Tomek331 napisał: Przeskanuj kompa ComboFixem i daj loga.
Killing 'Nircmd.com'
"C:\32788R22FWJFW\nircmd.com" cmdwait 1500 exec hide "~$folder.system$\cmd.execf" /c 32788R22FWJFW\prep.cmd (1668)
PUSHD "C:\32788R22FWJFW\"
IF NOT EXIST C:\WINDOWS\system32\cmd.exe GOTO Not_NT
VER 1>OsVer
"C:\WINDOWS\system32\Find.exe" "5.2." OsVer
---------- OSVER
IF 1 == 0 GOTO Not_NT
"C:\WINDOWS\system32\Find.exe" "5.1.2" OsVer
---------- OSVER
Microsoft Windows XP [Wersja 5.1.2600]
IF 0 == 0 GOTO NT
=============================================
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\JACK\Dane aplikacji
CFLDR=32788R22FWJFW
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TROJA
ComSpec=C:\WINDOWS\system32\cmd.execf
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\JACK
KMD=CF10048.exe
LOGONSERVER=\\TROJA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.CFEXE;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
RKEY_=hklm\software\microsoft\windows nt\currentversion\windows
SESSIONNAME=Console
sfxcmd="C:\Documents and Settings\JACK\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ONFZA0DD\ComboFix[1].exe" /u
sfxname=C:\Documents and Settings\JACK\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ONFZA0DD\ComboFix[1].exe
SYSTEM=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JACK\USTAWI~1\Temp
TMP=C:\DOCUME~1\JACK\USTAWI~1\Temp
USERDOMAIN=TROJA
USERNAME=JACK
USERPROFILE=C:\Documents and Settings\JACK
windir=C:\WINDOWS
=============================================
IF NOT DEFINED sfxname GOTO END
CALL sfx.cmd
IF EXIST OsVer00 CALL :Vista
IF /I "C:\32788R22FWJFW" NEQ "C:\32788R22FWJFW" GOTO Abort
IF EXIST "C:\DOCUME~1\JACK\USTAWI~1\Temp\32788R22FWJFW32788R22FWJFW.log" DEL "C:\DOCUME~1\JACK\USTAWI~1\Temp\32788R22FWJFW32788R22FWJFW.log"
(
SET "FileName=ComboFix[1]"
SET "FilePath=C:\Documents and Settings\JACK\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ONFZA0DD\"
)
SET FileName 1>FileName
GREP -isqx "FileName=[-[]@.]*" FileName || (
CALL NIRCMD infobox "Nie możesz zmienić nazwy ComboFix na %FileName%~n~nProszę użyć innej nazwy, najlepiej składającej się z kilku liter i cyfr" ""
GOTO END
)
IF EXIST "C:\WINDOWS\system32\cmd.execf" MOVE /Y "C:\WINDOWS\system32\cmd.execf" "C:\DOCUME~1\JACK\USTAWI~1\Temp"
CD ..
IF DEFINED cfldr RD /S/Q "32788R22FWJFW"
Dodano po 1 [minuty]: Tomek331 napisał: Przeskanuj kompa ComboFixem i daj loga.
Killing 'Nircmd.com'
"C:\32788R22FWJFW\nircmd.com" cmdwait 1500 exec hide "~$folder.system$\cmd.execf" /c 32788R22FWJFW\prep.cmd (1668)
PUSHD "C:\32788R22FWJFW\"
IF NOT EXIST C:\WINDOWS\system32\cmd.exe GOTO Not_NT
VER 1>OsVer
"C:\WINDOWS\system32\Find.exe" "5.2." OsVer
---------- OSVER
IF 1 == 0 GOTO Not_NT
"C:\WINDOWS\system32\Find.exe" "5.1.2" OsVer
---------- OSVER
Microsoft Windows XP [Wersja 5.1.2600]
IF 0 == 0 GOTO NT
=============================================
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\JACK\Dane aplikacji
CFLDR=32788R22FWJFW
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TROJA
ComSpec=C:\WINDOWS\system32\cmd.execf
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\JACK
KMD=CF10048.exe
LOGONSERVER=\\TROJA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.CFEXE;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
RKEY_=hklm\software\microsoft\windows nt\currentversion\windows
SESSIONNAME=Console
sfxcmd="C:\Documents and Settings\JACK\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ONFZA0DD\ComboFix[1].exe" /u
sfxname=C:\Documents and Settings\JACK\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ONFZA0DD\ComboFix[1].exe
SYSTEM=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JACK\USTAWI~1\Temp
TMP=C:\DOCUME~1\JACK\USTAWI~1\Temp
USERDOMAIN=TROJA
USERNAME=JACK
USERPROFILE=C:\Documents and Settings\JACK
windir=C:\WINDOWS
=============================================
IF NOT DEFINED sfxname GOTO END
CALL sfx.cmd
IF EXIST OsVer00 CALL :Vista
IF /I "C:\32788R22FWJFW" NEQ "C:\32788R22FWJFW" GOTO Abort
IF EXIST "C:\DOCUME~1\JACK\USTAWI~1\Temp\32788R22FWJFW32788R22FWJFW.log" DEL "C:\DOCUME~1\JACK\USTAWI~1\Temp\32788R22FWJFW32788R22FWJFW.log"
(
SET "FileName=ComboFix[1]"
SET "FilePath=C:\Documents and Settings\JACK\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ONFZA0DD\"
)
SET FileName 1>FileName
GREP -isqx "FileName=[-[:alnum:]@.]*" FileName || (
CALL NIRCMD infobox "Nie możesz zmienić nazwy ComboFix na %FileName%~n~nProszę użyć innej nazwy, najlepiej składającej się z kilku liter i cyfr" ""
GOTO END
)
IF EXIST "C:\WINDOWS\system32\cmd.execf" MOVE /Y "C:\WINDOWS\system32\cmd.execf" "C:\DOCUME~1\JACK\USTAWI~1\Temp"
CD ..
IF DEFINED cfldr RD /S/Q "32788R22FWJFW"
