Witam mam problem z worm conficker. Używałem combofix i taki jest wpis po zakończeniu działania
ComboFix 10-02-10.01 - jurek 2010-02-10 22:57:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.726 [GMT 1:00]
Uruchomiony z: c:\documents and settings\jurek.JUREK-93UIIEWBA\Moje dokumenty\Pobieranie\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\wiaserva.log
c:\recycler\S-1-5-21-1202660629-413027322-725345543-1004
c:\windows\Install.txt
c:\windows\system32_003317_.tmp.dll
c:\windows\system32_003318_.tmp.dll
c:\windows\system32_003319_.tmp.dll
c:\windows\system32_003320_.tmp.dll
c:\windows\system32_003326_.tmp.dll
c:\windows\system32_003327_.tmp.dll
c:\windows\system32_003328_.tmp.dll
c:\windows\system32_003329_.tmp.dll
c:\windows\system32_003330_.tmp.dll
c:\windows\system32_003331_.tmp.dll
c:\windows\system32_003332_.tmp.dll
c:\windows\system32_003333_.tmp.dll
c:\windows\system32_003334_.tmp.dll
c:\windows\system32_003335_.tmp.dll
c:\windows\system32_003336_.tmp.dll
c:\windows\system32_003337_.tmp.dll
c:\windows\system32_003338_.tmp.dll
c:\windows\system32_003339_.tmp.dll
c:\windows\system32_003340_.tmp.dll
c:\windows\system32_003341_.tmp.dll
c:\windows\system32_003342_.tmp.dll
c:\windows\system32_003343_.tmp.dll
c:\windows\system32_003344_.tmp.dll
c:\windows\system32_003345_.tmp.dll
c:\windows\system32_003346_.tmp.dll
c:\windows\system32_003349_.tmp.dll
c:\windows\system32_003350_.tmp.dll
c:\windows\system32_003351_.tmp.dll
c:\windows\system32_003352_.tmp.dll
c:\windows\system32_003353_.tmp.dll
c:\windows\system32_003355_.tmp.dll
c:\windows\system32_003356_.tmp.dll
c:\windows\system32_003357_.tmp.dll
c:\windows\system32_003358_.tmp.dll
c:\windows\system32_003359_.tmp.dll
c:\windows\system32_003360_.tmp.dll
c:\windows\system32_003361_.tmp.dll
c:\windows\system32_003364_.tmp.dll
c:\windows\system32_003365_.tmp.dll
c:\windows\system32_003366_.tmp.dll
c:\windows\system32_003367_.tmp.dll
c:\windows\system32_003368_.tmp.dll
c:\windows\system32_003369_.tmp.dll
c:\windows\system32_003370_.tmp.dll
c:\windows\system32_003372_.tmp.dll
c:\windows\system32_003373_.tmp.dll
c:\windows\system32_003374_.tmp.dll
c:\windows\system32_003375_.tmp.dll
c:\windows\system32_003376_.tmp.dll
c:\windows\system32_003377_.tmp.dll
c:\windows\system32_003378_.tmp.dll
c:\windows\system32_003379_.tmp.dll
c:\windows\system32_003380_.tmp.dll
c:\windows\system32_003381_.tmp.dll
c:\windows\system32_003383_.tmp.dll
c:\windows\system32_003384_.tmp.dll
c:\windows\system32_003386_.tmp.dll
c:\windows\system32_003388_.tmp.dll
c:\windows\system32_003389_.tmp.dll
c:\windows\system32_003390_.tmp.dll
c:\windows\system32_003391_.tmp.dll
c:\windows\system32_003393_.tmp.dll
c:\windows\system32_003394_.tmp.dll
c:\windows\system32_003395_.tmp.dll
c:\windows\system32_003396_.tmp.dll
c:\windows\system32_003398_.tmp.dll
c:\windows\system32_003399_.tmp.dll
c:\windows\system32_003400_.tmp.dll
c:\windows\system32_003401_.tmp.dll
c:\windows\system32_003402_.tmp.dll
c:\windows\system32_003403_.tmp.dll
c:\windows\system32_003404_.tmp.dll
c:\windows\system32_003406_.tmp.dll
c:\windows\system32_003408_.tmp.dll
c:\windows\system32_003409_.tmp.dll
c:\windows\system32_003410_.tmp.dll
c:\windows\system32_003411_.tmp.dll
c:\windows\system32_003416_.tmp.dll
c:\windows\system32_003418_.tmp.dll
c:\windows\system32_003421_.tmp.dll
c:\windows\system32_003423_.tmp.dll
c:\windows\system32_003424_.tmp.dll
c:\windows\system32_003425_.tmp.dll
c:\windows\system32_003426_.tmp.dll
c:\windows\system32_003429_.tmp.dll
c:\windows\system32_003430_.tmp.dll
c:\windows\system32_003431_.tmp.dll
c:\windows\system32_003432_.tmp.dll
c:\windows\system32_003433_.tmp.dll
c:\windows\system32_003438_.tmp.dll
c:\windows\system32_005580_.tmp.dll
c:\windows\system32_005581_.tmp.dll
c:\windows\system32_005582_.tmp.dll
c:\windows\system32_005583_.tmp.dll
c:\windows\system32_005590_.tmp.dll
c:\windows\system32_005591_.tmp.dll
c:\windows\system32_005592_.tmp.dll
c:\windows\system32_005593_.tmp.dll
c:\windows\system32_005595_.tmp.dll
c:\windows\system32_005596_.tmp.dll
c:\windows\system32_005599_.tmp.dll
c:\windows\system32_005600_.tmp.dll
c:\windows\system32_005603_.tmp.dll
c:\windows\system32_005604_.tmp.dll
c:\windows\system32_005606_.tmp.dll
c:\windows\system32_005609_.tmp.dll
c:\windows\system32_005610_.tmp.dll
c:\windows\system32_005615_.tmp.dll
c:\windows\system32_005617_.tmp.dll
c:\windows\system32_005620_.tmp.dll
c:\windows\system32_005622_.tmp.dll
c:\windows\system32_005623_.tmp.dll
c:\windows\system32_005624_.tmp.dll
c:\windows\system32_005625_.tmp.dll
c:\windows\system32_005626_.tmp.dll
c:\windows\system32_005629_.tmp.dll
c:\windows\system32_005630_.tmp.dll
c:\windows\system32_005631_.tmp.dll
c:\windows\system32_005632_.tmp.dll
c:\windows\system32_005633_.tmp.dll
c:\windows\system32_005638_.tmp.dll
c:\windows\system32\drivers\c6da6cc3.sys
c:\windows\system32\ext
c:\windows\system32\ext\php_bz2.dll
c:\windows\system32\ext\php_cpdf.dll
c:\windows\system32\ext\php_curl.dll
c:\windows\system32\ext\php_dba.dll
c:\windows\system32\ext\php_dbase.dll
c:\windows\system32\ext\php_dbx.dll
c:\windows\system32\ext\php_dio.dll
c:\windows\system32\ext\php_exif.dll
c:\windows\system32\ext\php_fdf.dll
c:\windows\system32\ext\php_filepro.dll
c:\windows\system32\ext\php_gd2.dll
c:\windows\system32\ext\php_gettext.dll
c:\windows\system32\ext\php_ifx.dll
c:\windows\system32\ext\php_imap.dll
c:\windows\system32\ext\php_interbase.dll
c:\windows\system32\ext\php_ldap.dll
c:\windows\system32\ext\php_mbstring.dll
c:\windows\system32\ext\php_mcrypt.dll
c:\windows\system32\ext\php_mhash.dll
c:\windows\system32\ext\php_mime_magic.dll
c:\windows\system32\ext\php_ming.dll
c:\windows\system32\ext\php_msql.dll
c:\windows\system32\ext\php_mssql.dll
c:\windows\system32\ext\php_mysql.dll
c:\windows\system32\ext\php_mysqli.dll
c:\windows\system32\ext\php_oci8.dll
c:\windows\system32\ext\php_openssl.dll
c:\windows\system32\ext\php_oracle.dll
c:\windows\system32\ext\php_pgsql.dll
c:\windows\system32\ext\php_pspell.dll
c:\windows\system32\ext\php_shmop.dll
c:\windows\system32\ext\php_snmp.dll
c:\windows\system32\ext\php_soap.dll
c:\windows\system32\ext\php_sockets.dll
c:\windows\system32\ext\php_sybase_ct.dll
c:\windows\system32\ext\php_tidy.dll
c:\windows\system32\ext\php_xmlrpc.dll
c:\windows\system32\ext\php_xsl.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\Install.txt
c:\windows\system32\lsprst7.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_c6da6cc3
((((((((((((((((((((((((( Pliki utworzone od 2010-01-10 do 2010-02-10 )))))))))))))))))))))))))))))))
.
2010-02-10 21:49 . 2010-02-10 21:49 -------- d-----w- C:\dfe8aaea5150a9648861b76f905f9083
2010-02-10 21:45 . 2010-02-10 21:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-10 20:05 . 2010-02-10 20:42 -------- d–h--w- c:\windows$hf_mig$
2010-01-30 20:37 . 2010-01-30 20:37 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
2010-01-30 20:30 . 2010-01-30 20:33 -------- d-----w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\CTdeveloping
2010-01-26 10:54 . 2004-08-03 23:43 97280 ----a-w- c:\windows\system32\dllcache\dpcdll.dll
2010-01-26 10:46 . 2004-08-03 23:44 79872 ----a-w- c:\windows\system32\nslookup.exe
2010-01-26 10:34 . 2010-01-26 10:34 -------- d-----w- c:\program files\Windows Resource Kits
2010-01-26 10:14 . 2006-10-19 12:33 86728 ----a-w- c:\windows\system32\msxml6r.dll
2010-01-26 10:05 . 2004-08-03 22:00 71040 ------w- c:\windows\system32\drivers_003311_.tmp.dll
2010-01-24 10:51 . 2010-01-24 11:19 -------- d-----w- c:\program files\RegCleaner
2010-01-20 18:39 . 2010-01-20 18:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-20 18:34 . 2010-01-20 18:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Norton
2010-01-20 18:34 . 2010-01-20 18:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Symantec
2010-01-20 18:34 . 2010-01-20 18:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\NortonInstaller
2010-01-20 18:33 . 2010-01-20 18:33 -------- d-----w- c:\windows\system32\Adobe
2010-01-14 15:53 . 2004-08-03 22:00 71040 ------w- c:\windows\system32\drivers_003302_.tmp.dll
2010-01-13 19:00 . 2001-08-18 05:36 8704 -c–a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-01-13 19:00 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-01-13 19:00 . 2001-08-18 05:36 8192 -c–a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-01-13 19:00 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-01-13 19:00 . 2001-08-17 21:55 6144 -c–a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-01-13 19:00 . 2001-08-17 21:55 6144 -c–a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-01-13 19:00 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-01-13 19:00 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-01-13 19:00 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-01-13 19:00 . 2001-08-17 21:55 5632 -c–a-w- c:\windows\system32\dllcache\kbd103.dll
2010-01-13 19:00 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\kbd103.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 19:59 . 2008-01-24 19:06 -------- d-----w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Tlen.pl
2010-01-30 12:20 . 2008-01-31 18:03 -------- d-----w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Skype
2010-01-30 12:14 . 2008-01-31 18:05 -------- d-----w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\skypePM
2010-01-26 14:03 . 2009-11-24 14:37 165232 —ha-w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Microsoft\Virtual PC\VPCKeyboard.dll
2010-01-22 19:07 . 2010-01-08 18:59 -------- d-----w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\ipla
2010-01-21 15:25 . 2010-01-08 18:58 -------- d-----w- c:\program files\Gadu-Gadu 10
2010-01-20 19:33 . 2009-09-17 19:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\OpenFM
2010-01-13 13:31 . 2009-12-21 13:22 -------- d-----w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\MSN6
2010-01-12 10:49 . 2008-03-07 11:33 -------- d-----w- c:\program files\SPSS
2010-01-11 11:51 . 2001-10-26 16:15 50428 ----a-w- c:\windows\system32\perfc015.dat
2010-01-11 11:51 . 2001-10-26 16:15 357506 ----a-w- c:\windows\system32\perfh015.dat
2010-01-10 12:57 . 2010-01-10 12:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\nView_Profiles
2010-01-09 18:49 . 2007-12-27 13:31 -------- d–h--w- c:\program files\InstallShield Installation Information
2010-01-09 18:48 . 2010-01-09 18:48 -------- d-----w- c:\program files\PowerQuest
2010-01-08 18:59 . 2010-01-08 18:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\ipla
2010-01-08 18:59 . 2010-01-08 18:59 -------- d-----w- c:\program files\ipla
2010-01-08 18:59 . 2010-01-08 18:59 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-01-08 18:58 . 2010-01-08 18:58 -------- d-----w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Gadu-Gadu 10
2009-12-21 13:51 . 2008-06-21 07:26 -------- d-----w- c:\program files\Common Files\Apple
2009-12-21 13:47 . 2008-01-24 19:18 -------- d-----w- c:\program files\Google
2009-12-21 13:47 . 2009-12-21 13:47 37376 ----a-w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Gadu-Gadu 10_userdata\ggbho.2.dll
2009-12-21 13:47 . 2009-12-21 13:47 11776 ----a-w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Gadu-Gadu 10_userdata\npgg.2.dll
2009-12-21 13:38 . 2008-01-28 08:30 -------- d-----w- c:\program files\eMule
2009-12-21 13:38 . 2008-01-24 20:00 -------- d-----w- c:\program files\Drumsite
2009-12-21 13:36 . 2009-06-11 19:01 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-21 13:36 . 2008-01-24 19:47 -------- d-----w- c:\program files\VstPlugins
2009-12-21 13:22 . 2009-12-21 13:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\MSN6
2009-12-21 13:20 . 2009-12-21 13:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\FLEXnet
2009-12-21 13:14 . 2009-12-21 13:12 -------- d-----w- c:\program files\Quintessential Media Player
2009-12-21 12:54 . 2009-01-04 18:25 -------- d-----w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Hamachi
2009-12-07 21:34 . 2009-05-21 09:55 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-20 20:05 . 2008-01-24 18:58 24144 ----a-w- c:\documents and settings\jurek.JUREK-93UIIEWBA\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-11-14 22:45 . 2009-06-20 18:16 19648 —ha-w- c:\windows\system32\mlfcache.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Gainward”=“c:\program files\VDOTool\TBPanel.exe” [2007-04-23 2165536]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-04-12 8429568]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-04-12 81920]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-10-15 39792]
“avgnt”=“c:\program files\Avira\AntiVir Desktop\avgnt.exe” [2009-03-02 209153]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-10-11 149280]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2004-08-03 15360]
c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Bonjour\mDNSResponder.exe”=
“c:\Program Files\HEROES3\Death\Heroes3.exe”=
“c:\WINDOWS\system32\dplaysvr.exe”=
“c:\Program Files\HEROES3\BLADE\h3blade.exe”=
“c:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe”=
“c:\Program Files\Gadu-Gadu 10\gg.exe”=
“c:\WINDOWS\system32\mmc.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“3182:TCP”= 3182:TCP:ezkwt
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-04-10 685816]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-21 108289]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-08-26 33792]
S2 fyzwsqqgw;Image Windows;c:\windows\system32\svchost.exe -k netsvcs [2001-10-26 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fyzwsqqgw
.
Zawartość folderu ‘Zaplanowane zadania’
2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Skan uzupełniający -------
.
uStart Page = wyborcza.pl/0,0.html?p=019
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {fc11a119-c2f7-46f4-9e32-937aba26816e} - file://d:\ra\CdViewer.cab
FF - ProfilePath - c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Mozilla\Firefox\Profiles\4zdh0c9s.default\
FF - prefs.js: browser.startup.homepage - onet.pl
FF - plugin: c:\documents and settings\jurek.JUREK-93UIIEWBA\Dane aplikacji\Gadu-Gadu 10_userdata\npgg.2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
BHO-{5E2402A0-5F99-4188-B30D-D8743996B340} - (no file)
Notify-dimsntfy - (no file)
AddRemove-Native Instruments - Rig Kontrol 3 Driver - c:\program files\Native Instruments\Rig Kontrol 3 Driver\uninst.exe Software\Native Instruments\Rig Kontrol 3 Driver\Setup
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 23:05
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll UNKNOWN [0x86FD21E8]
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk - CLASSPNP.SYS @ 0xf75effc3
\Driver\ACPI - ACPI.sys @ 0xf737fcb8
\Driver\atapi - 0x86fd21e8
IoDeviceObjectType - DeleteProcedure - ntkrnlpa.exe @ 0x8058236c
ParseProcedure - ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 - DeleteProcedure - ntkrnlpa.exe @ 0x8058236c
ParseProcedure - ntkrnlpa.exe @ 0x8058146a
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - SendCompleteHandler - NDIS.sys @ 0xf721eba0
PacketIndicateHandler - NDIS.sys @ 0xf722bb21
SendHandler - NDIS.sys @ 0xf720987b
Warning: possible MBR rootkit infection !
user kernel MBR OK
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- ‘explorer.exe’(2832)
-
-
-
-
-
c:\windows\system32\msi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2010-02-10 23:08:53 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-02-10 22:08
Przed: 175 179 288 576 bajtów wolnych
Po: 178 642 087 936 bajtów wolnych
-
- End Of File - - 491577F4EA30DBFD16744A863330A1E2
Co teraz zrobić?
Prośba o pomoc