win32/drivers/wrvkgg.sys tento virus mi avast stale vyhadzuje,
pouzila som combofix,ktory mi okamzite vymazal jeden vir ktory sa tvaril ako antivirus volal sa Dr.Guard, ale nezbavila som sa virusu na systeme32.
Prosim pomozte, tu je scan z Combofixu (co mam prosim vas skopirovat do toho poznamkoveho bloku a pretiahnut?)Este jeden problem na ploche nemam combofix,myslim tu ikonku s cervenu s krizikom,preco sa nevytvorila?Vopred dakujem
ComboFix 10-03-09.04 - Evicka 10.03.2010 0:18.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2046.1515 [GMT 1:00]
Running from: c:\documents and settings\Evicka\My Documents\Downloads\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Evicka\Application Data\avdrn.dat
c:\documents and settings\Evicka\csrss.exe
c:\program files\Dr. Guard
c:\program files\Dr. Guard\about.ico
c:\program files\Dr. Guard\activate.ico
c:\program files\Dr. Guard\buy.ico
c:\program files\Dr. Guard\drg.db
c:\program files\Dr. Guard\drgext.dll
c:\program files\Dr. Guard\drghook.dll
c:\program files\Dr. Guard\drguard.exe
c:\program files\Dr. Guard\help.ico
c:\program files\Dr. Guard\scan.ico
c:\program files\Dr. Guard\settings.ico
c:\program files\Dr. Guard\splash.mp3
c:\program files\Dr. Guard\uninstall.exe
c:\program files\Dr. Guard\update.ico
c:\program files\Dr. Guard\virus.mp3
c:\recycler\S-1-5-21-1763852866-4686143981-333433586-1169
c:\windows\system32\Config.ini
c:\windows\system32\msconfig.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy__VOIDgewtiqmird
-------\Service__VOIDgewtiqmird
((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.
2010-03-09 16:24 . 2008-04-13 23:13 14208 -c--a-w- c:\windows\system32\dllcache\wacompen.sys
2010-03-09 16:24 . 2008-04-13 23:13 14208 ----a-w- c:\windows\system32\drivers\wacompen.sys
2010-03-09 15:20 . 2010-03-09 23:14 4716 ----a-w- c:\documents and settings\All Users\Application Data\fiosejgfse.dll
2010-03-09 13:15 . 2010-03-09 13:17 -------- d-----w- c:\windows\_VOIDgewtiqmird
2010-03-09 13:15 . 2010-03-09 23:23 823296 ----a-w- c:\windows\system32\drivers\wrvkgg.sys
2010-03-08 21:32 . 2010-03-08 21:32 -------- d-----w- c:\documents and settings\Evicka\Application Data\CyberLink
2010-03-08 21:28 . 2010-03-08 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-03-08 21:27 . 2010-03-08 21:27 -------- d-----w- c:\program files\CyberLink
2010-03-07 18:12 . 2010-03-07 18:12 -------- d-----w- c:\documents and settings\Evicka\Application Data\PlayFirst
2010-03-07 18:12 . 2010-03-07 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-03-06 19:02 . 2010-03-06 19:02 -------- d-----w- c:\documents and settings\Evicka\Application Data\Total Eclipse
2010-03-05 17:39 . 2010-03-05 17:40 -------- d-----w- c:\program files\AutoCAD 2008
2010-03-05 17:39 . 2010-03-05 17:40 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-03-05 17:39 . 2010-03-05 17:39 -------- d-----w- c:\program files\Autodesk
2010-03-02 20:36 . 2010-03-02 20:36 -------- d-----w- c:\documents and settings\Evicka\Application Data\Imagenomic
2010-03-02 20:33 . 2010-03-02 20:46 -------- d-----w- c:\program files\Imagenomic
2010-02-21 10:45 . 2010-02-21 10:45 -------- d-----w- c:\documents and settings\Evicka\Application Data\MAGIX
2010-02-21 10:45 . 2001-05-16 16:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2010-02-21 10:45 . 2001-05-11 12:18 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2010-02-21 10:43 . 2010-02-21 11:31 -------- d-----w- c:\program files\MAGIX
2010-02-21 10:43 . 2007-04-27 09:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2010-02-21 10:43 . 2010-02-21 11:28 -------- d-----w- c:\program files\Common Files\MAGIX Services
2010-02-15 20:21 . 2010-02-15 20:21 -------- d-----w- c:\program files\NCH Software
2010-02-15 20:11 . 2010-02-15 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-02-14 19:52 . 2010-02-14 19:53 -------- d-----w- c:\program files\The KMPlayer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 21:27 . 2009-11-19 13:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-08 21:27 . 2009-11-19 13:08 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-07 22:35 . 2009-11-28 09:36 -------- d-----w- c:\documents and settings\Evicka\Application Data\Skype
2010-03-07 15:00 . 2009-11-28 09:18 -------- d-----w- c:\documents and settings\Evicka\Application Data\skypePM
2010-03-06 10:16 . 2009-12-20 12:27 -------- d-----w- c:\documents and settings\Evicka\Application Data\CameraWindowDC
2010-03-06 10:13 . 2009-11-19 18:05 -------- d-----w- c:\documents and settings\Evicka\Application Data\ZoomBrowser EX
2010-03-05 17:41 . 2009-12-28 15:29 112632 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-03-05 17:28 . 2009-11-20 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-02-21 11:31 . 2010-02-21 10:44 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2010-02-15 20:21 . 2010-02-15 20:21 -------- d-----w- c:\program files\NCH Software
2010-02-15 20:16 . 2009-11-18 22:38 -------- d-----w- c:\program files\totalcmd
2010-01-22 15:42 . 2010-01-22 15:42 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-22 15:41 . 2010-01-22 15:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-15 23:07 . 2010-01-15 23:05 152576 ----a-w- c:\documents and settings\Evicka\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-15 23:07 . 2010-01-15 23:05 79488 ----a-w- c:\documents and settings\Evicka\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-15 23:05 . 2010-01-15 23:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-15 23:05 . 2010-01-15 23:05 -------- d-----w- c:\program files\Java
2010-01-13 18:50 . 2009-11-20 11:58 -------- d-----w- c:\documents and settings\Evicka\Application Data\Autodesk
2009-12-23 20:29 . 2009-12-23 20:29 16 ----a-w- c:\documents and settings\LocalService\Application Data\fvgqad.dat
2009-12-21 15:16 . 2009-12-21 15:16 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
.
------- Sigcheck -------
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
c:\windows\System32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\windows\TBPanel.exe" [2007-04-23 2173744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-23 7774208]
"nwiz"="nwiz.exe" [2007-02-23 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-23 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-15 149280]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-09-08 44544]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.11.2009 23:45 691696]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 12:31 92008]
S0 FGXSCSI;FGXSCSI;c:\windows\system32\DRIVERS\fgxscsi.sys --> c:\windows\system32\DRIVERS\fgxscsi.sys [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - wrvkgg
.
Contents of the 'Scheduled Tasks' folder
2010-03-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-12-26 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.ask.com?o=15187&l=dis
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Dr. Guard - c:\program files\Dr. Guard\drguard.exe
ActiveSetup-{ML366YO1-822O-4T68-3788-25122INYJ0X7} - C:\WinUpdate.exe.exe
AddRemove-Dr. Guard - c:\program files\Dr. Guard\Uninstall.exe
AddRemove-Heroes of Hellas 2 Olympia RebelMan - c:\program files\Heroes of Hellas 2 Olympia\Uninstall.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wrvkgg]
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(572)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-10 00:25:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-09 23:25
Pre-Run: 28 184 047 616 bytes free
Post-Run: 28 077 469 696 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
- - End Of File - - A3432C86AA620FF0E7278591ECA5440F
Choď na stránku: