Witam.
Mam problem z otwarciem dysków w moim komputerze. Gdy staram się otworzyć którąś partycje pokazuję mi się jakbym uruchamiał “Otwórz za pomocą…”. Co jakiś czas na dysku pojawiają mi się pliki autorun.inf. Gdy je skasuję przez parę dni jest spokojnie.
P.S. Pokazałbym jeszcze loga z combofix ale nie mogę go uruchomić na serwerze. Jeszcze mi strasznie wolno chodzi komputer.
Proszę o sprawdzenie loga.
Pozdrawiam
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:49, on 2009-02-20
Platform: Windows 2003 Dodatek SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\grovel.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\MKS\Bin\mksmonsr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe
C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe
C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
C:\WINDOWS\system32\ntfrs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tftpd.exe
C:\WINDOWS\System32\wins.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Microsoft ISA Server\mspadmin.exe
C:\PROGRA~1\Microsoft ISA Server\wspsrv.exe
C:\PROGRA~1\Microsoft ISA Server\w3proxy.exe
C:\PROGRA~1\Microsoft ISA Server\W3Prefch.exe
C:\Program Files\Exchsrvr\bin\store.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\EDIMAX\Common\RaUI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://o2.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = SBS2005:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - O:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Zarządzanie serwerem.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://O:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - O:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O15 - ESC Trusted Zone: http://sbs.oeiizk.edu.pl
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://*.www.wp.pl
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/25.25/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129105966359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129105403875
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://sbs2005/tsweb/msrdp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sbsmenis.edu.pl
O17 - HKLM\Software\..\Telephony: DomainName = sbsmenis.edu.pl
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BFF7720-1645-49B5-B818-159C4F2BD2C7}: NameServer = 192.168.19.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD08AF19-55FF-4DF7-9298-F43995809EBD}: NameServer = 10.0.0.50
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sbsmenis.edu.pl
O17 - HKLM\System\CS1\Services\Tcpip\..\{3BFF7720-1645-49B5-B818-159C4F2BD2C7}: NameServer = 192.168.19.1
O23 - Service: CreateProcess Service (CreateProcess) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe (file missing)
O23 - Service: Microsoft H.323 Gatekeeper (GKSVC) - Unknown owner - svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsr.exe
O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe
--
End of file - 9311 bytes