ďťż

Wštki

AMVO ZNOWU.

szczawik - Nie Maj 18, 2008 1:07 pm
pomocy, oto mój log:

ComboFix 08-05-15.3 - szczaw 2008-05-18 15:01:18.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1033.18.65 [GMT 2:00]
Running from: C:\Documents and Settings\szczaw\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\0002C181
C:\Program Files\myglobalsearch\bar\Cache\0002C8A5
C:\Program Files\myglobalsearch\bar\Cache\0002CB93.bin
C:\Program Files\myglobalsearch\bar\Cache\0002DF1B.bin
C:\Program Files\myglobalsearch\bar\Cache\0002E370.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\Program Files\myglobalsearch\bar\Settings\settings.dat
C:\Program Files\myglobalsearch\bar\Settings\settings.htm

.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.

2008-05-16 18:40 . 2008-05-16 18:40 <DIR> d-------- C:\Program Files\SkanerOnline
2008-05-16 14:51 . 2004-08-10 20:00 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-16 11:23 . 2008-05-16 11:23 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-16 11:11 . 2008-05-16 11:11 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-16 11:10 . 2008-05-16 11:10 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\DAEMON Tools
2008-05-15 08:38 . 2006-03-21 05:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-05-14 10:30 . 2008-05-14 10:30 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\IrfanView
2008-05-13 20:45 . 2008-05-13 20:45 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\Nokia Multimedia Player
2008-05-13 20:45 . 2008-05-13 20:45 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\Media Player Classic
2008-05-13 20:45 . 2008-05-13 20:45 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\DivX
2008-05-13 20:37 . 2008-05-13 20:37 <DIR> d-------- C:\Documents and Settings\szczaw\Phone Browser
2008-05-13 20:37 . 2008-05-13 20:37 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\Nokia
2008-05-13 20:37 . 2008-05-13 20:37 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\Datalayer
2008-05-13 20:34 . 2008-05-13 20:34 <DIR> d-------- C:\Program Files\DIFX
2008-05-13 20:34 . 2008-05-13 20:34 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-13 20:33 . 2008-05-13 20:33 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2008-05-13 20:33 . 2008-05-13 20:33 <DIR> d-------- C:\Program Files\Nokia
2008-05-13 20:33 . 2008-05-13 20:33 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-13 20:33 . 2008-05-13 20:33 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\PC Suite
2008-05-13 20:33 . 2008-05-13 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-13 20:33 . 2008-05-13 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-05-13 20:33 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-13 20:05 . 2008-04-21 15:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-13 20:05 . 2008-04-21 15:00 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-13 20:05 . 2008-04-21 15:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-13 19:43 . 2008-05-13 19:44 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\skypePM
2008-05-13 19:43 . 2008-05-13 19:43 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\Skype
2008-05-13 19:43 . 2008-05-13 19:44 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-13 19:42 . 2008-05-13 19:42 <DIR> d-------- C:\Program Files\Skype
2008-05-13 19:42 . 2008-05-13 19:42 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-13 19:42 . 2008-05-13 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-13 19:37 . 2008-05-13 19:38 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\foobar2000
2008-05-13 19:19 . 2008-05-13 19:19 <DIR> d-------- C:\Documents and Settings\szczaw\Gadu-Gadu
2008-05-13 19:19 . 2008-05-13 19:19 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\Gadu-Gadu
2008-05-13 18:55 . 2008-05-13 18:55 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\Azureus
2008-05-13 18:55 . 2008-05-13 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-13 18:16 . 2008-05-13 18:16 <DIR> d-------- C:\Z NETA
2008-05-13 18:06 . 2008-05-13 18:06 <DIR> d-------- C:\PROGRAMY
2008-05-13 18:04 . 2008-05-13 18:04 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-13 18:00 . 2008-05-13 18:00 0 --a------ C:\WINDOWS\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 15:42 --------- d-----w C:\Program Files\Yahoo!
2008-05-13 15:38 --------- d-----w C:\Program Files\Launch Manager
2008-05-13 15:33 --------- d-----w C:\Program Files\WIDCOMM
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"PcSync"="C:\PROGRAMY\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"LaunchApp"="Alaunch" []
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 13:08 61440]
"avast!"="C:\PROGRAMY\avast\ashDisp.exe" [2008-05-12 18:39 79224]
"PCSuiteTrayApplication"="C:\PROGRAMY\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557]
Kalendarz XP.lnk - C:\PROGRAMY\Kalendarz XP\Kalendarz.exe [2008-05-13 18:06:18 882176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\PROGRAMY\\bear\\BearShare.exe"=
"C:\\PROGRAMY\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

*Newly Created Service* - CATCHME
*Newly Created Service* - INT15.SYS
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 15:04:00
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-18 15:05:04
ComboFix-quarantined-files.txt 2008-05-18 13:04:54

Pre-Run: 36,912,070,656 bytes free
Post-Run: 36,954,669,056 bytes free

156 --- E O F --- 2008-05-17 13:37:35

huber2t - Nie Maj 18, 2008 2:06 pm
otwórz notatnik i wklej
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=-

szczawik - Nie Maj 18, 2008 2:44 pm
uruchomić tylko notatnik i ponownie kompa?bez zadnego combo fixa?bo nic to nie zmieniło komp jak sie ciął tak tnie dalej..

huber2t - Nie Maj 18, 2008 3:09 pm
Tak musisz tak zrobić jak napisałeś, a następnie wykonać optymalizację komputera( dział sprawdzone porady)

szczawik - Nie Maj 18, 2008 7:40 pm
kasperski nic nie wykryl jak widac,nie wiem co robic.. pomocy!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
18 maj 2008 21:35:26
System operacyjny: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner wersja: 5.0.98.0
Ostatnia aktualizacja Kaspersky Anti-Virus18/05/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus783003
-------------------------------------------------------------------------------

Ustawienia skanowania:
Skanowanie przy użyciu następujących baz danych: rozszerzone
Skanuj archiwa: tak
Skanuj pocztowe bazy danych: tak

Obszar skanowania - Mój komputer:
C:\
D:\
E:\
F:\

Statystyki skanowania:
Liczba skanowanych obiektów: 39990
Liczba wykrytych wirusów: 0
Liczba zainfekowanych obiektów: 0
Liczba podejrzanych obiektów: 0
Czas trwania skanowania: 01:07:39

Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie
C:\WINDOWS\system32\config\system.LOG Object is locked pominięty
C:\WINDOWS\system32\config\software.LOG Object is locked pominięty
C:\WINDOWS\system32\config\default.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY Object is locked pominięty
C:\WINDOWS\system32\config\SAM Object is locked pominięty
C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
C:\WINDOWS\system32\config\Media Ce.evt Object is locked pominięty
C:\WINDOWS\system32\config\SYSTEM Object is locked pominięty
C:\WINDOWS\system32\config\SOFTWARE Object is locked pominięty
C:\WINDOWS\system32\config\DEFAULT Object is locked pominięty
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked pominięty
C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty
C:\WINDOWS\system32\h323log.txt Object is locked pominięty
C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{E524600D-8AC6-4F8C-AAFD-C9C221991F79}.crmlog Object is locked pominięty
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked pominięty
C:\WINDOWS\Temp\Perflib_Perfdata_7b4.dat Object is locked pominięty
C:\WINDOWS\Temp\T30DebugLogFile.txt Object is locked pominięty
C:\WINDOWS\WindowsUpdate.log Object is locked pominięty
C:\WINDOWS\SchedLgU.Txt Object is locked pominięty
C:\WINDOWS\Sti_Trace.log Object is locked pominięty
C:\WINDOWS\wiaservc.log Object is locked pominięty
C:\WINDOWS\wiadebug.log Object is locked pominięty
C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt Object is locked pominięty
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked pominięty
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked pominięty
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked pominięty
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked pominięty
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked pominięty
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Local Settings\Temp\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\szczaw\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\szczaw\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\szczaw\Local Settings\History\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\szczaw\Local Settings\History\History.IE5\MSHist012008051820080519\index.dat Object is locked pominięty
C:\Documents and Settings\szczaw\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\szczaw\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse Object is locked pominięty
C:\Documents and Settings\szczaw\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\szczaw\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\szczaw\Cookies\index.dat Object is locked pominięty
C:\PROGRAMY\avast\DATA\report\Osłona rezydentna.txt Object is locked pominięty
C:\PROGRAMY\avast\DATA\log\selfdef.log Object is locked pominięty
C:\PROGRAMY\avast\DATA\log\nshield.log Object is locked pominięty
C:\PROGRAMY\avast\DATA\log\AshWebSv.ws Object is locked pominięty
C:\PROGRAMY\avast\DATA\log\aswMaiSv.log Object is locked pominięty
C:\PROGRAMY\avast\DATA\aswResp.dat Object is locked pominięty
C:\PROGRAMY\avast\DATA\Avast4.db Object is locked pominięty
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

Proces skanowania został zakończony.

szczawik - Nie Maj 18, 2008 8:31 pm
komp dalej długo myśli i nawet mp3 przycina.. nie wiem co zrobić:(

huber2t - Pon Maj 19, 2008 2:46 am
Daj nowy log z Combofix, wykonaj optymalizacje pc (dział porady)

szczawik - Pon Maj 19, 2008 8:04 pm
oto log:

ComboFix 08-05-15.3 - szczaw 2008-05-19 21:58:51.2 - FAT32x86
Running from: C:\Documents and Settings\szczaw\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-18 22:04 . 2008-05-18 22:04 <DIR> d-------- C:\Program Files\ToniArts
2008-05-18 17:04 . 2008-05-18 17:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-18 17:04 . 2008-05-18 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-16 18:40 . 2008-05-16 18:40 <DIR> d-------- C:\Program Files\SkanerOnline
2008-05-16 14:51 . 2004-08-10 20:00 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-16 11:23 . 2008-05-16 11:23 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-16 11:11 . 2008-05-16 11:11 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-16 11:10 . 2008-05-16 11:10 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\DAEMON Tools
2008-05-15 08:38 . 2006-03-21 05:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-05-14 10:30 . 2008-05-14 10:30 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\IrfanView
2008-05-13 20:45 . 2008-05-13 20:45 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\Nokia Multimedia Player
2008-05-13 20:45 . 2008-05-13 20:45 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\Media Player Classic
2008-05-13 20:45 . 2008-05-13 20:45 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\DivX
2008-05-13 20:37 . 2008-05-13 20:37 <DIR> d-------- C:\Documents and Settings\szczaw\Phone Browser
2008-05-13 20:37 . 2008-05-13 20:37 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\Nokia
2008-05-13 20:37 . 2008-05-13 20:37 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\Datalayer
2008-05-13 20:34 . 2008-05-13 20:34 <DIR> d-------- C:\Program Files\DIFX
2008-05-13 20:34 . 2008-05-13 20:34 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-13 20:33 . 2008-05-13 20:33 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2008-05-13 20:33 . 2008-05-13 20:33 <DIR> d-------- C:\Program Files\Nokia
2008-05-13 20:33 . 2008-05-13 20:33 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-13 20:33 . 2008-05-13 20:33 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\PC Suite
2008-05-13 20:33 . 2008-05-13 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-13 20:33 . 2008-05-13 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-05-13 20:33 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-13 20:05 . 2008-04-21 15:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-13 20:05 . 2008-04-21 15:00 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-13 20:05 . 2008-04-21 15:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-13 19:43 . 2008-05-13 19:44 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\skypePM
2008-05-13 19:43 . 2008-05-13 19:43 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\Skype
2008-05-13 19:43 . 2008-05-13 19:44 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-13 19:42 . 2008-05-13 19:42 <DIR> d-------- C:\Program Files\Skype
2008-05-13 19:42 . 2008-05-13 19:42 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-13 19:42 . 2008-05-13 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-13 19:37 . 2008-05-13 19:38 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\foobar2000
2008-05-13 19:19 . 2008-05-13 19:19 <DIR> d-------- C:\Documents and Settings\szczaw\Gadu-Gadu
2008-05-13 19:19 . 2008-05-13 19:19 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\Gadu-Gadu
2008-05-13 18:55 . 2008-05-13 18:55 <DIR> d-------- C:\Documents and Settings\szczaw\Application Data\Azureus
2008-05-13 18:55 . 2008-05-13 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-13 18:16 . 2008-05-13 18:16 <DIR> d-------- C:\Z NETA
2008-05-13 18:06 . 2008-05-13 18:06 <DIR> d-------- C:\PROGRAMY
2008-05-13 18:04 . 2008-05-13 18:04 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-13 18:00 . 2008-05-13 18:00 0 --a------ C:\WINDOWS\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 15:42 --------- d-----w C:\Program Files\Yahoo!
2008-05-13 15:38 --------- d-----w C:\Program Files\Launch Manager
2008-05-13 15:33 --------- d-----w C:\Program Files\WIDCOMM
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"PcSync"="C:\PROGRAMY\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"LaunchApp"="Alaunch" []
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 13:08 61440]
"avast!"="C:\PROGRAMY\avast\ashDisp.exe" [2008-05-12 18:39 79224]
"PCSuiteTrayApplication"="C:\PROGRAMY\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557]
Kalendarz XP.lnk - C:\PROGRAMY\Kalendarz XP\Kalendarz.exe [2008-05-13 18:06:18 882176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\PROGRAMY\\bear\\BearShare.exe"=
"C:\\PROGRAMY\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - tym8a.exe
\Shell\explore\Command -
\Shell\open\Command -

*Newly Created Service* - INT15.SYS
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 22:01:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-19 22:03:14
ComboFix-quarantined-files.txt 2008-05-19 20:02:44

Pre-Run: 38,490,013,696 bytes free
Post-Run: 38,483,918,848 bytes free

140 --- E O F --- 2008-05-17 13:37:35

VampirLord - Pon Maj 19, 2008 9:47 pm
Dam ci radę zamiast leczyć lepiej zapobiegać (profilaktyka)

Backup systemu w dziale demonstracje masz temat niuńki i linki...

Ghost RLZ !!

http://instalki.pl/forum/viewtopic.php?t=4306

PROSZĘ

huber2t - Wto Maj 20, 2008 3:27 am
otwórz notatnik i wklej
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2

szczawik - Wto Maj 20, 2008 12:20 pm
tnie jak ciął.. czy format coś pomoże?

huber2t - Wto Maj 20, 2008 1:57 pm
Ja w logach nic więcej nie widze i ci nie pomogę za pomocą ich, Wykonaj optymalizację komputera(dział porady)

Sitedesign by AltusUmbrae.

Darmowy hosting zapewnia PRV.PL