-07-23 18:58 . 2009-07-23 18:58 -------- d–h--w- c:\windows$hf_mig$
2009-07-23 16:26 . 2009-07-23 16:26 -------- d-----w- c:\program files\Webshots
2009-07-23 16:26 . 2009-07-23 16:26 -------- d-----w- c:\documents and settings\Wanda\Dane aplikacji\Webshots
2009-07-23 16:25 . 2009-07-23 16:25 -------- d-----w- c:\documents and settings\Wanda\Dane aplikacji\SolSuite
2009-07-23 16:25 . 2009-07-23 16:25 -------- d-----w- c:\program files\SolSuite
2009-07-23 16:23 . 2009-07-23 16:23 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2009-07-23 16:22 . 2009-07-23 16:22 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NVIDIA
2009-07-23 16:20 . 2009-08-02 11:41 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000001-00000000-00000005-00001102-00000002-80271102}.dat
2009-07-23 16:20 . 2009-08-02 11:41 24 ----a-w- c:\windows\system32\DVCState-{00000001-00000000-00000005-00001102-00000002-80271102}.dat
2009-07-23 16:17 . 2009-07-23 16:17 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-23 16:13 . 2009-07-23 16:13 -------- d-----w- c:\program files\Real Alternative
2009-07-23 16:12 . 2009-07-23 16:12 -------- d-----w- c:\program files\AC3Filter
2009-07-23 16:11 . 2007-09-04 15:56 164352 ----a-w- c:\windows\system32\unrar.dll
2009-07-23 16:11 . 2004-01-25 15:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-07-23 16:11 . 2008-01-10 11:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-23 16:11 . 2008-01-10 11:15 755027 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-23 16:11 . 2007-11-29 21:30 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-07-23 16:11 . 2007-11-29 21:28 81920 ----a-w- c:\windows\system32\dpl100.dll
2009-07-23 16:11 . 2007-12-24 11:49 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-23 16:11 . 2007-12-04 00:33 682496 ----a-w- c:\windows\system32\divx.dll
2009-07-23 16:11 . 2009-07-23 16:11 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-23 16:09 . 2009-07-23 16:09 -------- d-----w- c:\program files\MarBit
2009-07-23 15:58 . 2009-07-23 15:58 -------- d-----w- c:\program files\Norton Internet Security
2009-07-23 15:57 . 2009-08-02 10:48 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-23 15:57 . 2009-08-02 10:48 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-23 15:57 . 2009-07-23 15:57 -------- d-----w- c:\program files\Symantec
2009-07-23 15:57 . 2009-07-23 15:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Symantec
2009-07-23 15:57 . 2009-07-23 15:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-23 15:52 . 2009-07-23 15:52 13104 ----a-w- c:\documents and settings\Wanda\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-07-23 15:52 . 2009-07-23 15:52 -------- d-----w- c:\documents and settings\LocalService\Menu Start
2009-07-23 15:51 . 2009-07-23 15:51 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-07-23 15:46 . 2004-08-03 22:43 97280 ------w- c:\windows\system32\dllcache\dpcdll.dll
2009-07-23 15:46 . 2004-08-03 21:08 40832 ------w- c:\windows\system32\drivers\irbus.sys
2009-07-23 15:46 . 2004-08-03 20:59 9728 ------w- c:\windows\system32\comsdupd.exe
2009-07-23 15:42 . 2009-07-23 15:42 -------- d-----w- c:\windows\ServicePackFiles
2009-07-23 15:38 . 2005-02-25 03:36 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-23 15:36 . 2009-07-23 15:36 -------- d-----w- c:\windows\EHome
2009-07-23 15:33 . 2009-07-23 15:33 -------- d-----w- c:\windows\nview
2009-07-23 15:33 . 2006-08-11 19:42 208896 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-23 15:33 . 2006-08-16 15:55 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-23 15:33 . 2009-07-23 15:33 -------- d-----w- C:\NVIDIA
2009-07-23 15:31 . 2009-07-23 15:31 -------- d-----w- c:\program files\Creative
2009-07-23 15:31 . 1999-12-16 23:00 6752 ------w- c:\windows\system32\PFMODNT.SYS
2009-07-23 15:31 . 2004-08-03 20:59 25088 ----a-w- c:\windows\system32\drivers\pciidex.sys
2009-07-23 15:31 . 2004-08-03 20:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-07-23 15:31 . 2001-10-26 14:56 3456 ----a-w- c:\windows\system32\drivers\pciide.sys
2009-07-23 15:31 . 2001-10-26 14:56 3456 ----a-w- c:\windows\system32\dllcache\pciide.sys
2009-07-23 15:31 . 2002-11-27 17:52 80896 ----a-r- c:\windows\system32\drivers\NVENET.sys
2009-07-23 15:31 . 2002-11-27 17:52 122 ----a-r- c:\windows\system32\drivers\ramsed.bin
2009-07-23 15:31 . 2002-11-27 17:52 1024 ----a-r- c:\windows\system32\drivers\jedih2rx.bin
2009-07-23 15:30 . 2006-08-16 15:55 208896 ----a-w- c:\windows\system32\nvugart.exe
2009-07-23 15:30 . 2003-03-19 13:51 18688 ----a-r- c:\windows\system32\drivers\nv_agp.SYS
2009-07-06 18:17 . 2003-01-17 13:03 126976 ------w- c:\windows\system32\NVNFINST.DLL
2009-07-06 18:16 . 2009-07-06 18:16 -------- d-----w- c:\program files\Common Files\InstallShield
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 10:48 . 2009-07-23 16:13 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-02 10:48 . 2009-07-23 16:13 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-23 16:23 . 2001-10-26 14:15 49492 ----a-w- c:\windows\system32\perfc015.dat
2009-07-23 16:23 . 2001-10-26 14:15 355486 ----a-w- c:\windows\system32\perfh015.dat
2009-07-23 16:10 . 2009-07-23 16:10 -------- d-----w- c:\program files\Winamp
2009-07-23 16:10 . 2009-07-23 16:10 -------- d-----w- c:\documents and settings\Wanda\Dane aplikacji\Winamp
2009-07-23 15:48 . 2009-07-01 10:52 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-07-23 15:32 . 2009-07-23 15:32 -------- d–h--w- c:\program files\InstallShield Installation Information
2009-07-01 10:53 . 2009-07-01 10:53 -------- d-----w- c:\program files\microsoft frontpage
2009-07-01 10:52 . 2009-07-01 10:52 2678 ----a-w- c:\windows\java\Packages\Data\JH79NXZV.DAT
2009-07-01 10:52 . 2009-07-01 10:52 558142 ----a-w- c:\windows\java\Packages\CID75RHR.ZIP
2009-07-01 10:52 . 2009-07-01 10:52 2678 ----a-w- c:\windows\java\Packages\Data\S08Y3VXN.DAT
2009-07-01 10:52 . 2009-07-01 10:52 2678 ----a-w- c:\windows\java\Packages\Data\NNJXZJPB.DAT
2009-07-01 10:52 . 2009-07-01 10:52 2678 ----a-w- c:\windows\java\Packages\Data\KGRBJ3HB.DAT
2009-07-01 10:52 . 2009-07-01 10:52 2678 ----a-w- c:\windows\java\Packages\Data\5FDVZ77H.DAT
2009-07-01 10:52 . 2009-07-01 10:52 155995 ----a-w- c:\windows\java\Packages\0EPJPZNJ.ZIP
2009-07-01 10:50 . 2009-07-01 10:50 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-01 10:50 . 2009-07-01 10:50 -------- d-----w- c:\program files\Usługi online
2009-06-26 16:19 . 2002-09-20 14:05 662016 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:19 . 2009-07-23 15:45 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-16 14:55 . 2001-10-26 15:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2001-10-26 15:29 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:27 . 2002-09-20 14:04 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:44 . 2002-09-20 14:04 346112 ----a-w- c:\windows\system32\localspl.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“H/PC Connection Agent”=“c:\program files\Microsoft ActiveSync\Wcescomm.exe” [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“UpdReg”=“c:\windows\UpdReg.EXE” [2000-05-10 90112]
“Jet Detection”=“c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe” [2001-11-28 28672]
“NvCplDaemon”=“c:\windows\System32\NvCpl.dll” [2006-08-11 7630848]
“ccApp”=“c:\program files\Common Files\Symantec Shared\ccApp.exe” [2006-09-02 84640]
“osCheck”=“c:\program files\Norton Internet Security\osCheck.exe” [2006-09-05 26248]
“Symantec PIF AlertEng”=“c:\program files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2008-01-29 583048]
“WINDVDPatch”=“CTHELPER.EXE” - c:\windows\system32\CTHELPER.EXE [2002-07-02 24576]
“nwiz”=“nwiz.exe” - c:\windows\system32\nwiz.exe [2006-08-11 1519616]
“NvMediaCenter”=“NvMCTray.dll” - c:\windows\system32\nvmctray.dll [2006-08-11 86016]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2004-08-03 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\program files\Microsoft ActiveSync\rapimgr.exe”= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
“c:\program files\Microsoft ActiveSync\wcescomm.exe”= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
“c:\program files\Microsoft ActiveSync\WCESMgr.exe”= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“26675:TCP”= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2009-07-23 198336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-07-26 101936]
— Inne Usługi/Sterowniki w Pamięci —
*NewlyCreated* - COMHOST
.
Zawartość folderu ‘Zaplanowane zadania’
2009-07-23 c:\windows\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Wanda.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-09-06 21:38]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.wp.pl/
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 15:20
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-08-02 15:20
ComboFix-quarantined-files.txt 2009-08-02 13:20
ComboFix2.txt 2009-08-02 13:14
Przed: 9 042 337 792 bajtów wolnych
Po: 9 031 409 664 bajtów wolnych
166 — E O F — 2009-07-29 16:09
POMOCY :!: