Problem z otwieraniem dysków w folderze mój komputer

robertp · 16 Maj 2008 19:33

Proszę o wsparcie.

Mam problem taki, że w folderze Mój komputer po kliknięciu na dysk lub pendrive wyskakuje mi okienko z programami do otwierania plików. Przeskanowałem komputer avastem, avirem, kasperskim, pctolls… i niby nie ma żadnych wirusów.

Nie wiem jak sobie z tym poradzić.

Prosze o pomoc:)

Norbit_24 · 16 Maj 2008 19:40

To co napisałem działa na 100%, maiłem taki sam problem. To jest przez wirusa, który robi pliki autorun.

Longhorn2009 · 16 Maj 2008 19:40

Wyszukaj pliki autorun i skasuj je.

Leon1 · 16 Maj 2008 19:41

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 przeskanuj daj log

potem

Pobierz HijackThis http://forum.dobreprogramy.pl/viewtopic.php?f=16&t=36654 przeskanuj system daj log

kolejność skanu jak podałem

Agaton · 16 Maj 2008 19:55

robertp , Zapoznaj się z tematem Ważny komunikat dotyczący tytułowania tematów - popraw tytuł na konkretny, mówiący o problemie. W celu dokonania zaleconej korekty - proszę użyć przycisku [ przy poście otwierającym ten temat.

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.

Wklejając logI w tym dziale, przeczytaj i zastosuj się do Tematu

](http://www.fotosik.pl)

robertp · 16 Maj 2008 21:10

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:08:49, on 2008-05-16

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\gtwatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\PC Tools AntiVirus\PCTAV.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe

C:\PROGRA~1\NEOSTR~1\ComComp.exe

C:\PROGRA~1\NEOSTR~1\Watch.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”

O4 - HKLM…\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide

O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min

O4 - HKLM…\Run: [PCTAVApp] “C:\Program Files\PC Tools AntiVirus\PCTAV.exe” /MONITORSCAN

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [updateMgr] “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_9 -reboot 1

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan … stubie.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 2502687794

O17 - HKLM\System\CCS\Services\Tcpip…{924FFC5E-6A81-4809-AD9D-B37A0C5BC779}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ArcaVir Antivirus Monitor Service (ArcaVirMonitor) - Unknown owner - C:\Program Files\ArcaBit\ArcaVir\AvMon.exe (file missing)

Oto skan z hijacka

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

–

End of file - 9296 bytes

Leon1 · 16 Maj 2008 21:18

w logu nic nie widać

pokaż log Combofix

robertp · 16 Maj 2008 21:35

ComboFix 08-05-15.3 - User 2008-05-16 23:23:14.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.574 [GMT 2:00]

Running from: C:\Documents and Settings\User\Moje dokumenty\bogusawa.polednik@neostrada.pl\Combo-Fix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))

.

2008-05-16 23:08 . 2008-05-16 23:08

2008-05-16 21:32 . 2008-05-16 21:32

2008-05-16 15:52 . 2008-05-16 15:52

2008-05-16 15:49 . 2008-05-16 22:43

2008-05-16 15:49 . 2008-05-16 15:52

2008-05-16 15:49 . 2007-12-06 15:51 28,568 --a------ C:\WINDOWS\system32\drivers\AVHook.sys

2008-05-16 15:49 . 2007-12-06 15:51 21,912 --a------ C:\WINDOWS\system32\drivers\AVRec.sys

2008-05-16 15:49 . 2008-02-12 10:44 21,904 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys

2008-05-14 20:17 . 2008-05-14 20:17

2008-05-14 12:42 . 2008-05-14 12:42

2008-05-14 00:07 . 2008-05-14 00:07

2008-05-14 00:00 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2008-05-14 00:00 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2008-05-14 00:00 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2008-05-14 00:00 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-05-14 00:00 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll

2008-05-13 23:36 . 2008-05-16 22:44

2008-05-13 23:35 . 2008-05-13 23:35

2008-05-13 13:06 . 2008-05-13 15:19

2008-05-12 16:39 . 2008-05-12 16:39

2008-05-12 16:39 . 2008-05-12 16:39 868,352 --a------ C:\temp\abmaster.dll

2008-05-12 16:39 . 2008-05-12 16:39 102,400 --a------ C:\temp\avfix.exe

2008-05-12 15:43 . 2008-05-12 15:44

2008-05-12 15:43 . 2008-05-12 16:37

2008-05-12 13:43 . 2008-05-12 13:43

2008-05-11 23:23 . 2008-05-11 23:25

2008-05-11 10:44 . 2008-05-11 10:44

2008-05-11 10:09 . 2008-04-14 19:20 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll

2008-05-11 10:09 . 2008-04-14 19:20 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll

2008-05-11 10:09 . 2008-04-14 19:20 276,992 --------- C:\WINDOWS\system32\wmphoto.dll

2008-05-11 10:09 . 2008-04-14 19:20 69,120 --------- C:\WINDOWS\system32\wlanapi.dll

2008-05-11 10:09 . 2008-04-14 19:20 53,248 --------- C:\WINDOWS\system32\tsgqec.dll

2008-05-11 10:09 . 2008-04-14 19:20 50,688 --------- C:\WINDOWS\system32\tspkg.dll

2008-05-11 10:09 . 2008-04-14 19:21 32,768 --------- C:\WINDOWS\system32\setupn.exe

2008-05-11 10:09 . 2008-04-13 20:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys

2008-05-11 10:07 . 2008-04-14 19:20 651,264 --------- C:\WINDOWS\system32\dot3ui.dll

2008-04-23 10:11 . 2008-04-23 10:12 98,927 --a------ C:\WINDOWS\hpqins16.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-16 21:04 --------- d-----w C:\Program Files\Neostrada TP

2008-05-15 21:12 28,672 ----a-w C:\WINDOWS\Gtwatch.exe

2008-05-12 17:56 --------- d-----w C:\Program Files\SkanerOnline

2008-05-12 14:44 --------- d-----w C:\Program Files\ArcaBit

2008-05-12 14:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-10 23:01 --------- d-----w C:\Program Files\Zestawy maturalne

2008-05-10 20:08 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\AdobeUM

2008-04-27 17:44 --------- d-----w C:\Program Files\English Translator 3

2008-04-14 20:51 11,264 ------w C:\WINDOWS\system32\spnpinst.exe

2008-04-14 20:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-14 20:50 424,960 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-14 17:46 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 17:26 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 17:22 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 17:22 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 17:22 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2008-04-14 17:22 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll

2008-04-14 17:22 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2008-04-14 17:22 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys

2008-04-14 17:22 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 17:22 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys

2008-04-14 17:20 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-04-14 17:19 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 17:18 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 17:18 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 17:17 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 17:13 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 17:12 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 17:06 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 17:05 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 17:01 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 16:34 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 16:33 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 16:33 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 16:33 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 16:32 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 16:30 2,190,336 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 16:29 2,067,200 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 16:25 4,096 ------w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 16:22 89,600 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 16:22 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 16:22 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 16:20 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 16:20 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 16:18 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 16:17 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 16:16 40,448 ------w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 16:15 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 16:13 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 16:11 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 16:11 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 16:09 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 16:07 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 16:05 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 16:05 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 16:05 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 16:05 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 16:03 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 16:01 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 16:00 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 15:59 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-14 15:58 41,856 ------w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 15:58 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 15:55 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 15:54 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 15:54 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 19:21 15360]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2006-10-10 17:51 1636040]

“updateMgr”=“C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2006-03-30 17:45 313472]

“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2004-03-03 10:29 2904064]

“nwiz”=“nwiz.exe” [2004-03-03 10:29 782336 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2004-03-03 10:29 46080]

“HPHUPD08”=“C:\Program Files\HP\Digital Imaging{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe” [2005-06-01 19:35 49152]

“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2005-05-11 23:12 49152]

“WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 18:07 24576]

“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 18:07 20480]

“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 18:07 53248]

“Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” [2005-06-07 00:46 57344]

“Gtwatch”=“C:\WINDOWS\gtwatch.exe” [2008-05-15 23:12 28672]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50 155648]

“OrderReminder”=“C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe” [2006-01-30 18:00 98304]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-02-10 23:44 282624]

“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2006-11-03 20:20 866584]

“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-02-12 10:06 262401]

“PCTAVApp”=“C:\Program Files\PC Tools AntiVirus\PCTAV.exe” [2008-03-05 09:37 1238928]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2008-04-14 19:21 15360]

“DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” [2007-03-13 17:38 39264]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-10-27 17:13:59 962661]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

HP Image Zone - szybkie uruchamianie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

Ulead Photo Express Calendar Checker For My Custom Edition.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe [2006-12-28 21:46:56 57344]

[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]

“StartMenuLogOff”= 1 (0x1)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\Internet Explorer\iexplore.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\WINDOWS\system32\mmc.exe”=

S2 ArcaVirMonitor;ArcaVir Antivirus Monitor Service;C:\Program Files\ArcaBit\ArcaVir\AvMon.exe []

S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys []

S3 arcaen;ArcaVir Monitor Kernel Engine Driver;C:\Program Files\ArcaBit\ArcaVir\arcaen.sys []

S3 arcaev;ArcaVir Monitor Kernel Events Driver;C:\Program Files\ArcaBit\ArcaVir\arcaev.sys []

S3 arcafd;ArcaVir Monitor Kernel Filter Driver;C:\Program Files\ArcaBit\ArcaVir\arcafd.sys []

*Newly Created Service* - CATCHME

.

Contents of the ‘Scheduled Tasks’ folder

“2008-05-16 14:00:02 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job”

C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe

“2008-05-16 20:47:33 C:\WINDOWS\Tasks\MP Scheduled Scan.job”

C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-16 23:31:31

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]

“ImagePath”="??\C:\DOCUME~1\User\USTAWI~1\Temp\ASFWHide"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe

C:\Program Files\Gadu-Gadu\ggwhook.dll

.

Completion time: 2008-05-16 23:33:46

ComboFix-quarantined-files.txt 2008-05-16 21:33:06

Pre-Run: 6,391,300,096 bajtów wolnych

Post-Run: 7,802,998,784 bajtów wolnych

235 — E O F — 2008-05-16 08:09:10

huber2t · 17 Maj 2008 03:09

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\temp\abmaster.dll

C:\temp\avfix.exe

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

robertp · 17 Maj 2008 06:57

ComboFix 08-05-15.3 - User 2008-05-17 8:30:54.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.571 [GMT 2:00]