Przy wjeściu na c: wyskakuje wyniki wyszukiwania co robic?

**Posty:** 18 · przez **kamionek202** 09 Wrz 2008, 20:48

Witam
Kiedy chce wejsc na dysk c wyskakuje mi okno wyszukiwarki jedyna mozliwosc jest tylko gdy nacisne prawym klawiszem i dam opcje otworz wtedy mozna wjesc na dysk czy ktos moze wie co moglo to spowodowac i jak to naprawic??

**Posty:** 18165 · przez **wojtas** 09 Wrz 2008, 20:57

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 18 · przez **kamionek202** 09 Wrz 2008, 21:09

a mozesz mi odpowiedziec czy przeinstalowanie pomoglo by bo dostalem pewnego laptopa i moze lepiej zrobic formata?

**Posty:** 18165 · przez **wojtas** 09 Wrz 2008, 21:11

moim zdaniem lepiej powalczyc...

**Posty:** 18 · przez **kamionek202** 09 Wrz 2008, 21:12

ok w takim razie zaczynam działac

Dodano 09.09.2008 21:45:37:
uruchomilem SDFixa mam ten raport i log combofixa co moge dalej z tym zrobic

Dodano 09.09.2008 22:01:27:

Kod: Zaznacz wszystko: [b]SDFix: Version 1.223 [/b] Run by Waciciel on 2008-09-09 at 21:25 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: No Trojan Files Found Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-09 21:32:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:0000006d scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer" "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Onet.pl - Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: [b]Files with Hidden Attributes [/b]: Wed 10 Jan 2007 309 A.SHR --- "C:\BOOT.BAK" Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll" Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll" Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll" Thu 8 Dec 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 10 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" [b]Finished![/b]

Dodano 09.09.2008 22:02:00:

Kod: Zaznacz wszystko: ComboFix 08-09-05.12 - Właściciel 2008-09-09 21:37:40.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.200 [GMT 2:00] Running from: E:\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 ))))))))))))))))))))))))))))))) . 2008-09-09 21:40 . 2008-09-09 21:40 53,248 --a------ C:\Temp\catchme.dll 2008-09-09 21:21 . 2008-09-09 21:21 <DIR> d-------- C:\WINDOWS\ERUNT 2008-09-09 21:14 . 2008-09-09 21:33 <DIR> d-------- C:\SDFix 2008-09-09 20:22 . 2008-09-09 20:29 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-09-09 20:22 . 2008-09-09 20:32 <DIR> d-------- C:\Program Files\SkanerOnline 2008-09-09 20:22 . 2008-09-09 20:22 <DIR> d-------- C:\Documents and Settings\Właściciel\Application Data\PC Tools 2008-09-09 20:22 . 2008-09-09 21:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-09 20:22 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-09-09 20:22 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-09-09 20:22 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-09-09 20:22 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-09-09 20:11 . 2008-09-09 20:12 <DIR> d-------- C:\Temp\iss9F.tmp 2008-09-09 19:47 . 2008-09-09 19:48 <DIR> d-------- C:\Temp\iss7.tmp 2008-09-09 19:46 . 2008-09-09 20:41 <DIR> d-------- C:\Temp\~nsu.tmp 2008-09-04 15:26 . 2008-09-09 21:28 <DIR> d-------- C:\Temp\WER7061.dir00 2008-09-04 15:09 . 2008-09-04 15:09 1,024 --a------ C:\WINDOWS\system32\gncontent.cch 2008-09-04 10:34 . 2008-09-04 10:35 <DIR> d-------- C:\Temp\iss1E.tmp 2008-09-04 10:34 . 2008-09-04 10:34 <DIR> d-------- C:\Temp\Creative 2008-09-04 10:34 . 2008-09-04 10:34 <DIR> d-------- C:\Program Files\Audible 2008-09-04 10:34 . 2008-09-04 10:34 755,320 --a------ C:\WINDOWS\system32\awrdscdc.ax 2008-09-04 10:32 . 2008-09-04 10:32 <DIR> d-------- C:\Temp\iss11.tmp 2008-09-04 10:31 . 2008-09-09 21:28 <DIR> d-------- C:\Temp\AutoUpdate 2008-08-27 08:14 . 2008-09-09 21:28 <DIR> d-------- C:\Temp\WER5556.dir00 2008-08-25 22:52 . 2008-08-25 22:52 <DIR> d-------- C:\WINDOWS\Matura 2008 Język Niemiecki 2008-08-25 22:33 . 2008-08-25 22:33 <DIR> d-------- C:\angielski_tmp 2008-08-20 08:35 . 2008-09-09 21:28 <DIR> d-------- C:\Temp\Word8.0 2008-08-20 08:35 . 2008-08-20 08:35 <DIR> d-------- C:\Temp\VBE 2008-08-17 21:32 . 2008-09-09 21:40 <DIR> d-------- C:\Temp\CDSPlayerWmpSkin 2008-08-17 21:32 . 2005-11-10 11:41 55,168 --------- C:\WINDOWS\system32\drivers\sdcplh.sys 2008-08-17 20:42 . 2008-08-17 20:42 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb 2008-08-17 20:42 . 2008-08-17 20:42 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb 2008-08-17 13:37 . 2008-09-09 21:40 <DIR> d-------- C:\Temp\pft2A~tmp 2008-08-17 13:24 . 2008-08-17 13:24 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2008-08-17 13:24 . 2008-08-17 13:24 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2008-08-17 13:19 . 2008-08-17 13:41 <DIR> d-------- C:\Temp\ispB.tmp 2008-08-17 13:11 . 2008-08-17 13:15 <DIR> d-------- C:\Program Files\Edgard . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2060-08-18 17:02 1,496,064 ----a-w C:\WINDOWS\system32\CC3250MT.DLL 2060-08-18 16:40 909,824 ----a-w C:\WINDOWS\system32\cp3245mt.dll 2060-08-18 16:40 24,064 ----a-w C:\WINDOWS\system32\borlndmm.dll 2008-09-09 18:08 --------- d-----w C:\Program Files\Creative 2008-09-09 17:46 --------- d-----w C:\Program Files\7-Zip 2008-09-04 08:35 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-04 08:33 --------- d-----w C:\Documents and Settings\Właściciel\Application Data\Creative 2008-08-25 20:52 --------- d-----w C:\Program Files\Matura 2008 Język Niemiecki 2008-08-18 20:47 --------- d-----w C:\Program Files\Skype 2008-08-18 20:47 --------- d-----w C:\Program Files\PWN 2008-08-18 20:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-18 20:47 --------- d-----w C:\Program Files\AGEIA Technologies 2008-08-17 18:39 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-08-17 11:41 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-19 18:42 338 ----a-w C:\Program Files\Neostrada 2005-11-02 08:44 457 ----a-w C:\Program Files\Skrót do Ahead.lnk 2005-10-26 12:25 251 ----a-w C:\Program Files\wt3d.ini 2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll 2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 114688] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177] "avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2008-07-19 78008] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264] "SoundMan"="SOUNDMAN.EXE" [2005-08-17 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax "VIDC.I420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TapiSrv"=3 (0x3) "ERSvc"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] S3 7236dd20-b9b6-423c-87df-1bca117be7a9;7236dd20-b9b6-423c-87df-1bca117be7a9;D:\Player\cds300.dll [ ] S3 USB28xxBGA;PCTV 100e/150e Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-29 361728] S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-29 39680] *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-SSS6_Suite - C:\Program Files\Steganos Security Suite 6\sss.exe HKU-Default-Run-SSS6_SAFE - C:\Program Files\Steganos Security Suite 6\safe.exe HKU-Default-Run-SSS6_SPM - C:\Program Files\Steganos Security Suite 6\spm.exe Notify-WgaLogon - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\ru6ghnm0.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.pl . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-09 21:40:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-09 21:41:31 ComboFix-quarantined-files.txt 2008-09-09 19:41:25 Pre-Run: 59,301,851,136 bytes free Post-Run: 59,340,234,752 bajtów wolnych 133 --- E O F --- 2008-04-13 19:28:27

Dodano 09.09.2008 22:08:36:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:07:11, on 2008-09-09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\ctfmon.exe E:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.pcf.pl/ O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 5130 bytes