Ukryte sterowniki i jakieś dziwne wirusy


(Tibia797) #1

Witam moglibyście sprawdzić mi logi.. AVG wykrywa mi jakieś wirusy i ukryte sterowniki

co usunę to pojawia się wszystko na nowo...

combofix - logi

http://wklej.org/id/31326/

ComboFix 08-12-23.01 - krzysiek 2008-12-24 10:14:09.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511.235 [GMT 1:00]

Uruchomiony z: c:\documents and settings\krzysiek\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_AVG

((((((((((((((((((((((((( Pliki utworzone od 2008-11-24 do 2008-12-24 )))))))))))))))))))))))))))))))

.

2008-12-20 11:25 . 2008-12-24 10:07

2008-12-20 11:15 . 2008-12-24 10:16

2008-12-20 11:15 . 2008-12-20 11:15

2008-12-20 11:15 . 2008-12-20 11:15

2008-12-20 11:15 . 2008-12-24 10:09

2008-12-20 11:15 . 2008-12-20 11:15 324,872 --a------ c:\windows\system32\drivers\avgldx86.sys

2008-12-20 11:15 . 2008-12-20 11:15 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys

2008-12-20 11:15 . 2008-12-20 11:15 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys

2008-12-20 11:15 . 2008-12-20 11:15 10,520 --a------ c:\windows\system32\avgrsstx.dll

2008-12-20 10:35 . 2008-12-20 10:35

2008-12-20 09:38 . 2008-12-20 09:38

2008-12-20 09:38 . 2008-12-20 09:38

2008-12-20 09:38 . 2008-12-20 09:40

2008-12-20 07:41 . 2008-12-20 10:21

2008-12-16 23:59 . 2007-05-02 11:12 109,704 --a------ c:\windows\system32\drivers\ssm_mdm.sys

2008-12-16 23:59 . 2007-05-02 11:12 83,592 --a------ c:\windows\system32\drivers\ssm_bus.sys

2008-12-16 23:59 . 2007-05-02 11:12 15,112 --a------ c:\windows\system32\drivers\ssm_mdfl.sys

2008-12-16 23:59 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_whnt.sys

2008-12-16 23:59 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_wh.sys

2008-12-16 23:59 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_cmnt.sys

2008-12-16 23:59 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_cm.sys

2008-12-16 23:58 . 2008-12-16 23:59

2008-12-16 23:58 . 2008-12-16 23:58

2008-12-16 23:58 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico

2008-12-16 18:21 . 2008-12-16 18:21

2008-12-16 18:21 . 2008-12-16 18:21 0 --a------ c:\windows\DXT93.tmp

2008-12-16 18:21 . 2008-12-16 18:21 0 --a------ c:\windows\DXT92.tmp

2008-12-16 18:21 . 2008-12-16 18:21 0 --a------ c:\windows\DXT91.tmp

2008-12-16 18:19 . 2008-12-16 18:21

2008-12-16 18:10 . 2008-12-16 18:10 4,096 --a------ c:\windows\d3dx.dat

2008-12-16 17:46 . 2008-12-16 17:46

2008-12-16 17:41 . 2008-12-16 17:41

2008-12-16 17:41 . 1997-01-18 10:40 299,520 --a------ c:\windows\uninst.exe

2008-12-15 16:26 . 2008-12-15 16:26

2008-12-13 20:14 . 2008-12-16 18:46

2008-12-13 18:34 . 2008-12-13 18:41 851 --a------ c:\windows\aoxppr.ini

2008-12-09 19:49 . 2008-12-09 19:49

2008-12-09 19:48 . 2008-12-09 19:48

2008-12-07 18:17 . 2008-12-11 19:30 48 --a------ c:\windows\EL0103.dat

2008-12-07 18:14 . 2008-12-07 18:17

2008-12-02 21:30 . 2008-12-24 10:17

2008-12-02 21:26 . 2008-12-02 21:26

2008-12-01 13:53 . 2008-12-01 13:53 2,582,554 --a------ c:\windows\system32\waco muza.wav

2008-11-25 09:24 . 2005-07-22 19:59 2,319,568 --a------ c:\windows\d3dx9_27.dll

2008-11-24 21:47 . 2005-06-24 16:24 438,272 -ra------ c:\windows\system32\vp6vfw.dll

2008-11-24 21:47 . 2004-12-10 09:06 327,680 --a------ c:\windows\system32\vp6dec.ax

2008-11-24 20:28 . 2008-11-24 20:28

2008-11-24 20:20 . 2008-11-24 20:20

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-21 09:40 --------- d-----w c:\program files\Common Files\Softwin

2008-12-20 10:19 81,984 ----a-w c:\windows\system32\bdod.bin

2008-12-16 22:58 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-14 18:43 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP

2008-12-14 12:04 --------- d-----w c:\documents and settings\krzysiek\Dane aplikacji\Tibia

2008-12-13 19:13 --------- d-----w c:\program files\Tibia

2008-12-10 20:10 --------- d-----w c:\program files\Common Files\Adobe

2008-11-17 17:42 --------- d-----w c:\program files\Firefly Studios

2008-11-15 15:47 410,976 ----a-w c:\windows\system32\deploytk.dll

2008-11-15 15:47 --------- d-----w c:\program files\Java

2008-11-15 11:55 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\POP3Profiles

2008-11-10 20:31 --------- d-----w c:\documents and settings\krzysiek\Dane aplikacji\Media Player Classic

2008-11-09 20:12 --------- d-----w c:\program files\Real Alternative

2008-11-09 20:12 --------- d-----w c:\program files\QT Lite

2008-11-09 20:12 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Apple Computer

2008-11-09 20:10 --------- d-----w c:\program files\K-Lite Codec Pack

2008-11-08 17:33 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\nView_Profiles

2008-11-08 09:00 --------- d-----w c:\documents and settings\krzysiek\Dane aplikacji\Ubisoft

2008-11-08 09:00 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ubisoft

2008-11-08 08:39 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-11-08 08:39 --------- d-----w c:\documents and settings\krzysiek\Dane aplikacji\DAEMON Tools

2008-11-06 14:34 --------- d-----w c:\program files\MarBit

2008-11-05 07:31 99,856 ----a-w c:\windows\system32\drivers\cmdguard.sys

2008-11-05 07:31 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys

2008-11-05 07:31 143,096 ----a-w c:\windows\system32\guard32.dll

2008-11-02 21:38 --------- d-----w c:\program files\ElfBot NG

2008-10-26 20:35 --------- d-----w c:\documents and settings\krzysiek\Dane aplikacji\Gadu-Gadu

2008-10-20 20:22 249,592 ----a-w c:\windows\system32\cssdll32.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

"AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2008-12-18 3940864]

"ares"="c:\program files\Ares\Ares.exe" [2008-11-24 881152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-02 5427200]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-12-02 86016]

"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-03-02 278528]

"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-11-05 1797880]

"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2008-11-05 1797880]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-15 136600]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-20 1601304]

"nwiz"="nwiz.exe" [2004-12-02 c:\windows\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\krzysiek\Menu Start\Programy\Autostart\

OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2008-10-20 585728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2008-12-20 11:15 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= i263_32.drv

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"e:\Stronghold Crusader\Stronghold Crusader.exe"=

"c:\WINDOWS\system32\dplaysvr.exe"=

"c:\Program Files\Gadu-Gadu\gg.exe"=

"c:\Program Files\WapSter\WapSter AQQ\AQQ.exe"=

"c:\Program Files\Ares\Ares.exe"=

"c:\Program Files\AVG\AVG8\avgam.exe"=

"c:\Program Files\AVG\AVG8\avgemc.exe"=

"c:\Program Files\AVG\AVG8\avgupd.exe"=

"c:\Program Files\AVG\AVG8\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-12-20 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-20 324872]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-20 107272]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-10-21 99856]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-10-21 31504]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-20 298264]

R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2008-10-20 208851]

R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2008-10-20 10324]

R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\WF88TUNE.sys [2008-10-20 34789]

R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2008-10-20 9446]

S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-20 903960]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5aa54717-b2f2-11dd-994f-000feae31fe9}]

\Shell\AutoRun\command - g:\autorun\UbiAutorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7f787592-b2f7-11dd-9951-000feae31fe9}]

\Shell\AutoRun\command - g:\autorun\UbiAutorun.exe

.

.

------- Skan uzupełniający -------

.

FF - ProfilePath - c:\documents and settings\krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\7qhbljt8.default\

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-24 10:17:45

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\OpenOffice.org 2.4\program\soffice.exe

c:\program files\OpenOffice.org 2.4\program\soffice.bin

c:\program files\COMODO\Firewall\cmdagent.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\progra~1\AVG\AVG8\avgam.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

.

**************************************************************************

.

Czas ukończenia: 2008-12-24 10:29:36 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2008-12-24 09:29:29

Przed: 9 453 096 960 bajtów wolnych

Po: 10,117,144,576 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

207

hijackthis - logi

http://wklej.org/id/31327/

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:38:23, on 2008-12-24

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Ares\Ares.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\krzysiek\Pulpit\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe

O4 - HKCU..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 4973 bytes


(Kambor4) #2

Wywal te "bez wielkośći" pliki.

W logach nie widać żadnej aktywnej infekcji.

Nie wiem czemu ComboFix usuwał Service Twojego Antyvirusa AVG. :expressionless:

Usuń ręcznie folder C:**** Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer Ccleanerem

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj tym: Dr.WEB CureIt! .

===========

K.