Witam!
Nie wiem co się stało bo nigdy czegoś takiego nie miałem.
Dzięki z góry.
Sprawdź czy nie masz na dysk ukrytego bądź nie ukrytego pliku autorun.ini, jak masz to go wywal.
nie ma nic
Czekam na log
ComboFix 08-06-12.2 - Damian 2008-06-14 22:08:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.178 [GMT 2:00]
Running from: C:\Documents and Settings\Damian\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\WINDOWS\Fonts\CALIBRIB.TTF
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.
2008-06-14 18:31 . 2008-06-14 22:09 2,249 --a------ C:\WINDOWS\sremcon_drivers.dat
2008-06-14 18:31 . 2008-06-14 22:09 274 --a------ C:\WINDOWS\sremcon_startup.dat
2008-06-14 18:31 . 2008-06-14 22:09 123 --a------ C:\WINDOWS\sremcon_winlogon.dat
2008-06-12 21:54 . 2008-06-12 21:54
2008-06-12 21:54 . 2008-06-02 14:10 1,363,968 --a------ C:\WINDOWS\system32\HDX4H263Decoder.ax
2008-06-12 21:54 . 2008-06-02 14:10 167,936 --a------ C:\WINDOWS\system32\HDX4FlashDemuxer.ax
2008-06-11 19:21 . 2008-06-11 19:21
2008-06-11 19:21 . 2008-03-19 18:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-06-11 19:21 . 2008-03-19 18:29 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-06-10 21:05 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-10 21:05 . 2001-10-26 16:57 12,160 --a–c— C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-10 21:05 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-10 21:05 . 2001-08-17 22:02 9,600 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-09 13:28 . 2008-06-14 22:08 11,674 -rahs---- C:\WINDOWS\pagefile.sys.vbs
2008-06-09 13:28 . 2008-06-14 22:08 11,674 -rahs---- C:\pagefile.sys.vbs
2008-06-05 13:51 . 2008-06-05 13:51
2008-06-04 20:53 . 2008-06-14 18:31
2008-06-04 20:52 . 2008-06-04 20:52
2008-06-04 20:52 . 2008-06-04 20:52
2008-06-04 20:52 . 2008-03-01 17:09 23,096 --a------ C:\WINDOWS\system32\sremcon.exe
2008-06-04 20:52 . 2008-02-05 12:10 14,392 --a------ C:\WINDOWS\system32\drivers\spyemrg_guard.sys
2008-06-04 20:52 . 2008-02-05 12:10 12,344 --a------ C:\WINDOWS\system32\drivers\spyemrg.sys
2008-06-04 20:27 . 2008-06-04 20:27
2008-06-03 20:55 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-06-03 20:53 . 2008-06-03 20:53
2008-06-03 20:52 . 2008-06-03 20:52
2008-06-03 20:50 . 2008-06-03 20:50
2008-06-03 20:47 . 2008-06-03 20:47
2008-06-03 20:45 . 2008-06-03 20:52
2008-06-03 20:43 . 2008-06-03 20:55
2008-06-03 20:42 . 2008-06-03 20:42
2008-06-02 19:07 . 2008-06-02 19:10
2008-06-02 19:06 . 2008-06-02 19:06
2008-05-31 22:16 . 2008-06-04 20:32
2008-05-29 20:52 . 2008-06-04 20:21
2008-05-28 21:31 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-28 21:31 . 2004-08-03 23:08 31,616 --a–c— C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-28 16:06 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-27 22:35 . 2008-05-27 22:35
2008-05-25 22:30 . 2008-05-25 22:30
2008-05-25 22:30 . 2008-05-26 21:51
2008-05-25 22:21 . 2008-05-25 22:21
2008-05-25 21:33 . 2008-05-25 21:33 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-25 19:05 . 2008-05-25 19:05 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-25 18:55 . 2008-05-25 18:56
2008-05-25 18:46 . 2008-05-25 18:46
2008-05-25 18:46 . 2007-08-18 09:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-05-25 11:32 . 2008-05-25 11:32
2008-05-25 00:48 . 2008-05-25 00:48
2008-05-25 00:26 . 2008-06-14 20:49
2008-05-25 00:25 . 2008-06-13 22:23
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 18:34 --------- d-----w C:\Program Files\ESET
2008-05-25 20:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-05-24 21:24 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-24 21:21 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]
“SpyEmergency”=“C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe” [2008-03-31 11:13 2071096]
“ccleaner”=“C:\Program Files\CCleaner\CCleaner.exe” [2008-03-25 11:48 906480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 22:16 39792]
“MSRegInfo”=“C:\WINDOWS\pagefile.sys.vbs” [2008-06-14 22:08 11674]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.ac3filter”= ac3filter.acm
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
R1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS\system32\Drivers\spyemrg.sys [2008-02-05 12:10]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;C:\WINDOWS\system32\Drivers\spyemrg_guard.sys [2008-02-05 12:10]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7ee7db20-3613-11dd-aae0-00120e32c31f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ac11a8c1-29e4-11dd-bbed-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ac11a8c2-29e4-11dd-bbed-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ac11a8c3-29e4-11dd-bbed-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 22:09:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-14 22:11:17
ComboFix-quarantined-files.txt 2008-06-14 20:10:53
Pre-Run: 14,123,642,880 bajtów wolnych
Post-Run: 14,120,570,880 bajtów wolnych
123
Otwórz notatnik i wklej
zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
http://img.wklej.org/images/88953CFScri … iemoes.gif
Powinno rozpocząć się usuwanie
Potem log z usuwania Combofix