Worm conficker jak usunąć przy pomocy combofix?

grindziol · 10 Luty 2010 22:33

Witam mam problem z worm conficker. Używałem combofix i taki jest wpis po zakończeniu działania

ComboFix 10-02-10.01 - jurek 2010-02-10 22:57:25.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.726 [GMT 1:00]

Uruchomiony z: c:\documents and settings\jurek.JUREK-93UIIEWBA\Moje dokumenty\Pobieranie\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\wiaserva.log

c:\recycler\S-1-5-21-1202660629-413027322-725345543-1004

c:\windows\Install.txt

c:\windows\system32_003317_.tmp.dll

c:\windows\system32_003318_.tmp.dll

c:\windows\system32_003319_.tmp.dll

c:\windows\system32_003320_.tmp.dll

c:\windows\system32_003326_.tmp.dll

c:\windows\system32_003327_.tmp.dll

c:\windows\system32_003328_.tmp.dll

c:\windows\system32_003329_.tmp.dll

c:\windows\system32_003330_.tmp.dll

c:\windows\system32_003331_.tmp.dll

c:\windows\system32_003332_.tmp.dll

c:\windows\system32_003333_.tmp.dll

c:\windows\system32_003334_.tmp.dll

c:\windows\system32_003335_.tmp.dll

c:\windows\system32_003336_.tmp.dll

c:\windows\system32_003337_.tmp.dll

c:\windows\system32_003338_.tmp.dll

c:\windows\system32_003339_.tmp.dll

c:\windows\system32_003340_.tmp.dll

c:\windows\system32_003341_.tmp.dll

c:\windows\system32_003342_.tmp.dll

c:\windows\system32_003343_.tmp.dll

c:\windows\system32_003344_.tmp.dll

c:\windows\system32_003345_.tmp.dll

c:\windows\system32_003346_.tmp.dll

c:\windows\system32_003349_.tmp.dll

c:\windows\system32_003350_.tmp.dll

c:\windows\system32_003351_.tmp.dll

c:\windows\system32_003352_.tmp.dll

c:\windows\system32_003353_.tmp.dll

c:\windows\system32_003355_.tmp.dll

c:\windows\system32_003356_.tmp.dll

c:\windows\system32_003357_.tmp.dll

c:\windows\system32_003358_.tmp.dll

c:\windows\system32_003359_.tmp.dll

c:\windows\system32_003360_.tmp.dll

c:\windows\system32_003361_.tmp.dll

c:\windows\system32_003364_.tmp.dll

c:\windows\system32_003365_.tmp.dll

c:\windows\system32_003366_.tmp.dll

c:\windows\system32_003367_.tmp.dll

c:\windows\system32_003368_.tmp.dll

c:\windows\system32_003369_.tmp.dll

c:\windows\system32_003370_.tmp.dll

c:\windows\system32_003372_.tmp.dll

c:\windows\system32_003373_.tmp.dll

c:\windows\system32_003374_.tmp.dll

c:\windows\system32_003375_.tmp.dll

c:\windows\system32_003376_.tmp.dll

c:\windows\system32_003377_.tmp.dll

c:\windows\system32_003378_.tmp.dll

c:\windows\system32_003379_.tmp.dll

c:\windows\system32_003380_.tmp.dll

c:\windows\system32_003381_.tmp.dll

c:\windows\system32_003383_.tmp.dll

c:\windows\system32_003384_.tmp.dll

c:\windows\system32_003386_.tmp.dll

c:\windows\system32_003388_.tmp.dll

c:\windows\system32_003389_.tmp.dll

c:\windows\system32_003390_.tmp.dll

c:\windows\system32_003391_.tmp.dll

c:\windows\system32_003393_.tmp.dll

c:\windows\system32_003394_.tmp.dll

c:\windows\system32_003395_.tmp.dll

c:\windows\system32_003396_.tmp.dll

c:\windows\system32_003398_.tmp.dll

c:\windows\system32_003399_.tmp.dll

c:\windows\system32_003400_.tmp.dll

c:\windows\system32_003401_.tmp.dll

c:\windows\system32_003402_.tmp.dll

c:\windows\system32_003403_.tmp.dll

c:\windows\system32_003404_.tmp.dll

c:\windows\system32_003406_.tmp.dll

c:\windows\system32_003408_.tmp.dll

c:\windows\system32_003409_.tmp.dll

c:\windows\system32_003410_.tmp.dll

c:\windows\system32_003411_.tmp.dll

c:\windows\system32_003416_.tmp.dll

c:\windows\system32_003418_.tmp.dll

c:\windows\system32_003421_.tmp.dll

c:\windows\system32_003423_.tmp.dll

c:\windows\system32_003424_.tmp.dll

c:\windows\system32_003425_.tmp.dll

c:\windows\system32_003426_.tmp.dll

c:\windows\system32_003429_.tmp.dll

c:\windows\system32_003430_.tmp.dll

c:\windows\system32_003431_.tmp.dll

c:\windows\system32_003432_.tmp.dll

c:\windows\system32_003433_.tmp.dll

c:\windows\system32_003438_.tmp.dll

c:\windows\system32_005580_.tmp.dll

c:\windows\system32_005581_.tmp.dll

c:\windows\system32_005582_.tmp.dll

c:\windows\system32_005583_.tmp.dll

c:\windows\system32_005590_.tmp.dll

c:\windows\system32_005591_.tmp.dll

c:\windows\system32_005592_.tmp.dll

c:\windows\system32_005593_.tmp.dll

c:\windows\system32_005595_.tmp.dll

c:\windows\system32_005596_.tmp.dll

c:\windows\system32_005599_.tmp.dll

c:\windows\system32_005600_.tmp.dll

c:\windows\system32_005603_.tmp.dll

c:\windows\system32_005604_.tmp.dll

c:\windows\system32_005606_.tmp.dll

c:\windows\system32_005609_.tmp.dll

c:\windows\system32_005610_.tmp.dll

c:\windows\system32_005615_.tmp.dll

c:\windows\system32_005617_.tmp.dll

c:\windows\system32_005620_.tmp.dll

c:\windows\system32_005622_.tmp.dll

c:\windows\system32_005623_.tmp.dll

c:\windows\system32_005624_.tmp.dll

c:\windows\system32_005625_.tmp.dll

c:\windows\system32_005626_.tmp.dll

c:\windows\system32_005629_.tmp.dll

c:\windows\system32_005630_.tmp.dll

c:\windows\system32_005631_.tmp.dll

c:\windows\system32_005632_.tmp.dll

c:\windows\system32_005633_.tmp.dll

c:\windows\system32_005638_.tmp.dll

c:\windows\system32\drivers\c6da6cc3.sys

c:\windows\system32\ext

c:\windows\system32\ext\php_bz2.dll

c:\windows\system32\ext\php_cpdf.dll

c:\windows\system32\ext\php_curl.dll

c:\windows\system32\ext\php_dba.dll

c:\windows\system32\ext\php_dbase.dll

c:\windows\system32\ext\php_dbx.dll

c:\windows\system32\ext\php_dio.dll

c:\windows\system32\ext\php_exif.dll

c:\windows\system32\ext\php_fdf.dll

c:\windows\system32\ext\php_filepro.dll

c:\windows\system32\ext\php_gd2.dll

c:\windows\system32\ext\php_gettext.dll

c:\windows\system32\ext\php_ifx.dll

c:\windows\system32\ext\php_imap.dll

c:\windows\system32\ext\php_interbase.dll

c:\windows\system32\ext\php_ldap.dll

c:\windows\system32\ext\php_mbstring.dll

c:\windows\system32\ext\php_mcrypt.dll

c:\windows\system32\ext\php_mhash.dll

c:\windows\system32\ext\php_mime_magic.dll

c:\windows\system32\ext\php_ming.dll

c:\windows\system32\ext\php_msql.dll

c:\windows\system32\ext\php_mssql.dll

c:\windows\system32\ext\php_mysql.dll

c:\windows\system32\ext\php_mysqli.dll

c:\windows\system32\ext\php_oci8.dll

c:\windows\system32\ext\php_openssl.dll

c:\windows\system32\ext\php_oracle.dll

c:\windows\system32\ext\php_pgsql.dll

c:\windows\system32\ext\php_pspell.dll

c:\windows\system32\ext\php_shmop.dll

c:\windows\system32\ext\php_snmp.dll

c:\windows\system32\ext\php_soap.dll

c:\windows\system32\ext\php_sockets.dll

c:\windows\system32\ext\php_sybase_ct.dll

c:\windows\system32\ext\php_tidy.dll

c:\windows\system32\ext\php_xmlrpc.dll

c:\windows\system32\ext\php_xsl.dll

c:\windows\system32\ieuinit.inf

c:\windows\system32\Install.txt

c:\windows\system32\lsprst7.dll

c:\windows\system32\serauth1.dll

c:\windows\system32\serauth2.dll

c:\windows\system32\ssprs.dll

c:\windows\system32\Thumbs.db

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_c6da6cc3

((((((((((((((((((((((((( Pliki utworzone od 2010-01-10 do 2010-02-10 )))))))))))))))))))))))))))))))

.

2010-02-10 21:49 . 2010-02-10 21:49 -------- d-----w- C:\dfe8aaea5150a9648861b76f905f9083

2010-02-10 21:45 . 2010-02-10 21:45 -------- d-----w- c:\windows\system32\wbem\Repository

2010-02-10 20:05 . 2010-02-10 20:42 -------- d–h--w- c:\windows$hf_mig$

2010-01-30 20:37 . 2010-01-30 20:37 -------- d-----w- c:\program files\Free PDF to Word Doc Converter

2010-01-30 20:30 . 2010-01-30 20:33 -------- d-----w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\CTdeveloping

2010-01-26 10:54 . 2004-08-03 23:43 97280 ----a-w- c:\windows\system32\dllcache\dpcdll.dll

2010-01-26 10:46 . 2004-08-03 23:44 79872 ----a-w- c:\windows\system32\nslookup.exe

2010-01-26 10:34 . 2010-01-26 10:34 -------- d-----w- c:\program files\Windows Resource Kits

2010-01-26 10:14 . 2006-10-19 12:33 86728 ----a-w- c:\windows\system32\msxml6r.dll

2010-01-26 10:05 . 2004-08-03 22:00 71040 ------w- c:\windows\system32\drivers_003311_.tmp.dll

2010-01-24 10:51 . 2010-01-24 11:19 -------- d-----w- c:\program files\RegCleaner

2010-01-20 18:39 . 2010-01-20 18:48 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-01-20 18:34 . 2010-01-20 18:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Norton

2010-01-20 18:34 . 2010-01-20 18:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Symantec

2010-01-20 18:34 . 2010-01-20 18:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\NortonInstaller

2010-01-20 18:33 . 2010-01-20 18:33 -------- d-----w- c:\windows\system32\Adobe

2010-01-14 15:53 . 2004-08-03 22:00 71040 ------w- c:\windows\system32\drivers_003302_.tmp.dll

2010-01-13 19:00 . 2001-08-18 05:36 8704 -c–a-w- c:\windows\system32\dllcache\kbdjpn.dll

2010-01-13 19:00 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll

2010-01-13 19:00 . 2001-08-18 05:36 8192 -c–a-w- c:\windows\system32\dllcache\kbdkor.dll

2010-01-13 19:00 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\kbdkor.dll

2010-01-13 19:00 . 2001-08-17 21:55 6144 -c–a-w- c:\windows\system32\dllcache\kbd101c.dll

2010-01-13 19:00 . 2001-08-17 21:55 6144 -c–a-w- c:\windows\system32\dllcache\kbd101b.dll

2010-01-13 19:00 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd106.dll

2010-01-13 19:00 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101c.dll

2010-01-13 19:00 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101b.dll

2010-01-13 19:00 . 2001-08-17 21:55 5632 -c–a-w- c:\windows\system32\dllcache\kbd103.dll

2010-01-13 19:00 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\kbd103.dll

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-02 19:59 . 2008-01-24 19:06 -------- d-----w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Tlen.pl

2010-01-30 12:20 . 2008-01-31 18:03 -------- d-----w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Skype

2010-01-30 12:14 . 2008-01-31 18:05 -------- d-----w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\skypePM

2010-01-26 14:03 . 2009-11-24 14:37 165232 —ha-w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Microsoft\Virtual PC\VPCKeyboard.dll

2010-01-22 19:07 . 2010-01-08 18:59 -------- d-----w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\ipla

2010-01-21 15:25 . 2010-01-08 18:58 -------- d-----w- c:\program files\Gadu-Gadu 10

2010-01-20 19:33 . 2009-09-17 19:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\OpenFM

2010-01-13 13:31 . 2009-12-21 13:22 -------- d-----w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\MSN6

2010-01-12 10:49 . 2008-03-07 11:33 -------- d-----w- c:\program files\SPSS

2010-01-11 11:51 . 2001-10-26 16:15 50428 ----a-w- c:\windows\system32\perfc015.dat

2010-01-11 11:51 . 2001-10-26 16:15 357506 ----a-w- c:\windows\system32\perfh015.dat

2010-01-10 12:57 . 2010-01-10 12:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\nView_Profiles

2010-01-09 18:49 . 2007-12-27 13:31 -------- d–h--w- c:\program files\InstallShield Installation Information

2010-01-09 18:48 . 2010-01-09 18:48 -------- d-----w- c:\program files\PowerQuest

2010-01-08 18:59 . 2010-01-08 18:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\ipla

2010-01-08 18:59 . 2010-01-08 18:59 -------- d-----w- c:\program files\ipla

2010-01-08 18:59 . 2010-01-08 18:59 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2010-01-08 18:58 . 2010-01-08 18:58 -------- d-----w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Gadu-Gadu 10

2009-12-21 13:51 . 2008-06-21 07:26 -------- d-----w- c:\program files\Common Files\Apple

2009-12-21 13:47 . 2008-01-24 19:18 -------- d-----w- c:\program files\Google

2009-12-21 13:47 . 2009-12-21 13:47 37376 ----a-w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Gadu-Gadu 10_userdata\ggbho.2.dll

2009-12-21 13:47 . 2009-12-21 13:47 11776 ----a-w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Gadu-Gadu 10_userdata\npgg.2.dll

2009-12-21 13:38 . 2008-01-28 08:30 -------- d-----w- c:\program files\eMule

2009-12-21 13:38 . 2008-01-24 20:00 -------- d-----w- c:\program files\Drumsite

2009-12-21 13:36 . 2009-06-11 19:01 -------- d-----w- c:\program files\AviSynth 2.5

2009-12-21 13:36 . 2008-01-24 19:47 -------- d-----w- c:\program files\VstPlugins

2009-12-21 13:22 . 2009-12-21 13:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\MSN6

2009-12-21 13:20 . 2009-12-21 13:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\FLEXnet

2009-12-21 13:14 . 2009-12-21 13:12 -------- d-----w- c:\program files\Quintessential Media Player

2009-12-21 12:54 . 2009-01-04 18:25 -------- d-----w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Hamachi

2009-12-07 21:34 . 2009-05-21 09:55 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-11-20 20:05 . 2008-01-24 18:58 24144 ----a-w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-11-14 22:45 . 2009-06-20 18:16 19648 —ha-w- c:\windows\system32\mlfcache.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Gainward”=“c:\program files\VDOTool\TBPanel.exe” [2007-04-23 2165536]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-04-12 8429568]

“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-04-12 81920]

“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-10-15 39792]

“avgnt”=“c:\program files\Avira\AntiVir Desktop\avgnt.exe” [2009-03-02 209153]

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-10-11 149280]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2004-08-03 15360]

c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\Bonjour\mDNSResponder.exe”=

“c:\Program Files\HEROES3\Death\Heroes3.exe”=

“c:\WINDOWS\system32\dplaysvr.exe”=

“c:\Program Files\HEROES3\BLADE\h3blade.exe”=

“c:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe”=

“c:\Program Files\Gadu-Gadu 10\gg.exe”=

“c:\WINDOWS\system32\mmc.exe”=

“c:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“3182:TCP”= 3182:TCP:ezkwt

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-04-10 685816]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-21 108289]

R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-08-26 33792]

S2 fyzwsqqgw;Image Windows;c:\windows\system32\svchost.exe -k netsvcs [2001-10-26 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

fyzwsqqgw

.

Zawartość folderu ‘Zaplanowane zadania’

2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job

c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

------- Skan uzupełniający -------

.

uStart Page = wyborcza.pl/0,0.html?p=019

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

DPF: {fc11a119-c2f7-46f4-9e32-937aba26816e} - file://d:\ra\CdViewer.cab

FF - ProfilePath - c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Mozilla\Firefox\Profiles\4zdh0c9s.default\

FF - prefs.js: browser.startup.homepage - onet.pl

FF - plugin: c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Gadu-Gadu 10_userdata\npgg.2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

.

- - - USUNIĘTO PUSTE WPISY - - - -

BHO-{5E2402A0-5F99-4188-B30D-D8743996B340} - (no file)

Notify-dimsntfy - (no file)

AddRemove-Native Instruments - Rig Kontrol 3 Driver - c:\program files\Native Instruments\Rig Kontrol 3 Driver\uninst.exe Software\Native Instruments\Rig Kontrol 3 Driver\Setup

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-10 23:05

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll UNKNOWN [0x86FD21E8]

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk - CLASSPNP.SYS @ 0xf75effc3

\Driver\ACPI - ACPI.sys @ 0xf737fcb8

\Driver\atapi - 0x86fd21e8

IoDeviceObjectType - DeleteProcedure - ntkrnlpa.exe @ 0x8058236c

ParseProcedure - ntkrnlpa.exe @ 0x8058146a

\Device\Harddisk0\DR0 - DeleteProcedure - ntkrnlpa.exe @ 0x8058236c

ParseProcedure - ntkrnlpa.exe @ 0x8058146a

NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - SendCompleteHandler - NDIS.sys @ 0xf721eba0

PacketIndicateHandler - NDIS.sys @ 0xf722bb21

SendHandler - NDIS.sys @ 0xf720987b

Warning: possible MBR rootkit infection !

user kernel MBR OK

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - ‘explorer.exe’(2832)

c:\windows\system32\msi.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\RUNDLL32.EXE

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

c:\windows\System32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Czas ukończenia: 2010-02-10 23:08:53 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2010-02-10 22:08

Przed: 175 179 288 576 bajtów wolnych

Po: 178 642 087 936 bajtów wolnych

- End Of File - - 491577F4EA30DBFD16744A863330A1E2

Co teraz zrobić?

Prośba o pomoc

Agaton · 12 Luty 2010 18:44

grindziol ,

Wklejanie logów na forum - przeczytaj i zastosuj się do zaleceń

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.