Witam, mam taki oto problem, gdyż mój komputer został zainfekowany powszechnym i mało znanym wirusem o nazwie Win32/Virut wirus. Jest on do nie wytrzymania, Nod32 zasypuje mnie komunikatami o wykrytych nowych zagrożeniach.
Moja kwarantanna jest zapchana nowymi to plikami o rozszerzeniu .exe
Prosiłbym was szybką i dobrą pomoc. I nie chciałbym, aby zakończyło się na formacie. Podaje loga z HiJack This oraz z RSIT.
HiJack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:52:35, on 2009-07-08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
D:\Programy\Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Users\user\Desktop\Naprawcze\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\user\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [sysldtray] c:\windows\ld12.exe
O4 - HKLM\..\Run: [pp] c:\windows\pp10.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BXKQVUAH - Sysinternals - www.sysinternals.com - C:\Users\user\AppData\Local\Temp\BXKQVUAH.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TWRNLXT - Sysinternals - www.sysinternals.com - C:\Users\user\AppData\Local\Temp\TWRNLXT.exe
O23 - Service: World Market Watch, Inc.: 3D Mailbox update permissions manager. 711225. - Unknown owner - D:\Gry\3D Mailbox\3DMailbox_AUTool.exe (file missing)
--
End of file - 3320 bytes
RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2009-07-08 08:52:05
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 36 GB (70%) free of 51 GB
Total RAM: 2047 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:52:09, on 2009-07-08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
D:\Programy\Firefox\firefox.exe
C:\Users\user\Desktop\Naprawcze\RSIT.exe
C:\Program Files\trend micro\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\user\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [sysldtray] c:\windows\ld12.exe
O4 - HKLM\..\Run: [pp] c:\windows\pp10.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BXKQVUAH - Sysinternals - www.sysinternals.com - C:\Users\user\AppData\Local\Temp\BXKQVUAH.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TWRNLXT - Sysinternals - www.sysinternals.com - C:\Users\user\AppData\Local\Temp\TWRNLXT.exe
O23 - Service: World Market Watch, Inc.: 3D Mailbox update permissions manager. 711225. - Unknown owner - D:\Gry\3D Mailbox\3DMailbox_AUTool.exe (file missing)
--
End of file - 3352 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\User_Feed_Synchronization-{AC133D09-6D0E-4CFA-87D3-D54729743463}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class - C:\Users\user\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-05-28 42088]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-13 4935680]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1847296]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-11 13580832]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-11 92704]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-03-13 1443072]
"sysldtray"=c:\windows\ld12.exe [2009-07-08 17920]
"pp"=c:\windows\pp10.exe [2009-07-08 38400]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 222208]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\system32\winlogon.exe"="C:\Windows\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-07-08 08:52:05 ----D---- C:\rsit
2009-07-08 08:40:22 ----D---- C:\Qoobox
2009-07-08 08:40:21 ----A---- C:\Bug.txt
2009-07-08 08:34:59 ----H---- C:\Windows\pp10.exe
2009-07-08 08:34:54 ----A---- C:\Windows\ld12.exe
2009-07-08 08:34:54 ----A---- C:\Windows\567788.bat
2009-07-07 13:33:01 ----D---- C:\ProgramData\is-8SIPE
2009-07-07 12:23:59 ----D---- C:\Program Files\trend micro
2009-07-07 11:28:28 ----SHD---- C:\Windows\system32\%APPDATA%
2009-07-06 12:33:24 ----D---- C:\Users\user\AppData\Roaming\SAM
2009-07-05 13:58:10 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-07-05 13:44:35 ----D---- C:\Program Files\Lavasoft
2009-07-04 21:24:54 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-07-04 21:13:18 ----D---- C:\Program Files\Samsung
2009-07-03 19:16:07 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-03 13:59:44 ----A---- C:\Windows\system32\CNCS32.DLL
2009-06-30 17:35:18 ----D---- C:\Users\user\AppData\Roaming\Mozilla
2009-06-30 15:48:36 ----D---- C:\Users\user\AppData\Roaming\Malwarebytes
2009-06-30 15:48:32 ----D---- C:\ProgramData\Malwarebytes
2009-06-29 15:27:02 ----D---- C:\Program Files\Microsoft.NET
2009-06-29 15:26:39 ----D---- C:\Program Files\Microsoft SDKs
2009-06-28 18:14:38 ----A---- C:\Windows\ezmacros.INI
2009-06-28 18:14:29 ----A---- C:\Windows\amuninst.exe
2009-06-28 11:47:25 ----A---- C:\Windows\_MSRSTRT.EXE
2009-06-27 19:05:07 ----D---- C:\Users\user\AppData\Roaming\gtk-2.0
2009-06-26 18:16:01 ----D---- C:\Users\user\AppData\Roaming\FastStone
2009-06-26 10:35:33 ----D---- C:\Program Files\VistaCodecPack
2009-06-26 10:29:08 ----D---- C:\ProgramData\VistaCodecs
2009-06-25 22:05:17 ----A---- C:\Windows\system32\atl71.dll
2009-06-25 22:05:17 ----A---- C:\Windows\system32\ATL70.DLL
2009-06-25 22:01:02 ----A---- C:\Windows\system32\MSVCI70.DLL
2009-06-25 22:01:02 ----A---- C:\Windows\system32\MFC71u.dll
2009-06-25 22:01:02 ----A---- C:\Windows\system32\MFC71KOR.DLL
2009-06-25 22:01:02 ----A---- C:\Windows\system32\MFC71JPN.DLL
2009-06-25 22:01:02 ----A---- C:\Windows\system32\MFC71ITA.DLL
2009-06-25 22:01:02 ----A---- C:\Windows\system32\MFC71FRA.DLL
2009-06-25 22:01:02 ----A---- C:\Windows\system32\MFC71ESP.DLL
2009-06-25 22:01:02 ----A---- C:\Windows\system32\MFC71ENU.DLL
2009-06-25 22:01:02 ----A---- C:\Windows\system32\MFC71DEU.DLL
2009-06-25 22:01:02 ----A---- C:\Windows\system32\MFC71CHT.DLL
2009-06-25 22:01:02 ----A---- C:\Windows\system32\MFC71CHS.DLL
2009-06-25 22:01:02 ----A---- C:\Windows\system32\MFC70U.DLL
2009-06-25 21:59:45 ----D---- C:\ProgramData\Pinnacle
2009-06-23 14:14:56 ----A---- C:\Windows\system32\libCON.dll
2009-06-23 11:24:44 ----D---- C:\Users\user\AppData\Roaming\3DMailbox
2009-06-23 11:23:15 ----A---- C:\Windows\system32\msvcr71.dll
2009-06-23 11:23:15 ----A---- C:\Windows\system32\msvcp71.dll
2009-06-23 11:23:15 ----A---- C:\Windows\system32\mfc71.dll
2009-06-22 18:18:08 ----D---- C:\ProgramData\Enkord
2009-06-21 10:36:08 ----D---- C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free
2009-06-18 17:35:41 ----D---- C:\Users\user\AppData\Roaming\Publish Providers
2009-06-18 17:34:20 ----D---- C:\Users\user\AppData\Roaming\Sony
2009-06-18 17:31:51 ----D---- C:\ProgramData\Sony
2009-06-17 13:35:30 ----D---- C:\Users\user\AppData\Roaming\Clickteam
2009-06-17 13:34:28 ----D---- C:\Windows\system32\EventProviders
2009-06-16 19:07:39 ----D---- C:\Windows\pss
2009-06-15 22:20:37 ----D---- C:\ProgramData\25DE
2009-06-15 17:24:38 ----D---- C:\ProgramData\Electronic Arts
2009-06-14 17:13:20 ----A---- C:\Windows\wininit.ini
2009-06-14 13:24:36 ----A---- C:\ProgramData\mwmmgr.txt
2009-06-13 18:47:56 ----D---- C:\ProgramData\Google
2009-06-13 14:25:08 ----D---- C:\Windows\system32\CatRoot_bak
2009-06-13 13:36:32 ----DC---- C:\Windows\system32\DRVSTORE
2009-06-13 12:37:24 ----N---- C:\Windows\Setup1.exe
2009-06-13 12:37:24 ----A---- C:\Windows\ST6UNST.EXE
2009-06-11 21:23:05 ----A---- C:\Windows\system32\localspl.dll
2009-06-11 21:22:59 ----A---- C:\Windows\system32\mshtml.dll
2009-06-11 21:22:57 ----A---- C:\Windows\system32\iertutil.dll
2009-06-11 21:22:57 ----A---- C:\Windows\system32\ieframe.dll
2009-06-11 21:22:56 ----A---- C:\Windows\system32\urlmon.dll
2009-06-11 21:22:55 ----A---- C:\Windows\system32\wininet.dll
2009-06-11 21:22:55 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-11 21:22:55 ----A---- C:\Windows\system32\ieui.dll
2009-06-11 21:22:55 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-11 21:22:55 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-11 21:22:54 ----A---- C:\Windows\system32\iesetup.dll
2009-06-11 21:22:54 ----A---- C:\Windows\system32\iernonce.dll
2009-06-11 21:22:42 ----A---- C:\Windows\system32\rpcrt4.dll
======List of files/folders modified in the last 1 months======
2009-07-08 08:52:07 ----D---- C:\Windows\temp
2009-07-08 08:52:03 ----D---- C:\Windows\Prefetch
2009-07-08 08:43:01 ----D---- C:\Windows\System32
2009-07-08 08:39:01 ----D---- C:\Windows\inf
2009-07-08 08:39:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-08 08:34:59 ----D---- C:\Windows
2009-07-07 22:30:38 ----D---- C:\Windows\Minidump
2009-07-07 22:06:31 ----D---- C:\Program Files\Windows Media Player
2009-07-07 21:22:29 ----D---- C:\Windows\DigitalLocker
2009-07-07 13:43:22 ----D---- C:\Windows\winsxs
2009-07-07 13:35:49 ----D---- C:\Windows\system32\drivers
2009-07-07 13:33:01 ----HD---- C:\ProgramData
2009-07-07 13:28:58 ----D---- C:\Users\user\AppData\Roaming\Skype
2009-07-07 12:50:20 ----SHD---- C:\System Volume Information
2009-07-07 12:40:13 ----D---- C:\Users\user\AppData\Roaming\skypePM
2009-07-07 12:23:59 ----RD---- C:\Program Files
2009-07-07 12:08:39 ----D---- C:\Windows\system32\catroot2
2009-07-07 12:08:39 ----D---- C:\Windows\system32\catroot
2009-07-07 10:46:01 ----D---- C:\Windows\Tasks
2009-07-07 10:42:34 ----D---- C:\Windows\system32\Tasks
2009-07-06 19:35:41 ----D---- C:\Windows\system32\Samsung_USB_Drivers
2009-07-06 18:22:36 ----SHD---- C:\Windows\Installer
2009-07-06 18:20:37 ----D---- C:\Users\user\AppData\Roaming\uTorrent
2009-07-06 14:41:03 ----D---- C:\Users\user\AppData\Roaming\Hamachi
2009-07-06 13:00:20 ----D---- C:\Program Files\Common Files\Steam
2009-07-05 19:21:24 ----D---- C:\Program Files\Common Files
2009-07-05 19:21:20 ----D---- C:\ProgramData\Lavasoft
2009-07-05 15:36:07 ----D---- C:\Users\user\AppData\Roaming\Samsung
2009-07-03 19:22:52 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-03 19:21:08 ----RSD---- C:\Windows\assembly
2009-07-03 13:59:53 ----D---- C:\Windows\Registration
2009-07-03 07:44:41 ----D---- C:\Windows\Microsoft.NET
2009-07-02 12:11:29 ----SD---- C:\Windows\Downloaded Program Files
2009-06-30 19:13:24 ----SHD---- C:\$RECYCLE.BIN
2009-06-30 18:22:07 ----A---- C:\Windows\win.ini
2009-06-29 19:44:52 ----SD---- C:\ProgramData\Microsoft
2009-06-29 19:38:57 ----D---- C:\ProgramData\Downloaded Installations
2009-06-29 19:14:49 ----D---- C:\Users\user\AppData\Roaming\Nokia
2009-06-29 15:29:35 ----D---- C:\ProgramData\Microsoft Help
2009-06-29 15:27:05 ----D---- C:\Program Files\Common Files\microsoft shared
2009-06-28 16:05:34 ----A---- C:\Windows\system32\deploytk.dll
2009-06-28 15:47:17 ----D---- C:\Users\user\AppData\Roaming\Dev-Cpp
2009-06-26 10:30:17 ----RSD---- C:\Windows\Fonts
2009-06-25 17:19:13 ----D---- C:\Program Files\Internet Explorer
2009-06-22 17:10:18 ----D---- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
2009-06-22 13:32:12 ----SD---- C:\Users\user\AppData\Roaming\Microsoft
2009-06-22 10:33:21 ----RD---- C:\Users
2009-06-19 13:55:59 ----D---- C:\ProgramData\eMule
2009-06-13 14:25:08 ----D---- C:\Windows\Debug
2009-06-12 21:43:19 ----D---- C:\Windows\system32\directx
2009-06-12 10:36:11 ----D---- C:\Windows\system32\migration
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R1 PCLEPCI;PCLEPCI; \??\C:\Windows\system32\drivers\pclepci.sys [2002-03-19 14165]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-06-21 278984]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-06-21 25416]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-14 2061528]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2004-06-21 78976]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-11 7373568]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-01-25 106496]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 catchme;catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-12-16 8059]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-07-02 25280]
S3 HdAudAddService;Sterownik funkcji Microsoft 1.1 UAA dla usługi standardu High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Serwer proxy usługi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Serwer proxy menedżera jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 ndiscm;Motorola USB Cable Modem Windows Driver; C:\Windows\system32\DRIVERS\NetMotCM.sys [2003-08-10 14336]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-11 196608]
S2 World Market Watch, Inc.: 3D Mailbox update permissions manager. 711225.;World Market Watch, Inc.: 3D Mailbox update permissions manager. 711225.; D:\Gry\3D Mailbox\3DMailbox_AUTool.exe -PermissionManagerRun []
S3 BXKQVUAH;BXKQVUAH; C:\Users\user\AppData\Local\Temp\BXKQVUAH.exe [2009-07-06 490368]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-03-13 19200]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-06 316664]
S3 TWRNLXT;TWRNLXT; C:\Users\user\AppData\Local\Temp\TWRNLXT.exe [2009-07-06 379776]
-----------------EOF-----------------
Przypomnę iż ComboFix nie chce się uruchomić nawet pod zmienioną nazwą i gdy go uruchamiam jako Administrator wyskakuje taki błąd, że nie posiadam najnowszej wersji ComboFix i skanowanie może być niebezpieczne i że mój komputer jest zainfekowany Virut’em.
WIęc pobrałem najnowszego ComboFix’a ale znowu ten komunikat. Pobrałem ze strony Autora.
Dr. Web CureIt! nic nie wykyrwa, Spy-Bot także, MBAM też.