Norbert271989 utworzono 18 września 2008 utworzono 18 września 2008 Nie mogę go usunąć proszę o pomoc zna ktoś jakiś sprawdzony sposób ??
nitro07 komentarz 18 września 2008 komentarz 18 września 2008 ten problem był niedawno poruszany, zastosuj się do tych instrukcji: Link
Norbert271989 komentarz 18 września 2008 Autor komentarz 18 września 2008 Mogę podać logi z hijackthis i combofix-a co mam dalej robic?? hijackthis: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:01:25, on 2008-09-18Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\temp1.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\VM303_STI.EXEC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\WINDOWS\FONTS\GEE.exeC:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Winamp Remote\bin\OrbTray.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Microsoft ActiveSync\WCESCOMM.EXEC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpageR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaF3 - REG:win.ini: load=C:\WINDOWS\svchost.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [RavTimeXP] C:\WINDOWS\FONTS\GEE.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exeO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /backgroundO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [sWinFile] C:\Program Files\InCode Solutions\Safe WinFile Ultimate Tech 2005\safewinfile.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: scvhost.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Utwórz Ulubione dla urządzenia przenośnego - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dllO9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dllO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe--End of file - 7796 bytes combofix: ComboFix 08-09-16.05 - Norbert 2008-09-18 12:14:16.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1522 [GMT 2:00]Uruchomiony z: C:\Documents and Settings\Norbert\Moje dokumenty\Download\ComboFix.exe * Utworzono nowy punkt przywracania[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).C:\autorun.infC:\copy.exeC:\host.exeC:\WINDOWS\autorun.infC:\WINDOWS\svchost.exeC:\WINDOWS\system32\AlxTB2.dllC:\WINDOWS\system32\temp1.exeC:\WINDOWS\system32\temp2.exeC:\WINDOWS\xcopy.exeH:\Autorun.infH:\copy.exeH:\host.exe----- File Replicators -----C:\Albion\mk\mk.exeC:\Documents and Settings\All Users\Dokumenty\Dokumenty.exeC:\Documents and Settings\All Users\Menu Start\Programy\Christmas Magic\Christmas Magic.exeC:\Documents and Settings\All Users\Menu Start\Programy\Furnish Pro\Furnish Pro.exeC:\Documents and Settings\Norbert\2c0WINFILE.EXEC:\Documents and Settings\Norbert\bbbWINFILE.EXEC:\Documents and Settings\Norbert\CycWINFILE.EXEC:\Documents and Settings\Norbert\Ja2WINFILE.EXEC:\Documents and Settings\Norbert\Ja3WINFILE.EXEC:\Documents and Settings\Norbert\Ja4WINFILE.EXEC:\Documents and Settings\Norbert\Ja5WINFILE.EXEC:\Documents and Settings\Norbert\Ja6WINFILE.EXEC:\Documents and Settings\Norbert\Ja7WINFILE.EXEC:\Documents and Settings\Norbert\KodWINFILE.EXEC:\Documents and Settings\Norbert\Menu Start\Programy\Lame MP3 Codec\Lame MP3 Codec.exeC:\Documents and Settings\Norbert\Moje dokumenty\An\An.exeC:\Documents and Settings\Norbert\Moje dokumenty\An\o niee\o niee.exeC:\Documents and Settings\Norbert\Moje dokumenty\Arsen\Arsen.exeC:\Documents and Settings\Norbert\Moje dokumenty\Arsen\hh\hh.exeC:\Documents and Settings\Norbert\Moje dokumenty\Azureus Downloads\!Przebudzenie txt\!Przebudzenie txt.exeC:\Documents and Settings\Norbert\Moje dokumenty\Azureus Downloads\52D deep hans\52D deep hans.exeC:\Documents and Settings\Norbert\Moje dokumenty\Azureus Downloads\Azureus Downloads.exeC:\Documents and Settings\Norbert\Moje dokumenty\Azureus Downloads\Efekt motyla\Efekt motyla.exeC:\Documents and Settings\Norbert\Moje dokumenty\Azureus Downloads\hancock\hancock.exeC:\Documents and Settings\Norbert\Moje dokumenty\Azureus Downloads\Jumper.TS.XViD-qbix\Jumper.TS.XViD-qbix.exeC:\Documents and Settings\Norbert\Moje dokumenty\Azureus Downloads\Knocked Up [Zone Team]\Knocked Up [Zone Team].exeC:\Documents and Settings\Norbert\Moje dokumenty\Azureus Downloads\The.Happening.DVDRip.RMVB-ZG\The.Happening.DVDRip.RMVB-ZG.exeC:\Documents and Settings\Norbert\Moje dokumenty\Azureus Downloads\Wanted 2008 TS XviD-Qbix\Wanted 2008 TS XviD-Qbix.exeC:\Documents and Settings\Norbert\Moje dokumenty\daemon\daemon.exeC:\Documents and Settings\Norbert\Moje dokumenty\Download\Download.exeC:\Documents and Settings\Norbert\Moje dokumenty\EA Games\EA Games.exeC:\Documents and Settings\Norbert\Moje dokumenty\FIFA 08\A. Profile\A. Profile.exeC:\Documents and Settings\Norbert\Moje dokumenty\FIFA 08\FIFA 08.exeC:\Documents and Settings\Norbert\Moje dokumenty\FotkaManager 1.3.3\FotkaManager 1.3.3.exeC:\Documents and Settings\Norbert\Moje dokumenty\KONAMI\KONAMI.exeC:\Documents and Settings\Norbert\Moje dokumenty\KONAMI\Pro Evolution Soccer 2008\save\save.exeC:\Documents and Settings\Norbert\Moje dokumenty\Moja Pierwsza Encyklopedia\Moja Pierwsza Encyklopedia.exeC:\Documents and Settings\Norbert\Moje dokumenty\Moje dokumenty.exeC:\Documents and Settings\Norbert\Moje dokumenty\Moje obrazy\Moja muzyka\Moja muzyka.exeC:\Documents and Settings\Norbert\Moje dokumenty\Moje obrazy\Moje obrazy.exeC:\Documents and Settings\Norbert\Moje dokumenty\Moje obrazy\Obraz\Obraz.exeC:\Documents and Settings\Norbert\Moje dokumenty\Moje wideo\Moje wideo.exeC:\Documents and Settings\Norbert\Moje dokumenty\Moje wideo\Samsung Media Studio\Samsung Media Studio.exeC:\Documents and Settings\Norbert\Moje dokumenty\Moje zeskanowane obrazy\2008-01 (sty)\2008-01 (sty).exeC:\Documents and Settings\Norbert\Moje dokumenty\Moje zeskanowane obrazy\2008-02 (lut)\2008-02 (lut).exeC:\Documents and Settings\Norbert\Moje dokumenty\Moje zeskanowane obrazy\2008-03 (mar)\2008-03 (mar).exeC:\Documents and Settings\Norbert\Moje dokumenty\Moje zeskanowane obrazy\2008-04 (kwi)\2008-04 (kwi).exeC:\Documents and Settings\Norbert\Moje dokumenty\Moje zeskanowane obrazy\2008-05 (maj)\2008-05 (maj).exeC:\Documents and Settings\Norbert\Moje dokumenty\Moje zeskanowane obrazy\Moje zeskanowane obrazy.exeC:\Documents and Settings\Norbert\Moje dokumenty\Mp3\Mp3.exeC:\Documents and Settings\Norbert\Moje dokumenty\My Music\MP3\MP3.exeC:\Documents and Settings\Norbert\Moje dokumenty\My Music\My Music.exeC:\Documents and Settings\Norbert\Moje dokumenty\Nowy folder\disco polo\disco polo.exeC:\Documents and Settings\Norbert\Moje dokumenty\Nowy folder\Nowy folder.exeC:\Documents and Settings\Norbert\Moje dokumenty\Sylwester mix\Sylwester mix.exeC:\Documents and Settings\Norbert\OlaWINFILE.EXEC:\Documents and Settings\Norbert\OrbWINFILE.EXEC:\Documents and Settings\Norbert\Pulpit\Airborne (H)\Airborne (H).exeC:\Documents and Settings\Norbert\Pulpit\Airborne (H)\Autorun\Autorun.exeC:\Documents and Settings\Norbert\Pulpit\Airborne (H)\DirectX\DirectX.exeC:\Documents and Settings\Norbert\Pulpit\Gril ciocia hania\foto.exeC:\Documents and Settings\Norbert\Pulpit\Gril ciocia hania\Gril ciocia hania.exeC:\Documents and Settings\Norbert\Pulpit\gry\gry.exeC:\Documents and Settings\Norbert\Pulpit\karolina nk\karolina nk.exeC:\Documents and Settings\Norbert\Pulpit\NEW\AUDIO_TS\AUDIO_TS.exeC:\Documents and Settings\Norbert\Pulpit\NEW\NEW\VIDEO_TS\VIDEO_TS.exeC:\Documents and Settings\Norbert\Pulpit\NEW\VIDEO_TS\VIDEO_TS.exeC:\Documents and Settings\Norbert\Pulpit\VA-DJ_Decks_Mixtape_Vol.4-PL-2008-BFPMP3\VA-DJ_Decks_Mixtape_Vol.4-PL-2008-BFPMP3.exeC:\Documents and Settings\Norbert\SMSWINFILE.EXEC:\Program Files\3 Point Shootout\3 Point Shootout.exeC:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYY FineReader 7.0 Professional Edition.exeC:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Call of Duty 4 - Modern Warfare.exeC:\Program Files\Adobe\Adobe.exeC:\Program Files\Apple Software Update\Apple Software Update.exeC:\Program Files\Aspyr Media, Inc\Aspyr Media, Inc.exeC:\Program Files\CDex_150\CDex_150.exeC:\Program Files\EA Sports\EA Sports.exeC:\Program Files\EA Sports\NBA LIVE 08\crack\crack.exeC:\Program Files\EA Sports\NBA LIVE 08\NBA LIVE 08.exeC:\Program Files\Electronic Arts\Electronic Arts.exeC:\Program Files\Electronic Arts\Medal of Honor Airborne\Medal of Honor Airborne.exeC:\Program Files\Electronic Arts\Medal of Honor Airborne\Support\EA Help\EA Help.exeC:\Program Files\Electronic Arts\Medal of Honor Airborne\Support\Support.exeC:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\Binaries.exeC:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\CookedMovies\CookedMovies.exeC:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\Localization\PC\PC.exeC:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\MOHAGame.exeC:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\UnrealEngine3.exeC:\Program Files\Electronic Arts\Need for Speed Carbon\MOVIES\MOVIES.exeC:\Program Files\Electronic Arts\Need for Speed Carbon\Need for Speed Carbon.exeC:\Program Files\Gadu-Gadu\Gadu-Gadu.exeC:\Program Files\Gadu-Gadu\skins\skins.exeC:\Program Files\Pizza Syndicate PL\Pizza Syndicate PL.exeC:\Program Files\Program Files.exeC:\Program Files\Quake III Arena\Quake III Arena.exeC:\Program Files\Rockstar Games\GTA San Andreas\GTA San Andreas.exeC:\Program Files\Rockstar Games\Rockstar Games.exeC:\WINDOWS\Fonts\GEE.exeC:\WINDOWS\MShelp.EXEC:\WINFILE.EXEH:\Filmy\1408\1408.exeH:\Filmy\adrenalina\adrenalina.exeH:\Filmy\Filmy.exeH:\Filmy\Hitman.R5.LINE.XViD-PUKKA\Hitman.R5.LINE.XViD-PUKKA.exeH:\Filmy\Numer 23LekPL\Numer 23LekPL.exeH:\Filmy\Ong Bang\Ong Bang.exeH:\Filmy\Rambo\Rambo.exeH:\Filmy\Saw III\Saw III.exeH:\Filmy\School For Scoundrels\School For Scoundrels.exeH:\Filmy\Step up 2\Step up 2.exeH:\Filmy\The.Invisible.2007.PL.DVDRip.XviD-CH.W.D.F\The.Invisible.2007.PL.DVDRip.XviD-CH.W.D.F.exeH:\Filmy\The.Invisible.2007.PL.DVDRip.XviD-CH.W.D.F\ti.p.x-chwdf\ti.p.x-chwdf.exeH:\Filmy\Wesele\Wesele.exeH:\Foto\1\1.exeH:\Foto\105_PANA\105_PANA.exeH:\Foto\18 ziuty i paszczaka\18 ziuty i paszczaka.exeH:\Foto\1b\1b.exeH:\Foto\2\102_PANA\102_PANA.exeH:\Foto\2\103_PANA\103_PANA.exeH:\Foto\2\2.exeH:\Foto\Bialy tydzien\Bialy tydzien.exeH:\Foto\COs\COs.exeH:\Foto\DCIM\100MSDCF\100MSDCF.exeH:\Foto\DCIM\DCIM.exeH:\Foto\Dzien Dresa\103_PANA\103_PANA.exeH:\Foto\Dzien Dresa\Dzien Dresa.exeH:\Foto\dzien edukacji, mecz,inne\dzien edukacji, mecz,inne.exeH:\Foto\fikusowa18stka\fikusowa18stka.exeH:\Foto\Fotki z meczy\Fotki z meczy.exeH:\Foto\Fotkii\104_PANA\104_PANA.exeH:\Foto\Fotkii\Fotkii.exeH:\Foto\Foto Patryk\Foto Patryk.exeH:\Foto\Foto Patryk\inne\inne.exeH:\Foto\Foto Patryk\inne\Marlena\Marlena.exeH:\Foto\Foto.exeH:\Foto\Foto1\Fotko\104_PANA\104_PANA.exeH:\Foto\Foto1\Foto1.exeH:\Foto\GD, Grill, Dom\GD, Grill, Dom.exeH:\Foto\Gorowo\Gorowo.exeH:\Foto\INNe\INNe.exeH:\Foto\kaczorowa18stka\first\first.exeH:\Foto\kaczorowa18stka\kaczorowa18stka.exeH:\Foto\kaczorowa18stka\second\second.exeH:\Foto\kaczorowa18stka\third\third.exeH:\Foto\kara komunia, koniec roku\101_PANA\101_PANA.exeH:\Foto\kara komunia, koniec roku\105_PANA\105_PANA.exeH:\Foto\kara komunia, koniec roku\106_PANA\106_PANA.exeH:\Foto\kara komunia, koniec roku\kara komunia, koniec roku.exeH:\Foto\kara komunia, koniec roku\kara komunia.exeH:\Foto\Karolina kot\Karolina kot.exeH:\Foto\Karolina\Karolina.exeH:\Foto\karolinowa 18stka\karolinowa 18stka.exeH:\Foto\Karoliny foto z koma\Karoliny foto z koma.exeH:\Foto\Komunia Juli\Komunia Juli.exeH:\Foto\Komunia\101_PANA.exeH:\Foto\Komunia\Komunia.exeH:\Foto\koniec roku 18\koniec roku 18.exeH:\Foto\kotecze najlepszy\kotecze najlepszy.exeH:\Foto\kretowiny 2oo8\kretowiny 2oo8.exeH:\Foto\kretowiny 2oo8\MISC\MISC.exeH:\Foto\meniowa 18stka\meniowa 18stka.exeH:\Foto\MSSONY\MOML0001\MOML0001.exeH:\Foto\MSSONY\MSSONY.exeH:\Foto\nie wiem\106_PANA.exeH:\Foto\nie wiem\nie wiem.exeH:\Foto\nor\nor.exeH:\Foto\Norway\Norway.exeH:\Foto\Norway\Seria002\Seria002.exeH:\Foto\Norway\Seria003\Seria003.exeH:\Foto\Norway\Seria004\Seria004.exeH:\Foto\Polowinki\Polowinki.exeH:\Foto\pub,8l,bzdety\pub,8l,bzdety.exeH:\Foto\Sylwek\Sylwek.exeH:\Foto\tam u Gosi\tam u Gosi.exeH:\Foto\Teatr, 18 pely,inne\Teatr, 18 pely,inne.exeH:\Foto\Wa wa\Wa wa.exeH:\Foto\wesele\wesele.exeH:\Foto\wesele\zxc\106_PANA.exeH:\Foto\wesele\zxc\zxc.exeH:\Foto\wycieczka do olsztynowa\wycieczka do olsztynowa.exeH:\Foto\Wycieczka II b 2007_02_07\Wycieczka II b 2007_02_07.exeH:\Foto\z grilla u gosi\z grilla u gosi.exeH:\Foto\z grilla u gosi\z grilla u gosi\z grilla u gosi.exeH:\Gadu-Gadu\Gadu-Gadu.exeH:\Gry\Fifa 2008\Fifa 2008.exeH:\Gry\Gry.exeH:\Gry\GTA SA\Bin\Bin.exeH:\Gry\GTA SA\GTA SA.exeH:\Gry\Need_for_Speed_Carbon_Collectors_Edition\Need_for_Speed_Carbon_Collectors_Edition.exeH:\Gry\NFS PS\nfs-ps[crack+serial]\nfs-ps[crack+serial].exeH:\Gry\NFS PS\NFS PS.exeH:\Gry\p\p.exeH:\Gry\Power Spike Pro Beach Volleyball\Power Spike Pro Beach Volleyball.exeH:\Gry\Q2\Q2.exeH:\Gry\Q3 serial+crack\Q3 serial+crack.exeH:\Matura polski\2008-01 (sty)\2008-01 (sty).exeH:\Matura polski\Matura polski.exeH:\Moje dokumenty\Moje dokumenty.exeH:\mp\mp.exeH:\MP3\MP3.exeH:\My Downloads\My Downloads.exeH:\PEs 8\PEs 8.exeH:\PEs 8\Pro.Evolution.Soccer.2008.CRACK.ONLY-FAIRLIGHT-km07.(emule-polska.pl)\Pro.Evolution.Soccer.2008.CRACK.ONLY-FAIRLIGHT-km07.(emule-polska.pl).exeH:\Programy\Dj. Traktor Studio 2\Dj. Traktor Studio 2.exeH:\Programy\Programy.exeH:\Pulpit\Pulpit.exeH:\Pulpit\Pulpit\Pulpit.exeH:\Pulpit\ziutas\ziutas.exeH:\sety\sety.exeH:\WINFILE.EXEH:\Wolne\Wolne.exe..((((((((((((((((((((((((( Pliki utworzone od 2008-08-18 do 2008-09-18 ))))))))))))))))))))))))))))))).2008-09-18 12:01 . 2008-09-18 12:01 <DIR> d-------- C:\Program Files\Trend Micro2008-09-18 11:58 . 2008-09-18 11:58 <DIR> d-------- C:\Program Files\InCode Solutions2008-09-18 11:08 . 2008-09-18 11:10 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy2008-09-18 11:08 . 2008-09-18 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy2008-09-17 11:25 . 2008-09-17 11:25 <DIR> d-------- C:\Program Files\Smart Projects2008-09-10 12:12 . 2008-09-10 12:12 7,168 --ahs---- C:\WINDOWS\Thumbs.db2008-09-01 20:02 . 2008-09-18 08:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn2008-09-01 20:02 . 2008-09-01 20:02 1,409 --a------ C:\WINDOWS\QTFont.for2008-08-25 22:48 . 2008-08-25 22:48 <DIR> d-------- C:\Program Files\Pixie2008-08-25 22:48 . 2008-08-25 22:48 <DIR> d-a------ C:\Program Files\Furnish Pro2008-08-25 22:48 . 2004-03-29 15:23 90,112 --a------ C:\WINDOWS\unvise32.exe2008-08-25 21:49 . 2008-08-25 21:49 <DIR> d-------- C:\Program Files\InterActive Vision2008-08-24 19:37 . 2008-08-24 19:39 <DIR> d-------- C:\Program Files\Wesola_Szkola_3.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-18 10:16 --------- d-----w C:\Program Files\Rockstar Games2008-09-18 10:16 --------- d-----w C:\Program Files\Quake III Arena2008-09-18 10:16 --------- d-----w C:\Program Files\Pizza Syndicate PL2008-09-18 10:16 --------- d-----w C:\Program Files\Gadu-Gadu2008-09-18 10:16 --------- d-----w C:\Program Files\Electronic Arts2008-09-18 10:16 --------- d-----w C:\Program Files\EA Sports2008-09-18 10:16 --------- d-----w C:\Program Files\CDex_1502008-09-18 10:16 --------- d-----w C:\Program Files\Aspyr Media, Inc2008-09-18 10:16 --------- d-----w C:\Program Files\Apple Software Update2008-09-18 10:16 --------- d-----w C:\Program Files\ABBYY FineReader 7.0 Professional Edition2008-09-18 10:16 --------- d-----w C:\Program Files\3 Point Shootout2008-09-18 10:16 --------- d-----w C:\Documents and Settings\Norbert\Dane aplikacji\Skype2008-09-18 08:40 --------- d-----w C:\Program Files\Norton Security Scan2008-09-18 08:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared2008-09-17 19:31 --------- d-----w C:\Documents and Settings\Norbert\Dane aplikacji\Hamachi2008-09-11 11:47 16,224 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys2008-09-05 19:40 --------- d-----w C:\Documents and Settings\Norbert\Dane aplikacji\Azureus2008-08-29 13:31 --------- d-----w C:\Program Files\NAPI-PROJEKT2008-08-18 15:00 --------- d-----w C:\Program Files\JetAudio2008-08-15 15:50 --------- d-----w C:\Program Files\Deluxe Ski Jump 32008-08-13 15:34 --------- d-----w C:\Program Files\AGEIA Technologies2008-08-13 15:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard2008-08-12 07:48 --------- d-----w C:\Program Files\DAEMON Tools Lite2008-08-11 17:08 --------- d-----w C:\Program Files\True Crime® New York City2008-08-11 17:01 --------- d-----w C:\Program Files\Common Files\DirectX2008-08-11 16:28 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll2008-08-11 15:59 --------- d-----w C:\Program Files\DAEMON Tools Toolbar2008-08-11 15:57 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys2008-08-11 15:57 --------- d-----w C:\Documents and Settings\Norbert\Dane aplikacji\DAEMON Tools2008-08-11 15:56 --------- d-----w C:\Program Files\PowerISO2008-08-07 09:53 --------- d-----w C:\Documents and Settings\Norbert\Dane aplikacji\GanymedeNet2008-08-05 20:35 --------- d-----w C:\Program Files\Ganymede2008-08-03 09:12 --------- d-----w C:\Documents and Settings\Norbert\Dane aplikacji\DivX2008-07-31 21:12 --------- d-----w C:\Program Files\DivX2008-07-31 18:55 --------- d-----w C:\Program Files\K-Lite Codec Pack2008-07-22 22:37 --------- d-----w C:\Program Files\Azureus2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll2008-07-03 16:53 65,024 ----a-w C:\WINDOWS\IFinst26.exe2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll2008-06-23 15:41 662,016 ----a-w C:\WINDOWS\system32\wininet.dll2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe2008-03-19 13:17 22,328 ----a-w C:\Documents and Settings\Norbert\Dane aplikacji\PnkBstrK.sys. <pre> ----a-w 503,808 2008-03-21 15:38:14 C:\Documents and Settings\Norbert\Moje dokumenty\Download\sPolszczEnie COD4 .exe </pre> ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 19975208] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272] "SWinFile"="C:\Program Files\InCode Solutions\Safe WinFile Ultimate Tech 2005\safewinfile.exe" [2005-06-14 302080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 81920] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "BigDog303"="C:\WINDOWS\VM303_STI.EXE" [2005-06-23 61440] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 37376] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696] "FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-12-10 278528] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-09-09 196608] "nwiz"="nwiz.exe" [2007-06-28 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2007-04-04 C:\WINDOWS\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-03 113664] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] scvhost.exe [2008-03-21 503808] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Valve\\hl.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\Quake III Arena\\quake3.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "H:\\PEs 8\\Pro.Evolution.Soccer.2008.CRACK.ONLY-FAIRLIGHT-km07.(emule-polska.pl)\\Pro.Evolution.Soccer.2008.CRACK.ONLY-FAIRLIGHT-km07\\PES2008.exe"= "H:\\Gry\\Q2\\quake2.exe"= "C:\\WINDOWS\\system32\\muzapp.exe"= "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= "C:\\Program Files\\EA Sports\\FIFA 08\\FIFA08.exe"= "C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef5ece14-c3ac-11dc-b2d1-e600791dd208}] \Shell\AutoRun\command - J:\Launch.exe *Newly Created Service* - PROCEXP90 . Zawartość folderu 'Zaplanowane zadania' . . ------- Skan uzupełniający ------- . FireFox -: Profile - C:\Documents and Settings\Norbert\Dane aplikacji\Mozilla\Firefox\Profiles\ukq7iml3.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/ FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOggX.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPROULETTE.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPSLOTS70.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPSLOTS90.dll FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin8.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-18 12:16:33 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?9???????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2008-09-18 12:17:25 ComboFix-quarantined-files.txt 2008-09-18 10:17:10 Przed: 45,493,538,816 bajt˘w wolnych Po: 45,510,934,528 bajt˘w wolnych 427 --- E O F --- 2008-09-10 13:56:02
nitro07 komentarz 18 września 2008 komentarz 18 września 2008 fikśnij to: C:\WINDOWS\System32\smss.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\temp1.exeC:\WINDOWS\VM303_STI.EXEF3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
Norbert271989 komentarz 18 września 2008 Autor komentarz 18 września 2008 Dzięki za pomoc wszystko ok pozdro
Mateusz J. komentarz 18 września 2008 komentarz 18 września 2008 ComboFix usunął praktycznie całą infekcję. Usuń folder kwarantanny programu ComboFix: C:\QooBox.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.