Witam!
Od nie dawna pojawił mi się problem, gdy właczam Narzędzia–>Opcje folderów–>i zaznaczam pokaż ukryte pliki–>biorę OK pliki nie pokazują się, kiedy wpisuje w pole adresu scieżkę normalnie mogę wejść w pliki.
To mój log błędów:
Do wyleczenia pendrive z wirusów użyj
lub format
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
File::
C:\v.bat
C:\adb.com
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast2KLoadDefault"=-
Cmaudio"=-
"NeroFilterCheck"=-
"SunJavaUpdateSched"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
W dniu 23.05.2008 , o godzinie 19:40 został dopisany post przez huber2t
otwórz notatnik i wklej
Z menu Notatnika - Plik - Zapisz jako - Zmień rozszerzenie z .txt na wszystkie pliki - zapisz pod nazwą Fix.reg
Uruchom ten plik, uruchom ponownie komputer
Usuń ręcznie folder C:\Qoobox ,usuń instalkę Combofix z dysku
Przeczyść komputer Ccleanerem
Wykonaj optymalizację autostartu
Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum
Włącz przywracanie systemu.
ComboFix 08-05-21.3 - CICHY 2008-05-23 19:41:30.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.172 [GMT 2:00]
Running from: C:\Documents and Settings\CICHY\Pulpit\Nieużywane skróty pulpitu\ComboFix.exe
Command switches used :: C:\Documents and Settings\CICHY\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
FILE ::
C:\adb.com
C:\v.bat
.
((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.
2008-05-18 17:24 . 2008-05-18 17:24
2008-05-18 17:22 . 2008-05-18 17:22
2008-05-18 17:06 . 2008-05-18 17:06
2008-05-18 17:06 . 2008-05-18 17:06
2008-05-18 16:40 . 2008-05-18 16:41
2008-05-05 18:38 . 2008-05-05 18:38
2008-04-30 14:57 . 2008-05-04 15:00 254 --a------ C:\WINDOWS\MIKROTEL.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 16:32 --------- d-----w C:\Program Files\Google
2008-05-23 13:10 --------- d-----w C:\Documents and Settings\CICHY\Dane aplikacji\Skype
2008-05-09 20:55 --------- d-----w C:\Program Files\Winamp
2008-05-05 14:36 --------- d-----w C:\Documents and Settings\CICHY\Dane aplikacji\Image Zone Express
2008-04-30 18:32 --------- d-----w C:\Program Files\InterActual
2008-03-25 04:52 621,344 ----a-w C:\windows\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\windows\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\windows\system32\win32k.sys
2008-03-11 15:23 19,560 -c–a-w C:\Documents and Settings\CICHY\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-03-07 18:09 107,832 -c–a-w C:\windows\system32\PnkBstrB.exe
2008-03-01 13:02 826,368 ----a-w C:\windows\system32\wininet.dll
2001-11-23 04:08 712,704 -c–a-w C:\windows\inf\OTHER\AUDIO3D.DLL
.
------- Sigcheck -------
2004-08-04 02:44 14336 ba98327e90022dbd6ee76490e0622e2e C:\windows\system32\svchost.exe
2004-08-04 02:44 14336 ba98327e90022dbd6ee76490e0622e2e C:\windows\system32\dllcache\svchost.exe
2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 C:\windows\system32\user32.dll
2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 C:\windows\system32\dllcache\user32.dll
2004-08-04 02:44 82944 ab82237486b727dd7dab36a76f38a3a2 C:\windows\system32\ws2_32.dll
2004-08-04 02:44 82944 ab82237486b727dd7dab36a76f38a3a2 C:\windows\system32\dllcache\ws2_32.dll
2004-08-04 02:44 504832 0344407089b08548d4feba62bb0f32d0 C:\windows\system32\winlogon.exe
2004-08-04 02:44 504832 0344407089b08548d4feba62bb0f32d0 C:\windows\system32\dllcache\winlogon.exe
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\windows\system32\dllcache\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\windows\system32\drivers\ndis.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\windows\system32\dllcache\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\windows\system32\drivers\ip6fw.sys
2004-08-04 02:44 108544 3da8d964d2cc12ef8e8c342471a37917 C:\windows\system32\services.exe
2004-08-04 02:44 108544 3da8d964d2cc12ef8e8c342471a37917 C:\windows\system32\dllcache\services.exe
2004-08-04 02:44 13312 f485fefc8cc4fd29243d800be5d275d1 C:\windows\system32\lsass.exe
2004-08-04 02:44 13312 f485fefc8cc4fd29243d800be5d275d1 C:\windows\system32\dllcache\lsass.exe
2004-08-04 02:44 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\windows\system32\ctfmon.exe
2004-08-04 02:44 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\windows\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\windows\system32\ctfmon.exe” [2004-08-04 02:44 15360]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-09-25 18:50 20053544]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]
“VS Online”=“D:\gry\VS Online\VSOnline.exe” []
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-06-26 22:54 68856]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36 2111176]
“eMuleAutoStart”=“D:\eMule\emule.exe” []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Cmaudio”=“cmicnfg.cpl” []
“WinFast Schedule”=“C:\Program Files\WinFast\WFTVFM\WFWIZ.exe” [2003-06-30 13:24 159744]
“WinFoxV2”=“C:\WINDOWS\system32\WF2K.EXE” [2003-07-17 14:23 1642496]
“DAEMON Tools”=“D:\gry\DAEMON Tools\daemon.exe” [2006-09-14 22:09 157592]
“WheelMouse”=“C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe” [2005-09-21 20:23 159744]
“USB Storage Toolbox”=“C:\Program Files\USB Disk Win98 Driver\Res.EXE” [2005-09-14 20:44 65536]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” []
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-03-09 15:29 7561216]
“nwiz”=“nwiz.exe” [2006-03-09 15:29 1519616 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-03-09 15:29 86016]
“NSLauncher”=“C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe” [2007-11-06 10:16 3096576]
“Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” [2005-06-07 00:46 57344]
“HP Software Update”=“D:\HP\HP Software Update\HPWuSchd2.exe” [2005-05-12 00:12 49152]
“avast!”=“D:\INSTAL~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 01:19 79224]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 02:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - D:\adobe\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - D:\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Microsoft Office.lnk - D:\INSTALKI DO PROGRAMŕW\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.I420”= i263_32.drv
“msacm.l3acm”= l3codecp.acm
“vidc.3iv2”= 3ivxVfWCodec.dll
“msacm.divxa32”= divxa32.acm
“VIDC.HFYU”= huffyuv.dll
“VIDC.i263”= i263_32.drv
“msacm.imc”= imc32.acm
“VIDC.VP31”= vp31vfw.dll
“msacm.l3fhg”= mp3fhg.acm
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\WINDOWS\system32\dpvsetup.exe”=
“D:\gry\cod2\CoD2MP_s.exe”=
“D:\gry\The All-Seeing Eye\eye.exe”=
“D:\gry\Valve\hl.exe”=
“\\AGNIESZKA\LIMEWIRE\LimeWire.exe”=
“D:\INSTALKI DO PROGRAMÓW\bear\BearShare.exe”=
“C:\Program Files\Internet Explorer\IEXPLORE.EXE”=
“D:\gra\most wanted\speed.exe”=
“D:\gry\Codemasters\Colin McRae Rally 04\cmr4.exe”=
“C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe”=
“C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe”=
“D:\gry\ET\Wolfenstein - Enemy Territory\ET.exe”=
“D:\gry\ET\game\ET.exe”=
“D:\HP\Digital Imaging\bin\hpqtra08.exe”=
“D:\HP\Digital Imaging\bin\hpqste08.exe”=
“D:\HP\Digital Imaging\bin\hpofxm08.exe”=
“D:\HP\Digital Imaging\bin\hposfx08.exe”=
“D:\HP\Digital Imaging\bin\hposid01.exe”=
“D:\HP\Digital Imaging\bin\hpqscnvw.exe”=
“D:\HP\Digital Imaging\bin\hpqkygrp.exe”=
“D:\HP\Digital Imaging\bin\hpqCopy.exe”=
“D:\HP\Digital Imaging\bin\hpfccopy.exe”=
“D:\HP\Digital Imaging\bin\hpzwiz01.exe”=
“D:\HP\Digital Imaging\Unload\HpqPhUnl.exe”=
“D:\HP\Digital Imaging\Unload\HpqDIA.exe”=
“D:\HP\Digital Imaging\bin\hpoews01.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“9505:TCP”= 9505:TCP:BitComet 9505 TCP
“9505:UDP”= 9505:UDP:BitComet 9505 UDP
“10258:TCP”= 10258:TCP:BitComet 10258 TCP
“10258:UDP”= 10258:UDP:BitComet 10258 UDP
“16234:TCP”= 16234:TCP:BitComet 16234 TCP
“16234:UDP”= 16234:UDP:BitComet 16234 UDP
“19444:TCP”= 19444:TCP:BitComet 19444 TCP
“19444:UDP”= 19444:UDP:BitComet 19444 UDP
“14370:TCP”= 14370:TCP:BitComet 14370 TCP
“14370:UDP”= 14370:UDP:BitComet 14370 UDP
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R1 aswSP;avast! Self Protection;C:\windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 DbgMsg;Debug Message;C:\WINDOWS\System32\Drivers\DbgMsg.sys [2004-07-21 10:38]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\windows\system32\DRIVERS\Amps2prt.sys [2005-09-21 17:27]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2003-01-07 10:16]
R4 WINFOXIO;WINFOXIO;C:\windows\system32\Drivers\WINFOXIO.SYS [2003-05-12 17:11]
S0 NVDual;NVDual;C:\windows\system32\DRIVERS\nvDual.sys []
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\windows\system32\DRIVERS\nvtvsnd.sys []
S3 BTCOMM;BTCOMM;C:\windows\system32\drivers\Btcomm.sys []
S3 BTKRNBDG;Bluetooth COM Bridge;C:\windows\system32\DRIVERS\btkrnbdg.sys []
S3 MksMonEn;MkS_Mon Kernel Engine;C:\Program Files\MKS\Bin\MksMonEn.sys []
S3 MksMonEv;MkS_Mon Kernel Events;C:\Program Files\MKS\Bin\MksMonEv.sys []
S3 MksMonFd;MkS_Mon Kernel Filter Driver;C:\Program Files\MKS\Bin\MksMonFd.sys []
S3 uir1100a;UIR1100A;C:\windows\system32\DRIVERS\uir1100a.sys [2004-12-01 09:43]
S3 vad_multi;Windigo Virtual Audio Device (WDM);C:\windows\system32\drivers\vadmulti.sys []
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 19:42:34
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-23 19:43:20
ComboFix-quarantined-files.txt 2008-05-23 17:43:16
ComboFix2.txt 2008-05-23 17:35:52
ComboFix3.txt 2008-05-23 16:35:27
Pre-Run: 1,043,148,800 bajtów wolnych
Post-Run: 1,047,732,224 bajtów wolnych
175 — E O F — 2008-05-14 09:39:29
Wykonaj moją druga wskazówkę, przeskanuj Kasperskim i daj log na forum