Pomocy z amvo!


(Gass01) #1

komp zwalnia mi od jakiegoś czasu.. nie moge pozbyc sie tego syfu..prosze o szybką pomoc!!nie moge prawie nic zrobić na komputerze.. dodam ze to laptop i ma ukrytą partycje z win..czy tam tez moze byc ten syf?formatowałem komp ale nic nie pomogło:/ RATUNKU!

W dniu 05.06.2008 , o godzinie 10:46 został dopisany post przez szczawik

oto log z combofixa:

ComboFix 08-06-04.3 - szczawik 2008-06-05 10:28:21.1 - FAT32 x86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1033.18.118 [GMT 2:00]

Running from: C:\Documents and Settings\szczawik\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL

C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL

C:\Program Files\myglobalsearch\bar\Cache\0016ADC9

C:\Program Files\myglobalsearch\bar\Cache\0016B2BA

C:\Program Files\myglobalsearch\bar\Cache\0016B53B.bin

C:\Program Files\myglobalsearch\bar\Cache\0016B80A.bin

C:\Program Files\myglobalsearch\bar\Cache\0016BAB9.bin

C:\Program Files\myglobalsearch\bar\Cache\files.ini

C:\Program Files\myglobalsearch\bar\History\search

C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

.

((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))

.

2008-06-04 23:29 . 2008-06-04 23:29

2008-06-04 17:14 . 2008-06-04 17:14

2008-06-04 17:13 . 2008-06-04 23:29 131 --a------ C:\WINDOWS\wininit.ini

2008-06-04 17:09 . 2008-06-04 17:09

2008-06-04 17:01 . 2008-06-04 17:01

2008-06-04 16:21 . 2008-06-04 16:21

2008-06-04 13:49 . 2008-06-04 13:49

2008-06-04 13:48 . 2008-06-04 13:48 1,140 --a------ C:\WINDOWS\mozver.dat

2008-06-04 13:42 . 2008-06-04 13:42

2008-06-04 13:42 . 2008-06-04 13:42 0 --a------ C:\WINDOWS\nsreg.dat

2008-06-04 13:34 . 2008-06-04 13:34

2008-06-04 13:33 . 2004-08-10 20:00 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-06-04 13:33 . 2004-08-10 20:00 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-06-04 13:33 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-06-04 13:33 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

2008-06-04 13:33 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-06-04 13:33 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys

2008-06-04 13:33 . 2004-08-10 20:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-06-04 13:33 . 2004-08-10 20:00 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

2008-06-04 13:29 . 2008-06-04 16:19 450 --a------ C:\WINDOWS\system32\eRLog.ini

2008-06-04 13:27 . 2008-06-04 13:27

2008-06-04 13:27 . 2008-06-04 13:27 92 --a------ C:\WINDOWS\GridV.UNI

2008-06-04 13:26 . 2008-06-04 13:26

2008-06-04 13:26 . 2008-06-04 13:26

2008-06-04 13:25 . 2005-09-26 16:40 258,048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe

2008-06-04 13:23 . 2008-06-04 13:23

2008-06-04 13:23 . 2004-12-08 14:10 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS

2008-06-04 13:23 . 2004-12-09 12:04 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL

2008-06-04 13:23 . 2008-06-04 13:23 83 --a------ C:\WINDOWS\LManager.UNI

2008-06-04 13:22 . 2008-06-04 13:22

2008-06-04 13:22 . 2006-01-20 15:56 225,350 --a------ C:\WINDOWS\system32\Epm-Po.dll

2008-06-04 13:22 . 2006-01-20 15:56 53,248 --a------ C:\WINDOWS\system32\acpimof.dll

2008-06-04 13:18 . 2008-06-04 13:18

2008-06-04 13:18 . 2008-06-04 13:18

2008-06-04 13:16 . 2006-09-06 08:09

2008-06-04 13:16 . 2008-06-04 13:16

2008-06-04 13:10 . 2006-09-17 19:38 1,154,584 --a------ C:\WINDOWS\YTB.EXE

2008-06-04 13:10 . 2006-09-28 18:43 261,627 --a------ C:\WINDOWS\EMEAWG.EXE

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

2008-06-04 23:29 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-06-04 23:29 262144]

[HKEY_CLASSES_ROOT\clsid{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]

"LaunchApp"="Alaunch" []

"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]

"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 15:27 52848]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]

"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 13:08 61440]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557]

Kalendarz XP.lnk - C:\PROGRAMY\Kalendarz XP\Kalendarz.exe [2008-06-04 17:35:10 882176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"C:\PROGRAMY\BearShare\BearShare.exe"=

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]

R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - tym8a.exe

\Shell\explore\Command -

\Shell\open\Command -

*Newly Created Service* - INT15.SYS

.

Contents of the 'Scheduled Tasks' folder

"2008-06-04 12:22:18 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - szczawik.job"

  • C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-05 10:36:44

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\DOCUME~1\szczawik\LOCALS~1\Temp\RtkBtMnt.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\dllhost.exe

.

**************************************************************************

.

Completion time: 2008-06-05 10:45:33 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-05 08:44:40

Pre-Run: 47,325,282,304 bytes free

Post-Run: 47,263,973,376 bytes free

178 --- E O F --- 2008-06-05 01:00:54


(JNJN) #2

Poczytaj tematy przyklejone w tym dziale i popraw posta, opcja edytuj.JNJN