Witam serdecznie. Miałem problem z otwarciem dysków twardych,cały czas wyskakiwało mi "otwórz za pomocą..." . Ściagnełem sobie ComboFix ,przeskanowałe i teraz jest wszystko ok.Nie znam sie na tym ,ale można odczytać log czy wszystko jest w porządku. Jak by ktoś był taki uprzejmy i mi pomógł . Byłbym bardzo wdzięczny. Pozdrawiam. Oto mój log; ComboFix 09-01-07.02 - Dymitr 2009-01-08 5:05:25.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1022.582 [GMT 1:00] Uruchomiony z: c:\documents and settings\Dymitr\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf D:\Autorun.inf E:\Autorun.inf . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-08 do 2009-01-08 ))))))))))))))))))))))))))))))) . 2009-01-08 03:00 . 2009-01-08 03:01 d-------- c:\program files\Winamp 2009-01-08 03:00 . 2009-01-08 03:06 d-------- c:\documents and settings\Dymitr\Dane aplikacji\Winamp 2009-01-08 03:00 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll 2009-01-08 03:00 . 2007-03-08 00:51 43,528 --------- c:\windows\system32\drivers\PxHelp20.sys 2009-01-08 03:00 . 2007-03-08 00:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys 2009-01-08 03:00 . 2007-03-08 00:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-08 04:05 --------- d-----w c:\program files\OrangeBs 2009-01-08 01:57 --------- d-----w c:\program files\Common Files\Real 2009-01-08 01:36 --------- d-----w c:\documents and settings\Dymitr\Dane aplikacji\gtk-2.0 2009-01-08 01:26 --------- d-----w c:\documents and settings\Dymitr\Dane aplikacji\OpenOffice.org2 2008-12-30 21:53 --------- d-----w c:\program files\AIMP2 2008-12-05 00:09 410,976 ----a-w c:\windows\system32\deploytk.dll 2008-12-05 00:09 --------- d-----w c:\program files\Java 2008-11-23 13:18 --------- d-----w c:\program files\eMule 2008-11-20 11:58 --------- d-----w c:\documents and settings\Dymitr\Dane aplikacji\Skype 2008-11-20 11:53 --------- d-----w c:\documents and settings\Dymitr\Dane aplikacji\skypePM 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 10:39 662,016 ----a-w c:\windows\system32\wininet.dll 2008-05-13 21:46 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] 2008-03-04 12:44 1470488 --a------ c:\program files\MyPlayCity\tbMyPl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-23 68856] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OBSWATCH"="c:\progra~1\OrangeBs\Watch.exe" [2005-09-07 20480] "BisonTrayIcon"="c:\windows\BisonCam\BisonTrayIcon.exe" [2005-09-05 45056] "BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2006-08-04 73728] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-18 7585792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-11-06 3096576] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360] c:\documents and settings\Dymitr\Menu Start\Programy\AutostartOpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216] c:\documents and settings\All Users\Menu Start\Programy\AutostartHotKeyDriver.lnk - c:\program files\HotKey_Driver\HotKeyDriver.exe [2008-04-03 3461120] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-08 111184] R3 GTFFBUS;GT FF BUS;c:\windows\system32\drivers\gtffbus.sys [2008-04-03 16128] R3 GTMMDMUSB;GT M 3G+ USB MDM;c:\windows\system32\drivers\gtmmdmusb.sys [2008-04-03 25344] R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [2008-04-03 112000] R3 GTMSERUSB;GT M 3G+ USB SER;c:\windows\system32\drivers\gtmserusb.sys [2008-04-03 21760] R3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2008-04-03 8064] R3 GTSCSER;GT SC SER;c:\windows\system32\drivers\gtscser.sys [2008-04-03 19328] R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-04-03 180480] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-08 20560] S3 GtVUsb;GlobeTrotter 3G+ Viper Filter Service;c:\windows\system32\drivers\GtVUsb.sys [2008-04-03 5120] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e1d9b80-d6bc-11dd-a5ee-bad0beefface}] \Shell\AutoRun\command - 2w.cmd \Shell\explore\Command - 2w.cmd \Shell\open\Command - 2w.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{115ae0f8-01c0-11dd-a417-bad0beefface}] \Shell\AutoRun\command - 2w.cmd \Shell\explore\Command - 2w.cmd \Shell\open\Command - 2w.cmd [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . - - - - USUNIĘTO PUSTE WPISY - - - - URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - e:\programy\DAP\SBSearch.dll . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1392740 uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-08 05:08:05 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Secuě*NULL**NULL*] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02, 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00, 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00, 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00, 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00, 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01, 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 . Czas ukończenia: 2009-01-08 5:08:55 ComboFix-quarantined-files.txt 2009-01-08 04:08:52 Przed: 17 576 435 712 bajtów wolnych Po: 18,291,814,400 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 167 --- E O F --- 2008-12-17 21:11:57