Problem z kasowaniem plikow

dawidek11 · 1 Grudzień 2007 19:45

Witam mam problem ze skasowaniem pikow , jak odpale jakis plik exe to jak go zamkne i chce go usunac to niemoge bo wyskakuje mi napis 'Cannot delete procexp:access is denied make you sure dis is not full or write-protected and that the file is not currently in use " dopiero jak zrestartuje kompa to moge usunac plik :(. podam log z combofix’a i hijack’a

ComboFix 07-12-02.1 - Albert 2007-12-01 19:23:23.23 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1007 [GMT 0:00] Running from: C:\Documents and Settings\Albert\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))) . 2007-11-26 18:11 . 2007-11-26 18:11 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-11-26 18:11 . 2007-11-26 18:11 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-11-26 18:10 . 2007-11-26 18:10 2007-11-25 22:08 . 2007-11-25 22:08 160 --a------ C:\WINDOWS\wcx_ftp.ini 2007-11-25 22:05 . 2007-11-25 22:06 2007-11-25 22:05 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF 2007-11-25 22:05 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF 2007-11-25 22:05 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-11-25 22:05 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-11-25 22:05 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-11-25 22:05 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF 2007-11-25 22:05 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF 2007-11-25 22:05 . 2007-11-25 22:09 485 --a------ C:\WINDOWS\wincmd.ini 2007-11-25 17:37 . 2007-11-25 17:37 65,840 --a------ C:\Documents and Settings\Albert\Application Data\GDIPFONTCACHEV1.DAT 2007-11-25 12:39 . 2007-11-25 12:39 38 --a------ C:\WINDOWS\avisplitter.INI 2007-11-25 09:36 . 2007-11-25 09:36 2007-11-24 10:56 . 2007-11-25 09:36 2007-11-23 17:05 . 2007-11-23 21:31 2007-11-23 16:56 . 2007-11-23 16:56 2007-11-23 16:32 . 2007-11-23 21:32 2007-11-22 21:39 . 2007-11-22 21:15 2,683 --a------ C:\index.htm 2007-11-22 20:57 . 2007-11-22 20:58 2007-11-22 19:14 . 2007-11-22 19:14 2007-11-22 19:14 . 2007-11-22 19:14 2007-11-22 16:46 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2007-11-22 16:33 . 2007-11-22 16:33 2007-11-22 16:19 . 2007-11-22 16:19 2007-11-22 16:19 . 2007-11-25 22:13 2007-11-22 11:45 . 2007-11-22 11:45 13,860 --a------ C:\WINDOWS\system32\drivers\klop.dat 2007-11-22 11:42 . 2007-11-22 11:42 200,704 --a------ C:\WINDOWS\system32\klogon.dll 2007-11-22 11:34 . 2007-11-22 11:34 10,011 --a------ C:\WINDOWS\system32\drivers\klnetinf.sys 2007-11-20 20:27 . 2007-11-24 17:47 2007-11-20 18:23 . 2007-11-20 18:23 139,008 --a------ C:\WINDOWS\system32\guard32.dll 2007-11-18 19:02 . 2007-11-18 19:02 2007-11-18 19:01 . 2007-11-18 19:01 2007-11-17 16:33 . 2007-11-17 16:33 2007-11-17 09:55 . 2007-11-17 09:55 2007-11-17 09:18 . 2007-11-17 09:18 2007-11-17 09:15 . 2007-11-17 09:24 2007-11-16 16:38 . 2007-11-16 16:38 26,128 --a------ C:\WINDOWS\system32\drivers\klfltdev.sys 2007-11-14 18:31 . 2007-11-14 18:31 2007-11-14 18:18 . 2007-11-14 18:18 2007-11-14 00:46 . 2007-10-26 03:34 10,158,080 --a–c— C:\WINDOWS\system32\dllcache\shell32.dll 2007-11-13 16:24 . 2007-11-15 15:52 2007-11-08 15:28 . 2007-11-08 15:28 2007-11-07 16:37 . 2007-11-07 16:37 2007-11-05 18:18 . 2007-11-05 18:18 2007-11-05 18:18 . 2007-11-05 18:18 504,913 --a------ C:\WINDOWS\XP Ultimate Uninstaller.exe 2007-11-05 17:12 . 2007-11-12 12:59 2007-11-05 17:11 . 2007-11-05 20:24 2007-11-05 15:26 . 2007-11-05 15:26 2007-11-05 13:19 . 2007-11-05 13:19 2007-11-05 13:13 . 2007-11-05 20:48 666 --a------ C:\WINDOWS\VisualTooltip.ini 2007-11-05 13:12 . 2007-11-05 13:12 2007-11-05 12:24 . 2007-11-05 12:24 2007-11-05 12:07 . 2007-11-07 16:43 2007-11-05 09:48 . 2004-08-04 01:07 1,708,032 --a------ C:\WINDOWS\system32\netshell.backup 2007-11-05 09:24 . 2006-12-19 21:52 8,453,632 --a------ C:\WINDOWS\system32\shell32.backup 2007-11-05 09:24 . 2004-08-04 01:07 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.backup 2007-11-05 09:24 . 2004-08-04 01:07 143,360 --a------ C:\WINDOWS\system32\mobsync.backup 2007-11-05 09:24 . 2004-08-04 01:07 98,304 --a------ C:\WINDOWS\system32\ahui.backup 2007-11-05 09:24 . 2005-05-04 14:45 78,848 --a------ C:\WINDOWS\system32\msiexec.backup 2007-11-05 09:24 . 2004-08-04 01:07 56,832 --a------ C:\WINDOWS\system32\sol.backup 2007-11-05 09:24 . 2004-08-04 01:07 55,296 --a------ C:\WINDOWS\system32\freecell.backup 2007-11-05 09:24 . 2004-08-04 01:07 51,712 --a------ C:\WINDOWS\system32\migpwd.backup 2007-11-05 09:24 . 2005-09-28 10:31 49,152 --a------ C:\WINDOWS\rebuild.exe 2007-11-05 09:24 . 2004-08-04 01:07 32,256 --a------ C:\WINDOWS\system32\wupdmgr.backup 2007-11-05 09:24 . 2004-08-04 01:07 32,256 --a------ C:\WINDOWS\system32\wpabaln.backup 2007-11-05 09:23 . 2004-08-04 01:07 183,808 --a------ C:\WINDOWS\system32\accwiz.backup 2007-11-05 09:20 . 2007-11-14 17:51 2007-11-05 09:13 . 2007-11-05 11:42 2007-11-04 16:41 . 2007-11-04 16:41 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 19:34 75,384,096 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-02 19:28 1,010,840 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-01 12:14 --------- d-----w C:\Program Files\PeerGuardian2 2007-12-01 10:23 --------- d-----w C:\Documents and Settings\Albert\Application Data\foobar2000 2007-12-01 10:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-11-26 17:56 672,032 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-26 17:56 65,120 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-24 13:36 --------- d-----w C:\Program Files\ArcaMicroScan 2007-11-23 19:53 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-22 19:01 --------- d-----w C:\Program Files\AnMing 2007-11-22 16:28 --------- d-----w C:\Program Files\AveDesk 1.3 2007-11-21 22:57 --------- d-----w C:\Program Files\RocketDock 2007-11-20 21:47 --------- d-----w C:\Documents and Settings\Albert\Application Data\Comodo 2007-11-20 21:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo 2007-11-14 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2007-11-04 17:46 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-03 11:24 --------- d-----w C:\Program Files\Audacity 2007-10-31 13:41 110,096 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2007-10-29 10:42 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-10-29 10:42 286,720 ------w C:\WINDOWS\Setup1.exe 2007-10-29 10:41 --------- d-----w C:\Program Files\Quake III Arena 2007-10-24 14:16 32,272 ----a-w C:\WINDOWS\system32\drivers\klbg.sys 2007-10-20 23:55 --------- d-----w C:\Documents and Settings\Albert\Application Data\AdobeAUM 2007-10-18 18:16 --------- d-----w C:\Documents and Settings\Albert\Application Data\AdobeUM 2007-10-14 18:54 --------- d-----w C:\Program Files\Webshots 2007-10-14 18:54 --------- d-----w C:\Program Files\Gadu-Gadu 2007-10-14 11:34 --------- d-----w C:\Program Files\SkanerOnline 2007-10-08 19:28 --------- d-----w C:\Program Files\Inno Setup 5 2007-10-07 16:04 --------- d-----w C:\Program Files\EsetOnlineScanner 2007-10-06 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-10-06 20:18 --------- d-----w C:\Program Files\Common Files\snpstd3 2007-10-06 20:17 --------- d-----w C:\Documents and Settings\Albert\Application Data\InstallShield 2007-04-11 08:10 476,752 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe 2007-02-18 18:23 84,418 ----a-w C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat 2007-04-18 17:39 88 --sh–r C:\WINDOWS\system32\300190A549.sys 2007-04-18 17:40 3,140 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “RocketDock”=“C:\Program Files\RocketDock\RocketDock.exe” [2007-03-18 23:05] “AVEDESK”=“C:\Program Files\AveDesk 1.3\AVEDESK.EXE” [2005-10-25 22:44] “LClock”=“C:\Program Files\LClock\lclock.exe” [2004-09-19 18:27] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-04 01:07 C:\WINDOWS\system32\rundll32.exe] “NvMediaCenter”=“RunDLL32.exe” [2004-08-04 01:07 C:\WINDOWS\system32\rundll32.exe] “DrvIcon”=“C:\Program Files\Vista Drive Icon\DrvIcon.exe” [2007-07-04 19:59] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 09:25] “avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe” [2007-11-14 18:28] “COMODO Firewall Pro”=“D:\Comodo\Firewall\CPF.exe” [2007-11-20 21:51] C:\Documents and Settings\Albert\Start Menu\Programs\Startup\ Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-03-18 14:04:47] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “DisableRegistryTools”= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-06 20:16 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\DRIVERS\klbg.sys R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;“C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe” R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;“C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe” R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys S1 krnl_akl;krnl_akl;??\C:\WINDOWS\system32\drivers\krnl_akl.sys S3 BOCDRIVE;BOClean Kernel Monitor.;??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys S3 klnetinf;klnetinf;??\C:\WINDOWS\system32\drivers\klnetinf.sys S3 MEMSWEEP2;MEMSWEEP2;??\C:\WINDOWS\system32\69.tmp S3 pgfilter;pgfilter;??\C:\Program Files\PeerGuardian2\pgfilter.sys S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-02 19:34:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-02 19:35:57 - machine was rebooted . — E O F —

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:44:26 PM, on 12/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe D:\Comodo\Firewall\cmdagent.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Vista Drive Icon\DrvIcon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe D:\Comodo\Firewall\CPF.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\AveDesk 1.3\AVEDESK.EXE C:\Program Files\LClock\lclock.exe C:\Program Files\Webshots\Webshots.scr C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM…\Run: [NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] “RunDLL32.exe” NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe” /min O4 - HKLM…\Run: [COMODO Firewall Pro] “D:\Comodo\Firewall\CPF.exe” /background O4 - HKCU…\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe” O4 - HKCU…\Run: [AVEDESK] “C:\Program Files\AveDesk 1.3\AVEDESK.EXE” O4 - HKCU…\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\SCIEPlgn.dll O15 - Trusted Zone: http://arcaonline.arcabit.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Comodo\Firewall\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing) – End of file - 5345 bytes

Dziekuje

@EDIT

Sorry ale juz jest okey przeczyscilem rejestr i resnolem kompa i jest oki

Gutek · 2 Grudzień 2007 00:50

logi czyste