Nu Apare Folderul Ascuns Hepl Pls!
Sault. Am o mica problema cu windows. Atunci cand incerc sa il setez sa-mi apara fisierele ascunse, nu mai merge . Am incercat cu antivirusul si nimic, la fel se intampla. Dupa ce bifez "show hidden files and folder" , clik ok si nimic, intru iar acolo si e bifat sa nu afiseze . Inca ceva . Atunci cand intru in My Computer, dupa ce selectez sa intru intr-o partitie, in loc sa se deschida in fereastra cu my computer, se mai deschide una separat cu partitia. Va rog ajutati-ma. Ms !
Comentarii
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:13:18, on 17.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\maryus\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso0.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
--
End of file - 1737 bytes
..sper ca am procedat bine .. si de mentionat , ca atunci cand folosesc internet explorer apare o eroare gen "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience." :-s0 -
Descarca Combofix, ruleaza-l, si posteaza log-ul.
Cat timp Combofix ruleaza, nu mai deschide alte aplicatii. De asemenea, conexiunea la internet iti va fi oprita, ceea ce este normal (va reveni automat cand Combofix termina).
Dupa ce rulezi combofix, fa un nou log HijackThis si posteaza-l alaturi de cel al Combofix.
Cris.0 -
Salut Cris,
Vreau sa-ti multumesc ca m-ai ajutat. Imediat dupa ce am rulat Combofix mi s-a rezolvat problema:). Iti multumesc mult de tot. Nu stiu daca mai este important sa afisez log-ul de la "Combofix" (nu vreau sa incarc prea mult pagina). Uite de la Combofix. Inca o data iti multumesc frumos .
ComboFix 08-08-18.01 - maryus 2008-08-19 0:30:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.525 [GMT 3:00]
Running from: C:\Documents and Settings\maryus\My Documents\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Documents and Settings\maryus\Cookies\maryus@ad.yieldmanager[2].txt
C:\Documents and Settings\maryus\Cookies\maryus@oa.torrent-toolbar[1].txt
C:\Documents and Settings\maryus\UserData
C:\Documents and Settings\maryus\UserData\FO0MFZNF\sn[1].xml
C:\Documents and Settings\maryus\UserData\index.dat
C:\WINDOWS\system32\fool0.dll
C:\WINDOWS\system32\ieso0.dll
C:\WINDOWS\system32\kxvo.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.
2008-08-17 23:48 . 2008-08-17 23:48 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-08-17 23:48 . 2008-08-17 23:48 <DIR> d-------- C:\Program Files\AvRack
2008-08-17 23:48 . 2004-11-17 11:08 16,162,816 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-08-17 23:48 . 2004-11-17 11:11 9,319,936 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2008-08-17 23:48 . 2004-11-17 14:05 2,297,664 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2008-08-17 23:48 . 2004-11-05 11:29 208,896 --------- C:\WINDOWS\alcupd.exe
2008-08-17 23:48 . 2004-09-07 09:23 156,672 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2008-08-17 23:48 . 2002-02-05 08:54 141,016 --a------ C:\WINDOWS\system32\ALSNDMGR.WAV
2008-08-17 23:48 . 2004-09-01 15:04 139,264 --------- C:\WINDOWS\alcrmv.exe
2008-08-17 23:48 . 2004-11-15 13:20 77,824 --a------ C:\WINDOWS\SOUNDMAN.EXE
2008-08-17 23:48 . 2004-10-27 10:47 40,960 --------- C:\WINDOWS\system32\ChCfg.exe
2008-08-17 23:48 . 2001-07-05 19:19 164 --------- C:\WINDOWS\avrack.ini
2008-08-17 23:39 . 2008-08-17 23:45 <DIR> d-------- C:\Program Files\Winamp
2008-08-17 23:39 . 2008-08-17 23:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-17 23:31 . 2008-08-17 23:31 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-17 19:49 . 2008-08-17 23:25 <DIR> d-------- C:\Program Files\SopCast4.5
2008-08-11 06:49 . 2008-05-27 02:03 16,792 --a------ C:\WINDOWS\system32\gorun2.exe
2008-08-11 06:43 . 2008-08-11 06:43 16 --a------ C:\WINDOWS\system32\runy.bat
2008-08-11 05:03 . 2008-08-13 09:07 23,040 --a------ C:\WINDOWS\system32\systemcore.ocx
2008-08-11 05:03 . 2008-05-27 02:03 16,792 --a------ C:\WINDOWS\system32\gorun.exe
2008-08-11 05:03 . 2008-08-13 09:03 1,173 --a------ C:\WINDOWS\system32\systemcore.inf
2008-08-11 05:03 . 2008-08-11 05:44 174 --a------ C:\WINDOWS\system32\codecs.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 21:32 --------- d-----w C:\Program Files\Norton AntiVirus
2008-08-18 05:59 --------- d-----w C:\Program Files\BSplayer_WhenUSave_Installer
2008-08-17 20:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-17 03:50 --------- d-----w C:\Program Files\VIA
2008-08-17 03:37 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-28 05:57 147,355 --sh--r C:\63.com
2004-01-01 05:01 224,143 ----a-w C:\Documents and Settings\maryus\maryus.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2007-11-05 17:43 1258248]
"maryus"="C:\Documents and Settings\maryus\maryus.exe" [2004-01-01 08:01 224143]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 13:04 84640]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-06 07:22 26248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2006-09-03 05:36 100032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 21:29 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-11-15 13:20 77824 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
Contents of the 'Scheduled Tasks' folder
2004-01-01 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - maryus.job
- C:\PROGRA~1\NORTON~1\Navw32.exe [2006-09-07 11:38]
2004-01-01 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [2007-11-05 17:43]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-kxva - C:\WINDOWS\system32\kxvo.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ro/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 00:33:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-08-19 0:52:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-18 21:52:17
Pre-Run: 12,685,393,920 bytes free
Post-Run: 12,749,774,848 bytes free
1230 -
Te rog sa postezi un nou log HijackThis.
De asemenea, cauta fisierele urmatoare, pune-le intr-o arhiva cu parola infected si ataseaz-o la urmatorul tau post:C:\WINDOWS\system32\ChCfg.exe
C:\WINDOWS\system32\gorun.exe
C:\WINDOWS\system32\gorun2.exe
C:\Documents and Settings\maryus\maryus.exe
C:\63.com
C:\WINDOWS\system32\runy.bat
C:\WINDOWS\system32\codecs.bat
Inainte sa le cauti, asigura-te ca setezi Window sa iti afiseze fisiere ascunse si de sistem. Detali AICI.
Cris.0 -
Salut Cris,
Uite si log-ul de la HijackThis . sper ca am procedat corect cu upload-ul, dar nu am gasit "C:\Documents and Settings\maryus\maryus.exe" . Te salut si iti multumesc inca o data pentru ajutor. :-)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:28:09, on 01.01.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ErrorSmart\ErrorSmart.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\maryus\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [maryus] C:\Documents and Settings\maryus\maryus.exe
O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
--
End of file - 2268 bytes
..revin putin..m-am uitat pe log-ul de la HijackThis, si obs ca exista un program "maryus.exe" in C, m-am uitat mai atent.. si nu este nimic acolo, si am procedat corect la setarea XP-ului sa-mi afiseze fisierele ascunse0 -
Te rog sa stergi fisierul c:\63.com.orig deoarece este malware.
De asemenea, fisierul C:\windows\system32\runy.bat, daca nu este pus de tine si folosit, ar fi o idee sa-l stergi. La executie iti restarteaza calcualtorul.0 -
Daca acum nu mai ai niciun fel de problema, mai ramane de rezolvat problema cu eroarea Generic Host Process.
Problema a fost recunoscuta de Microsoft (este cauzata de o vulnerabilitate) si au fost lansate doua patch-uri pe Windows Update care rezolva problema:
WindowsXP-KB921883-x86-ENU.exe
WindowsXP-KB894391-x86-ENU.exe
Instaleaza-le pe rand, da restart dupa fiecare, si apoi nu ar mai trebui sa iti apara eroarea respectiva.
Cris.0 -
Inca o data va multumesc frumos pentru ajutorul acordat :-) . Sunteti de nota 10 ! ms frumos
0
Liderul tuturor timpurilor
Categorii de discuții
- Toate Categoriile
- 2 Știri și bloguri
- 10 Subiecte generale
- 2 Securitate pentru companii
- 4 Sugestii și idei pentru produse
- 12 Alte produse și servicii
- 19 Central & Abonamente
- 16 VPN
- 14 Mobile Security
- 2 Mac
- 39 Windows
- 1.3K Protectie utilizatori individuali
- 949 Arhiva
- 199 Discu355ii generale
- 199 Discu355ii malware
- 6 Discu355ii spam 351i phishing
- 58 Produse
- 49 Sta355ii de lucru
- 1 Unix
- Servere windows
- 3 Protec355ie enterprise
- 5 Mobile
- 487 350tiri