Nie otwierają się dyski

[lautern]

Proszę o sprawdzenie loga. Nie otwierają się dyski. Dziękuję za pomoc. Proszę pomóc, co mam robić.

ComboFix 08-03-21.1 - Administrator 2008-03-21 19:11:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.70 [GMT 1:00]
Running from: C:\Program Files\BitComet\Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\Autorun.inf
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-20 20:21 . 2008-03-20 20:21 16,244 --a------ C:\WINDOWS\system32\rrt_is.wav
2008-03-20 20:21 . 2008-03-20 20:21 7,302 --a------ C:\WINDOWS\system32\rrt_vf.wav
2008-03-20 20:21 . 2008-03-20 20:21 7,148 --a------ C:\WINDOWS\system32\rrt_tv.wav
2008-03-20 20:21 . 2008-03-20 20:21 6,282 --a------ C:\WINDOWS\system32\rrt_tn.wav
2008-03-19 21:46 . 2008-03-19 21:46 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\WinPatrol
2008-03-19 19:52 . 2008-03-19 19:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-17 20:04 . 2008-03-17 20:04 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-03-11 21:26 . 2008-03-11 21:36 <DIR> d-------- C:\Program Files\Opera
2008-03-11 20:39 . 2008-03-11 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2008-03-07 21:16 . 2008-03-07 21:16 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\HEXelon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 18:11 --------- d-----w C:\Program Files\cFosSpeed
2008-03-20 19:22 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-03-20 08:15 --------- d-----w C:\Program Files\ICQToolbar
2008-03-18 20:41 --------- d-----w C:\Program Files\Ashampoo
2008-03-17 20:52 --------- d-----w C:\Program Files\SkanerOnline
2008-03-07 20:45 --------- d-----w C:\Program Files\TC UP
2008-03-02 19:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-03-02 19:14 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-02-29 19:07 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-02-29 19:07 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\URSoft
2008-02-24 16:10 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-02-17 18:50 --------- d-----w C:\Program Files\Sokaris
2008-02-17 18:50 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-02-14 20:21 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\HateML
2008-02-14 20:20 --------- d-----w C:\Program Files\Migajek Software
2008-02-06 18:56 --------- d-----w C:\Program Files\BitComet
2008-01-27 18:07 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\ICQ Toolbar
2007-11-29 16:52 624,766 ----a-w C:\Documents and Settings\Administrator\disktoken.dll
2007-11-29 16:52 548,864 ----a-w C:\Documents and Settings\Administrator\token.dll
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 08:20 2194744]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 01:32 7204864]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 12:01 28160 C:\WINDOWS\KHALMNPR.Exe]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-10-17 16:26 854992]
"RRT-Auto"="C:\Documents and Settings\Administrator\Pulpit\RRT.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]
backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^F-Secure Anti-Virus 2006.lnk]
backup=C:\WINDOWS\pss\F-Secure Anti-Virus 2006.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 11:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-12-04 14:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-02-01 08:20 2194744 C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 15:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 21:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2005-07-08 15:25 1397760 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 06:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-06-04 12:38 286720 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-09-18 01:32 7204864 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-09-18 01:32 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-09-18 01:32 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 21:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 21:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-02-21 18:14 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-07-13 03:37 14679552 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-05-03 01:56 36975 C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--------- 2003-10-16 18:07 53248 C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2003-10-16 18:07 20480 C:\PROGRA~1\NEOSTR~1\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BackWeb Plug-in - 4476822"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Migajek Software\\HateML\\DbgListener\\DbgListener.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25069:TCP"= 25069:TCP:BitComet 25069 TCP
"25069:UDP"= 25069:UDP:BitComet 25069 UDP

R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 14:00]
S2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys []
S2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys []
S2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
S4 BackWeb Plug-in - 4476822;F-Secure Anti-Virus 2006;C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE [2006-08-21 16:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d494ead4-77ef-11dc-a406-0014853f541b}]
\Shell\AutoRun\command - 3o.exe
\Shell\explore\Command - 3o.exe
\Shell\open\Command - 3o.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-19 17:52:42 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 19:13:13
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\ASFWHide"
.
Completion time: 2008-03-21 19:13:48
ComboFix-quarantined-files.txt 2008-03-21 18:13:38

[pp3088]

start>>uruchom>>wpisujesz "regedit">>odnajdujesz klucz
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\
i usuwasz go.

[lautern]

Dziękuję, dziś wieczorem będę przy tym komputerze na którym nie otwierają się dyski i usunę to. Mam nadzieję, że to pomoże. Pozdrawiam i napiszę czy wszystko jest ok.

EDIT: Dyski już się otwierają. Dziękuję!!! Pojawiły się foldery, których nie mogę usunąć o nazwach RYCYCLER i SYSTEM VOLUME INFORMATION. Te foldery są na każdym dysku i nie mogę ich usunąć. Proszę jeszcze o wskazówkę jak to zrobić. Pozdrawiam.


Edytuj posty.
Edit by Bozz

[pp3088]

System Volume jest w porządku to pryzwracanie systemu.

Recycler też nie groźny.

[lautern]

Dziękuję, Wszystko działa. Pozdrawiam!!!