Witam.

Mam problem z otwarciem dysków w moim komputerze. Gdy staram się otworzyć którąś partycje pokazuję mi się jakbym uruchamiał “Otwórz za pomocą…”. Co jakiś czas na dysku pojawiają mi się pliki autorun.inf. Gdy je skasuję przez parę dni jest spokojnie.

P.S. Pokazałbym jeszcze loga z combofix ale nie mogę go uruchomić na serwerze. Jeszcze mi strasznie wolno chodzi komputer.

Proszę o sprawdzenie loga.

Pozdrawiam

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:33:49, on 2009-02-20

Platform: Windows 2003 Dodatek SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\Dfssvc.exe

C:\WINDOWS\System32\dns.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\grovel.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\MKS\Bin\mksmonsr.exe

C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe

C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe

C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe

C:\WINDOWS\system32\ntfrs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\tftpd.exe

C:\WINDOWS\System32\wins.exe

C:\Program Files\Exchsrvr\bin\exmgmt.exe

C:\Program Files\Exchsrvr\bin\mad.exe

C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Microsoft ISA Server\mspadmin.exe

C:\PROGRA~1\Microsoft ISA Server\wspsrv.exe

C:\PROGRA~1\Microsoft ISA Server\w3proxy.exe

C:\PROGRA~1\Microsoft ISA Server\W3Prefch.exe

C:\Program Files\Exchsrvr\bin\store.exe

C:\WINDOWS\System32\svchost.exe

c:\windows\system32\inetsrv\w3wp.exe

C:\Program Files\MKS\Bin\mks_scan.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\MKS\Bin\mks_menu.exe

C:\Program Files\MKS\Bin\ABregmon.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\EDIMAX\Common\RaUI.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://o2.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = SBS2005:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - O:\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun

O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: Zarządzanie serwerem.lnk = ?

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Global Startup: Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://O:\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - O:\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O14 - IERESET.INF: START_PAGE_URL=http://companyweb

O15 - ESC Trusted Zone: http://sbs.oeiizk.edu.pl

O15 - ESC Trusted Zone: http://runonce.msn.com

O15 - ESC Trusted Zone: http://*.windowsupdate.com

O15 - ESC Trusted Zone: http://*.www.wp.pl

O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)

O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/25.25/uploader2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129105966359

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129105403875

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://sbs2005/tsweb/msrdp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sbsmenis.edu.pl

O17 - HKLM\Software\..\Telephony: DomainName = sbsmenis.edu.pl

O17 - HKLM\System\CCS\Services\Tcpip\..\{3BFF7720-1645-49B5-B818-159C4F2BD2C7}: NameServer = 192.168.19.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{FD08AF19-55FF-4DF7-9298-F43995809EBD}: NameServer = 10.0.0.50

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sbsmenis.edu.pl

O17 - HKLM\System\CS1\Services\Tcpip\..\{3BFF7720-1645-49B5-B818-159C4F2BD2C7}: NameServer = 192.168.19.1

O23 - Service: CreateProcess Service (CreateProcess) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe (file missing)

O23 - Service: Microsoft H.323 Gatekeeper (GKSVC) - Unknown owner - svchost.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe

O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsr.exe

O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe


--

End of file - 9311 bytes

Fix:

O23 - Service: CreateProcess Service (CreateProcess) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)

Podaj log z Combofix

Logi dajesz na http://wklej.eu lub na http://wklej.org a w poście dajesz tylko link

Gratulacje:

@Topic

A próbowałeś może sprawdzania dysków narzędziem CheckDisc?

A czy to jest takie trudne pobrać potrzebny program u znajomego i przynieść do siebie np. na płycie?

Pisze, że nie może uruchomić go na serwerze -.-