brak mozliwosci otworzenia systemu c i d

[zydelek]

Witam
Otwórz zainfekował mi sie komputer, ściągnąłem avasta i usunął mi wirusa. Był to plik systemowy. Teraz nie moge otworzyc normalnie systemu C i D wyskakuje mi ikonka ''otworz za pomoca'' dodatkowo nie pokazuje mi ukrytych folderow. Bardzo prosze o pomoc nie wiem jak mam to naprawic;(

[Twój Stary]

dodatkowo nie pokazuje mi ukrytych folderow

wchodzisz w Panel Sterowania -> Opcje folderów -> zakładka Widok i zaznaczasz Pokaż ukryte pliki i foldery

[Fire_]

systemu C i D

Chyba partycji...

dodatkowo nie pokazuje mi ukrytych folderow

Mój Komputer Narzędzia Opcie folderów... Widok

Zaznacz opcje Pokaż ukryte pliki i foldery

[Mike]

zydelek
wstaw loga z combofix'a => http://forum.programosy.pl/jak-generujemy-logi-z-combofixa-oraz-dssa-vt95026.html

oraz z hijackthis => http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

[zydelek]

probowalem tam narzedzia opcje folderow...i mimo to mi nie pokazalo.... a co do Combofixa zrobil mi log ale komp mi sie zwalil ( nie bylo startu ani innych plikow i musialem zresetowac kompa i dlatego sprobuje jeszcze raz

[ Dodano: Dzisiaj o 18:04 ]
po zresetowaniu wyszukalem tego pliku i oto on

ComboFix 08-07-02.5 - PADAKA 2008-07-03 17:39:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1974 [GMT 2:00]
Running from: C:\Documents and Settings\PADAKA\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\mdm.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))
.

2008-07-03 10:32 . 2008-07-03 10:32 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-18 23:32 . 2008-06-18 23:32 <DIR> d-------- C:\Program Files\QuickTime
2008-06-11 10:46 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:46 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 12:34 --------- d-----w C:\Documents and Settings\PADAKA\Dane aplikacji\Skype
2008-07-03 12:03 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-07-03 12:03 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-07-03 12:03 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-07-03 12:03 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-07-03 12:03 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-07-03 12:03 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-07-03 12:03 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-07-03 12:03 236,846 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-07-03 10:16 --------- d-----w C:\Documents and Settings\PADAKA\Dane aplikacji\skypePM
2008-07-02 16:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-30 09:36 --------- d-----w C:\Program Files\Gadu-Gadu
2008-05-09 18:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-09 00:53 --------- d-----w C:\Program Files\IncrediGames
2008-05-09 00:51 --------- d-----w C:\Program Files\Plasma Pong
2008-05-09 00:44 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-09 00:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Intenium
2008-05-09 00:36 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-04 18:02 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C672F4AB-780B-45C0-BAEC-91F455C86F8D}]
2007-05-17 18:38 798720 --a------ C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2D2DE234-AB9F-4345-9D17-94FA78BA37E3}"= "C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll" [2007-05-17 18:38 798720]

[HKEY_CLASSES_ROOT\clsid\{2d2de234-ab9f-4345-9d17-94fa78ba37e3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2D2DE234-AB9F-4345-9D17-94FA78BA37E3}"= "C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll" [2007-05-17 18:38 798720]

[HKEY_CLASSES_ROOT\clsid\{2d2de234-ab9f-4345-9d17-94fa78ba37e3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-10-31 09:31 67128]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 23:17 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:26 22014760]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~2.EXE" [2008-01-07 12:26 390568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-24 08:46 7696384]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-24 08:46 86016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-28 12:48 177416]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-05-25 10:45 230928]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2007-08-28 12:48 1193224]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2007-08-28 12:48 173320]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2007-08-28 12:48 253952]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-08-28 12:48 14088]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-18 23:32 413696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"nwiz"="nwiz.exe" [2006-08-24 08:46 1617920 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-31 09:31:35 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-21 14:39:00 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-01-31 15:00 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2007-05-31 13:43]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2007-03-21 18:57]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2007-03-16 04:39]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2007-05-31 13:43]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2007-07-24 17:00]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2007-03-21 16:31]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 00:53]
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-07-24 13:44]
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-05-14 18:23]
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2007-03-05 19:36]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2007-03-19 19:06]
R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-08-28 12:48]
S0 NVDual;NVDual;C:\WINDOWS\system32\DRIVERS\nvDual.sys []
S2 IcRecUsb;IC Recorder Driver;C:\WINDOWS\system32\Drivers\IcRecUsb.sys [2001-10-02 08:37]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eef590e0-15ce-11dd-a8c5-0002440550d5}]
\Shell\AutoRun\command - g83816.com
\Shell\explore\Command - g83816.com
\Shell\open\Command - g83816.com

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-27 14:46:07 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as PADAKA at 15 46.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
"2008-07-02 16:05:03 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Onet.pl AutoUpdate - C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 17:48:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-03 17:50:52
ComboFix-quarantined-files.txt 2008-07-03 15:50:30

Pre-Run: 7,704,596,480 bajtów wolnych
Post-Run: 10,487,906,304 bajtów wolnych

156 --- E O F --- 2008-06-20 06:38:09

[ Dodano: Dzisiaj o 18:05 ]
co teraz?

[ Dodano: Dzisiaj o 18:22 ]
a z tym 2 programem nie dam rady za duzo bawienia sie...mam nadzieje ze to co wkleilem wystarczy:)

[Magik]

a z tym 2 programem nie dam rady za duzo bawienia sie...mam nadzieje ze to co wkleilem wystarczy:)

Brakuje loga z HiJackThis a z combofix'a jest urwany// wklej na wklej.org te logi