witam!!tak jak właśnie widać w temacie mam problem związany z otwarciem menadżera zadań i regedit. tutaj wklejam loga z otl
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\GEST not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\cdoosoft not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Power2GoExpress not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableTaskMgr deleted successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{31435657-9980-0010-8000-00AA00389B71}\ not found.
C:\autorun.inf folder moved successfully.
Folder move failed. D:\autorun.inf scheduled to be moved on reboot.
File E:\autorun.inf not found.
C:\Qoobox\TestC folder moved successfully.
C:\Qoobox\Test folder moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine\D folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32 folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Help folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Menu Start folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
C:\Qoobox\LastRun folder moved successfully.
C:\Qoobox\BackEnv folder moved successfully.
C:\Qoobox folder moved successfully.
File C:\autorun.inf not found.
File C:\9qqigqwf.exe not found.
File C:\ws.exe not found.
File C:\y.exe not found.
File C:\0fpdq2dw.exe not found.
File C:\df.exe not found.
File C:\c2e.exe not found.
File C:\qkm.exe not found.
File C:\sywyrl0q.exe not found.
File C:\WINDOWS\System32\ptnrtg.dll not found.
========== FILES ==========
File\Folder D:\9qqigqwf.exe not found.
File\Folder E:\9qqigqwf.exe not found.
File\Folder D:\ws.exe not found.
File\Folder E:\ws.exe not found.
File\Folder D:\y.exe not found.
File\Folder E:\y.exe not found.
File\Folder D:\0fpdq2dw.exe not found.
File\Folder E:\0fpdq2dw.exe not found.
File\Folder D:\df.exe not found.
File\Folder E:\df.exe not found.
File\Folder D:\c2e.exe not found.
File\Folder E:\c2e.exe not found.
File\Folder D:\qkm.exe not found.
File\Folder E:\qkm.exe not found.
File\Folder D:\sywyrl0q.exe not found.
File\Folder E:\sywyrl0q.exe not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\“FirstRunDisabled” | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\“AntiVirusDisableNotify” | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\“FirewallDisableNotify” | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\“UpdatesDisableNotify” | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\“AntiVirusOverride” | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\“FirewallOverride” | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\“UacDisableNotify” | 0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\H:\explorer.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\DOCUME~1\Komp1\USTAWI~1\Temp\uxpo.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\DOCUME~1\Komp1\USTAWI~1\Temp\w95cca.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Gość
->Temp folder emptied: 587534 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Shasti
->Temp folder emptied: 750701 bytes
->Temporary Internet Files folder emptied: 2954607 bytes
->Java cache emptied: 35432091 bytes
->Opera cache emptied: 40482264 bytes
->Flash cache emptied: 67397 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 409436 bytes
Total Files Cleaned = 77,00 mb
OTL by OldTimer - Version 3.2.9.1 log created on 07302010_161759
Files\Folders moved on Reboot…
Folder move failed. D:\autorun.inf scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_c94.dat moved successfully.
Registry entries deleted on Reboot…
tutaj z combofix
ComboFix 10-07-29.01 - Shasti 2010-07-30 4:05.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.1400 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Shasti\Pulpit\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\All Users\Menu Start\HP Image Zone .lnk
c:\windows\Alcmtr.exe
c:\windows\Help\DVCLAL
c:\windows\Help\PACKAGEINFO
c:\windows\system32\winlogon.bak
D:\autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
((((((((((((((((((((((((( Pliki utworzone od 2010-06-28 do 2010-07-30 )))))))))))))))))))))))))))))))
.
2010-07-28 15:31 . 2010-07-28 15:32 -------- d-----w- c:\program files\Valve
2010-07-28 11:18 . 2010-07-29 21:07 -------- d-----w- C:\valve
2010-07-25 07:39 . 2010-07-25 07:39 33224 --sh–r- C:\mlrnft.exe
2010-07-11 19:05 . 2010-07-11 19:05 -------- d-----w- c:\documents and settings\Gość
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 17:35 . 2009-02-22 16:29 108392 ----a-w- c:\documents and settings\Shasti\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-07-28 10:12 . 2009-03-13 09:34 -------- d-----w- c:\documents and settings\Shasti\Dane aplikacji\Samsung
2010-07-28 10:12 . 2009-02-22 16:33 -------- d–h--w- c:\program files\InstallShield Installation Information
2010-07-28 10:09 . 2009-03-10 19:19 -------- d-----w- c:\program files\Nokia
2010-07-14 19:45 . 2001-10-30 11:00 89234 ----a-w- c:\windows\system32\perfc015.dat
2010-07-14 19:45 . 2001-10-30 11:00 500092 ----a-w- c:\windows\system32\perfh015.dat
2010-07-11 19:13 . 2009-02-22 20:33 -------- d-----w- c:\program files\Winamp
2010-07-02 13:29 . 2009-02-22 16:41 -------- d-----w- c:\program files\Opera
2010-06-08 20:06 . 2009-02-23 18:58 -------- d-----w- c:\documents and settings\Shasti\Dane aplikacji\skypePM
2010-06-08 20:06 . 2009-02-23 18:57 -------- d-----w- c:\documents and settings\Shasti\Dane aplikacji\Skype
2010-05-24 18:06 . 2010-05-24 18:06 503808 ----a-w- c:\documents and settings\Shasti\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6973a9aa-n\msvcp71.dll
2010-05-24 18:06 . 2010-05-24 18:06 499712 ----a-w- c:\documents and settings\Shasti\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6973a9aa-n\jmc.dll
2010-05-24 18:06 . 2010-05-24 18:06 348160 ----a-w- c:\documents and settings\Shasti\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6973a9aa-n\msvcr71.dll
2010-05-24 18:06 . 2010-05-24 18:06 61440 ----a-w- c:\documents and settings\Shasti\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1090952c-n\decora-sse.dll
2010-05-24 18:06 . 2010-05-24 18:06 12800 ----a-w- c:\documents and settings\Shasti\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1090952c-n\decora-d3d.dll
2009-11-28 11:35 . 2009-02-28 22:26 900 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[-] 2009-03-21 . 66ECFE388AD1BD281DD3391B756670CF . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Steam”=“d:\program files\steam\steam.exe” [2010-07-29 1316176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RTHDCPL”=“RTHDCPL.EXE” [2008-07-23 16804864]
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2007-08-24 181104]
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2010-01-11 398056]
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2007-06-29 360448]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“nltide_2”=“shell32” [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableTaskMgr”= 1 (0x1)
“DisableRegistryTools”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“UIHost”=“c:\documents and settings\All Users\Dane aplikacji\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 229376 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 11:47 1275392 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-13 21:13 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-13 21:13 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“AntiVirService”=2 (0x2)
“AntiVirSchedulerService”=2 (0x2)
“wuauserv”=2 (0x2)
“TabletServicePen”=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“Nowe Gadu-Gadu”=“c:\program files\Nowe Gadu-Gadu\gg.exe”
“PC Suite Tray”=“c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe” -onlytray
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe”
“Sony Ericsson PC Suite”=“c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” -atboottime
“IMJPMIG8.1”=“c:\windows\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
“MSPY2002”=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
“HP Software Update”=c:\program files\HP\HP Software Update\HPWuSchd2.exe
“ISUSPM Startup”=“c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup
“ISUSScheduler”=“c:\program files\Common Files\InstallShield\UpdateService\issch.exe” -start
“PWRISOVM.EXE”=c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“FirewallDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
“UacDisableNotify”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“AntiVirusOverride”=dword:00000001
“AntiVirusDisableNotify”=dword:00000001
“FirewallDisableNotify”=dword:00000001
“FirewallOverride”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
“UacDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
“DisableNotifications”= 1 (0x1)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“d:\Program Files\DC++\DCPlusPlus.exe”=
“c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“c:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=
“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“c:\Program Files\Nowe Gadu-Gadu\gg.exe”=
“c:\Program Files\Opera\opera.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=
“c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=
“c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=
“c:\valve\hl.exe”=
“c:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe”=
“c:\Documents and Settings\Shasti\Pulpit\winbox.exe”=
“c:\Program Files\Java\jre6\bin\java.exe”=
“d:\Program Files\Steam\Steam.exe”= d:\program files\steam\steam.exe
“c:\Program Files\Corel\CorelDRAW Graphics Suite 13\Programs\CorelDRW.exe”=
“c:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe”=
“c:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”=
“c:\Program Files\Common Files\Java\Java Update\jusched.exe”=
“c:\Program Files\TuneUp Utilities 2008\OneClick.exe”=
“c:\WINDOWS\RTHDCPL.EXE”=
“c:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe”=
“c:\Program Files\QuickTime\qttask.exe”=
“c:\WINDOWS\system32\netsh.exe”=
“c:\Program Files\Common Files\Java\Java Update\jucheck.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
“d:\Program Files\Steam\steamapps\rudas07\counter-strike\hl.exe”=
“c:\Documents and Settings\Shasti\Pulpit\Gamma Control.exe”=
“c:\Program Files\WinRAR\WinRAR.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“8975:TCP”= 8975:TCP:qfedgp
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2009-08-16 33824]
S3 amsint32;amsint32;??\c:\windows\system32\drivers\jtgdqr.sys – c:\windows\system32\drivers\jtgdqr.sys [?]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2007-01-25 6784]
S3 whmice2k;Advanced Wheel Mouse Upper Filter Driver;c:\windows\system32\drivers\whmice2k.sys [2004-04-26 6885]
— Inne Usługi/Sterowniki w Pamięci —
*NewlyCreated* - ABP470N5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
rooqklwog
ckdiwsggq
.
Zawartość folderu ‘Zaplanowane zadania’
2010-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
2010-07-30 c:\windows\Tasks\Konserwacja jednym kliknięciem.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-27 11:09]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-CursorFX - c:\program files\Stardock\CursorFX\CursorFX.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-WheelMouse - c:\advanc~1\wh_exec.exe
AddRemove-{C1080852-065E-4991-9260-F3756E3CC182} - c:\documents and settings\Shasti\Ustawienia lokalne\Dane aplikacji{A850D4D9-871B-4234-908D-21C457767270}\CursorFX_public.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 04:11
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- ‘winlogon.exe’(828)
-
-
-
-
-
c:\windows\system32\Ati2evxx.dll
-
-
-
-
-
-
- ‘explorer.exe’(3960)
-
-
-
-
-
c:\windows\system32\WININET.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Czas ukończenia: 2010-07-30 04:17:41 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-07-30 02:17
Przed: 21 707 038 720 bajtów wolnych
Po: 21 670 191 104 bajtów wolnych
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
-
- End Of File - - 9A84E902040EF83C5215B4F3D447AF66
dziękuje i czekam na odpowiedź i jakieś wskazówki