Здравейте. От няколко дни се боря с TR/Rootkit.Gen2 и/или TR/sirefef.BP.1 Първоначално антивирусната ми програма извади съобщение за заразени файлове в system32 фолдъра с TR/sirefef.BP.1. Дадох компютъра си на човек от фирма за поддръжка, който каза, че е изчистил всичко, открил общо 13 проблема. Но два дни по-късно антивирусната програма започна да съобщава за заразен с TR/Rootkit.Gen2 файл в system32\drivers\mrxsmb.sys.

Направих няколко неща, описани в тази тема http://www.kaldata.com/forums/index.php?showtopic=192269

Ето лог от TDSSKiller:

17:07:14.0593 4968 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

17:07:14.0843 4968 ============================================================

17:07:14.0843 4968 Current date / time: 2012/03/17 17:07:14.0843

17:07:14.0843 4968 SystemInfo:

17:07:14.0843 4968

17:07:14.0843 4968 OS Version: 5.1.2600 ServicePack: 2.0

17:07:14.0843 4968 Product type: Workstation

17:07:14.0843 4968 ComputerName: YOUR-C687F5AB37

17:07:14.0843 4968 UserName: Juliana

17:07:14.0843 4968 Windows directory: C:\WINDOWS

17:07:14.0843 4968 System windows directory: C:\WINDOWS

17:07:14.0843 4968 Processor architecture: Intel x86

17:07:14.0843 4968 Number of processors: 1

17:07:14.0843 4968 Page size: 0x1000

17:07:14.0843 4968 Boot type: Normal boot

17:07:14.0843 4968 ============================================================

17:07:17.0078 4968 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

17:07:17.0078 4968 Drive \Device\Harddisk1\DR2 - Size: 0x4A5BF00000 (297.44 Gb), SectorSize: 0x200, Cylinders: 0x97AB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

17:07:17.0078 4968 \Device\Harddisk0\DR0:

17:07:17.0093 4968 MBR used

17:07:17.0093 4968 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482

17:07:17.0109 4968 Initialize success

17:07:17.0109 4968 ============================================================

17:07:46.0375 5604 ============================================================

17:07:46.0375 5604 Scan started

17:07:46.0375 5604 Mode: Manual; SigCheck; TDLFS;

17:07:46.0375 5604 ============================================================

17:07:46.0984 5604 Abiosdsk - ok

17:07:47.0000 5604 abp480n5 - ok

17:07:47.0031 5604 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:07:50.0281 5604 ACPI - ok

17:07:50.0421 5604 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

17:07:50.0593 5604 ACPIEC - ok

17:07:50.0609 5604 adpu160m - ok

17:07:50.0671 5604 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

17:07:51.0093 5604 aec - ok

17:07:51.0156 5604 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys

17:07:51.0250 5604 AegisP ( UnsignedFile.Multi.Generic ) - warning

17:07:51.0250 5604 AegisP - detected UnsignedFile.Multi.Generic (1)

17:07:51.0609 5604 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

17:07:51.0703 5604 AFD - ok

17:07:51.0812 5604 AgereSoftModem (4458fcb8a00da31fdcc086449274c40d) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

17:07:51.0968 5604 AgereSoftModem - ok

17:07:52.0093 5604 Aha154x - ok

17:07:52.0109 5604 aic78u2 - ok

17:07:52.0125 5604 aic78xx - ok

17:07:52.0156 5604 AliIde - ok

17:07:52.0171 5604 amsint - ok

17:07:52.0218 5604 ApfiltrService (87ec3fdcaf6c5052e2e72b861dedd3d3) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

17:07:52.0875 5604 ApfiltrService - ok

17:07:52.0921 5604 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

17:07:53.0093 5604 Arp1394 - ok

17:07:53.0109 5604 asc - ok

17:07:53.0125 5604 asc3350p - ok

17:07:53.0140 5604 asc3550 - ok

17:07:53.0187 5604 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:07:53.0343 5604 AsyncMac - ok

17:07:53.0390 5604 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:07:53.0531 5604 atapi - ok

17:07:53.0703 5604 Atdisk - ok

17:07:53.0718 5604 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:07:53.0859 5604 Atmarpc - ok

17:07:53.0890 5604 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:07:54.0062 5604 audstub - ok

17:07:54.0156 5604 avgio (afa456a6210abe5798561a5758517340) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys

17:07:54.0187 5604 avgio - ok

17:07:54.0203 5604 avgntflt (906f73c4f6b8ba5daabc41a1f04cecfe) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys

17:07:54.0218 5604 avgntflt - ok

17:07:54.0250 5604 avipbb (bdb37b3b217f5181a5bc129c50844f98) C:\WINDOWS\system32\DRIVERS\avipbb.sys

17:07:54.0265 5604 avipbb - ok

17:07:54.0312 5604 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:07:54.0437 5604 Beep - ok

17:07:54.0515 5604 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:07:54.0656 5604 cbidf2k - ok

17:07:54.0750 5604 cd20xrnt - ok

17:07:54.0812 5604 CdaC15BA (f76cb7259aa575cc53f3996bc6b68c18) C:\WINDOWS\system32\drivers\CDAC15BA.SYS

17:07:54.0828 5604 CdaC15BA ( UnsignedFile.Multi.Generic ) - warning

17:07:54.0828 5604 CdaC15BA - detected UnsignedFile.Multi.Generic (1)

17:07:54.0843 5604 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:07:55.0000 5604 Cdaudio - ok

17:07:55.0031 5604 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

17:07:55.0218 5604 Cdfs - ok

17:07:55.0281 5604 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:07:55.0406 5604 Cdrom - ok

17:07:55.0437 5604 Changer - ok

17:07:55.0484 5604 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

17:07:55.0640 5604 CmBatt - ok

17:07:55.0656 5604 CmdIde - ok

17:07:55.0671 5604 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

17:07:55.0828 5604 Compbatt - ok

17:07:55.0859 5604 Cpqarray - ok

17:07:55.0890 5604 dac2w2k - ok

17:07:55.0906 5604 dac960nt - ok

17:07:55.0984 5604 dgderdrv (3be1651c63954067940e7f473498ad70) C:\WINDOWS\system32\drivers\dgderdrv.sys

17:07:55.0984 5604 dgderdrv - ok

17:07:56.0078 5604 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

17:07:56.0250 5604 Disk - ok

17:07:56.0359 5604 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

17:07:56.0546 5604 dmboot - ok

17:07:56.0640 5604 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

17:07:56.0796 5604 dmio - ok

17:07:56.0828 5604 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:07:57.0000 5604 dmload - ok

17:07:57.0031 5604 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

17:07:57.0171 5604 DMusic - ok

17:07:57.0406 5604 Dot4 (ad7fc1963b152b3728e3c4f83554a576) C:\WINDOWS\system32\DRIVERS\Dot4.sys

17:07:57.0562 5604 Dot4 - ok

17:07:57.0578 5604 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

17:07:57.0703 5604 Dot4Print - ok

17:07:57.0718 5604 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

17:07:57.0859 5604 dot4usb - ok

17:07:57.0875 5604 dpti2o - ok

17:07:57.0890 5604 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

17:07:58.0031 5604 drmkaud - ok

17:07:58.0062 5604 EMSCR (01857b94bd3f8c99188862d026c925c0) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys

17:07:58.0156 5604 EMSCR - ok

17:07:58.0218 5604 ESDCR (5983f3f91487c2a2a514c17245a0e25d) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys

17:07:58.0265 5604 ESDCR - ok

17:07:58.0281 5604 ESMCR (1c70a634fe223735cbc75e020b6013fd) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys

17:07:58.0343 5604 ESMCR - ok

17:07:58.0468 5604 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

17:07:58.0656 5604 Fastfat - ok

17:07:58.0703 5604 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

17:07:58.0843 5604 Fdc - ok

17:07:58.0890 5604 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

17:07:59.0031 5604 Fips - ok

17:07:59.0078 5604 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:07:59.0250 5604 Flpydisk - ok

17:07:59.0328 5604 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

17:07:59.0781 5604 FltMgr - ok

17:07:59.0906 5604 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS

17:07:59.0937 5604 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning

17:07:59.0937 5604 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)

17:08:00.0265 5604 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:08:00.0437 5604 Fs_Rec - ok

17:08:00.0468 5604 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:08:00.0625 5604 Ftdisk - ok

17:08:00.0656 5604 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

17:08:00.0687 5604 GEARAspiWDM - ok

17:08:00.0734 5604 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:08:00.0875 5604 Gpc - ok

17:08:00.0906 5604 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:08:01.0000 5604 HDAudBus - ok

17:08:01.0250 5604 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:08:01.0421 5604 HidUsb - ok

17:08:01.0500 5604 hpn - ok

17:08:01.0609 5604 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys

17:08:01.0687 5604 HTCAND32 - ok

17:08:01.0734 5604 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys

17:08:02.0140 5604 HTTP - ok

17:08:02.0359 5604 i2omgmt - ok

17:08:02.0375 5604 i2omp - ok

17:08:02.0750 5604 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:08:02.0875 5604 i8042prt - ok

17:08:03.0000 5604 ialm (da91f5385cfc8ba0f110f2fde112b563) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

17:08:03.0140 5604 ialm - ok

17:08:03.0265 5604 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:08:03.0421 5604 Imapi - ok

17:08:03.0515 5604 InCDFs - ok

17:08:03.0531 5604 InCDPass - ok

17:08:03.0546 5604 InCDRm - ok

17:08:03.0578 5604 ini910u - ok

17:08:03.0796 5604 IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys

17:08:04.0171 5604 IntcAzAudAddService - ok

17:08:04.0296 5604 IntelIde - ok

17:08:04.0328 5604 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:08:04.0453 5604 intelppm - ok

17:08:04.0484 5604 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

17:08:04.0625 5604 Ip6Fw - ok

17:08:04.0656 5604 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:08:04.0796 5604 IpFilterDriver - ok

17:08:04.0828 5604 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:08:04.0968 5604 IpInIp - ok

17:08:05.0031 5604 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:08:05.0437 5604 IpNat - ok

17:08:05.0500 5604 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:08:05.0671 5604 IPSec - ok

17:08:05.0796 5604 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:08:05.0890 5604 IRENUM - ok

17:08:05.0921 5604 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:08:06.0046 5604 isapnp - ok

17:08:06.0078 5604 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

17:08:06.0140 5604 Iviaspi ( UnsignedFile.Multi.Generic ) - warning

17:08:06.0140 5604 Iviaspi - detected UnsignedFile.Multi.Generic (1)

17:08:06.0171 5604 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:08:06.0296 5604 Kbdclass - ok

17:08:06.0375 5604 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

17:08:06.0765 5604 kmixer - ok

17:08:06.0796 5604 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

17:08:06.0937 5604 KSecDD - ok

17:08:06.0953 5604 lbrtfdc - ok

17:08:07.0015 5604 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:08:07.0156 5604 mnmdd - ok

17:08:07.0187 5604 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

17:08:07.0359 5604 Modem - ok

17:08:07.0531 5604 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:08:07.0671 5604 Mouclass - ok

17:08:07.0734 5604 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:08:07.0859 5604 mouhid - ok

17:08:07.0890 5604 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

17:08:08.0031 5604 MountMgr - ok

17:08:08.0046 5604 mraid35x - ok

17:08:08.0109 5604 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:08:08.0515 5604 MRxDAV - ok

17:08:08.0640 5604 MRxSmb (1c949c070a2804905ad84f35507d7389) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:12:49.0625 5604 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. md5: 1c949c070a2804905ad84f35507d7389

17:12:49.0640 5604 MRxSmb ( LockedFile.Multi.Generic ) - warning

17:12:49.0640 5604 MRxSmb - detected LockedFile.Multi.Generic (1)

17:12:49.0781 5604 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

17:12:50.0359 5604 Msfs - ok

17:12:50.0468 5604 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:12:50.0687 5604 MSKSSRV - ok

17:12:50.0843 5604 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:12:51.0000 5604 MSPCLOCK - ok

17:12:51.0031 5604 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

17:12:51.0171 5604 MSPQM - ok

17:12:51.0218 5604 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:12:51.0359 5604 mssmbios - ok

17:12:51.0390 5604 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

17:12:51.0562 5604 Mup - ok

17:12:51.0609 5604 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

17:12:51.0765 5604 NDIS - ok

17:12:51.0812 5604 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:12:51.0953 5604 NdisTapi - ok

17:12:51.0968 5604 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:12:52.0421 5604 Ndisuio - ok

17:12:52.0890 5604 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:12:53.0015 5604 NdisWan - ok

17:12:53.0046 5604 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

17:12:53.0187 5604 NDProxy - ok

17:12:53.0250 5604 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\WINDOWS\system32\DRIVERS\netaapl.sys

17:12:53.0265 5604 Netaapl ( UnsignedFile.Multi.Generic ) - warning

17:12:53.0265 5604 Netaapl - detected UnsignedFile.Multi.Generic (1)

17:12:53.0296 5604 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:12:53.0421 5604 NetBIOS - ok

17:12:53.0453 5604 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:12:53.0609 5604 NetBT - ok

17:12:53.0671 5604 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys

17:12:53.0703 5604 Netdevio ( UnsignedFile.Multi.Generic ) - warning

17:12:53.0703 5604 Netdevio - detected UnsignedFile.Multi.Generic (1)

17:12:53.0765 5604 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

17:12:53.0890 5604 NIC1394 - ok

17:12:54.0078 5604 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys

17:12:54.0734 5604 nmwcd - ok

17:12:54.0859 5604 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys

17:12:54.0937 5604 nmwcdc - ok

17:12:54.0968 5604 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

17:12:55.0125 5604 Npfs - ok

17:12:55.0218 5604 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

17:12:55.0718 5604 Ntfs - ok

17:12:55.0765 5604 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:12:55.0890 5604 Null - ok

17:12:55.0937 5604 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:12:56.0046 5604 NwlnkFlt - ok

17:12:56.0062 5604 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:12:56.0203 5604 NwlnkFwd - ok

17:12:56.0234 5604 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

17:12:56.0359 5604 ohci1394 - ok

17:12:56.0765 5604 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys

17:12:56.0984 5604 Parport - ok

17:12:57.0015 5604 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

17:12:57.0156 5604 PartMgr - ok

17:12:57.0187 5604 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:12:57.0328 5604 ParVdm - ok

17:12:57.0406 5604 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

17:12:57.0437 5604 pccsmcfd - ok

17:12:57.0578 5604 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

17:12:57.0703 5604 PCI - ok

17:12:57.0718 5604 PCIDump - ok

17:12:57.0734 5604 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:12:57.0859 5604 PCIIde - ok

17:12:57.0875 5604 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

17:12:58.0062 5604 Pcmcia - ok

17:12:58.0109 5604 PDCOMP - ok

17:12:58.0125 5604 PDFRAME - ok

17:12:58.0140 5604 PDRELI - ok

17:12:58.0171 5604 PDRFRAME - ok

17:12:58.0250 5604 perc2 - ok

17:12:58.0265 5604 perc2hib - ok

17:12:58.0312 5604 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

17:12:58.0328 5604 Pfc ( UnsignedFile.Multi.Generic ) - warning

17:12:58.0328 5604 Pfc - detected UnsignedFile.Multi.Generic (1)

17:12:58.0375 5604 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:12:58.0500 5604 PptpMiniport - ok

17:12:58.0515 5604 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

17:12:58.0671 5604 PSched - ok

17:12:58.0703 5604 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:12:58.0828 5604 Ptilink - ok

17:12:58.0843 5604 ql1080 - ok

17:12:58.0859 5604 Ql10wnt - ok

17:12:58.0875 5604 ql12160 - ok

17:12:58.0890 5604 ql1240 - ok

17:12:58.0906 5604 ql1280 - ok

17:12:58.0937 5604 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:12:59.0078 5604 RasAcd - ok

17:12:59.0156 5604 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:12:59.0343 5604 Rasl2tp - ok

17:12:59.0406 5604 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:12:59.0515 5604 RasPppoe - ok

17:12:59.0531 5604 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:12:59.0656 5604 Raspti - ok

17:12:59.0703 5604 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:13:00.0093 5604 Rdbss - ok

17:13:00.0171 5604 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:13:00.0296 5604 RDPCDD - ok

17:13:00.0406 5604 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

17:13:00.0781 5604 RDPWD - ok

17:13:00.0812 5604 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:13:00.0968 5604 redbook - ok

17:13:01.0062 5604 RTL8023xp (6bb86099e1b4f9994d4f733f0c9e4c22) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

17:13:01.0078 5604 RTL8023xp - ok

17:13:01.0093 5604 RTLE8023xp (6bb86099e1b4f9994d4f733f0c9e4c22) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

17:13:01.0109 5604 RTLE8023xp - ok

17:13:01.0171 5604 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys

17:13:01.0218 5604 s24trans ( UnsignedFile.Multi.Generic ) - warning

17:13:01.0218 5604 s24trans - detected UnsignedFile.Multi.Generic (1)

17:13:01.0281 5604 sdbus (a1ab8355ecf5ace3f2d5a47fc8a231e9) C:\WINDOWS\system32\DRIVERS\sdbus.sys

17:13:01.0687 5604 sdbus - ok

17:13:01.0828 5604 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:13:02.0250 5604 Secdrv - ok

17:13:02.0375 5604 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys

17:13:02.0812 5604 Serial - ok

17:13:02.0875 5604 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:13:03.0000 5604 Sfloppy - ok

17:13:03.0031 5604 Simbad - ok

17:13:03.0093 5604 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys

17:13:03.0109 5604 SmartDefragDriver - ok

17:13:03.0125 5604 Sparrow - ok

17:13:03.0171 5604 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

17:13:03.0578 5604 splitter - ok

17:13:03.0640 5604 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

17:13:03.0750 5604 sr - ok

17:13:04.0015 5604 Srv (7a0111577d8046633d5162a3ce15e9e1) C:\WINDOWS\system32\DRIVERS\srv.sys

17:13:04.0140 5604 Srv - ok

17:13:04.0218 5604 ssadbus (6d83ff6722baf7e82a4521dbec363e5a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys

17:13:04.0265 5604 ssadbus - ok

17:13:04.0312 5604 ssadmdfl (5ae42e90f99749e0e35b9989a2d0275c) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys

17:13:04.0328 5604 ssadmdfl - ok

17:13:04.0359 5604 ssadmdm (9285d8aba50a4d6482b1574448f9eb76) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys

17:13:04.0375 5604 ssadmdm - ok

17:13:04.0500 5604 ssmdrv (3d2829fde1c52fc64da5413889ce4dee) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

17:13:04.0500 5604 ssmdrv - ok

17:13:04.0546 5604 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:13:04.0671 5604 swenum - ok

17:13:04.0703 5604 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

17:13:04.0890 5604 swmidi - ok

17:13:04.0906 5604 symc810 - ok

17:13:04.0921 5604 symc8xx - ok

17:13:04.0937 5604 sym_hi - ok

17:13:04.0953 5604 sym_u3 - ok

17:13:04.0984 5604 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

17:13:05.0125 5604 sysaudio - ok

17:13:05.0187 5604 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:13:05.0328 5604 Tcpip - ok

17:13:05.0375 5604 tdcmdpst (cc1d7bc6a3632c55ee6d8877e9b936f3) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys

17:13:05.0390 5604 tdcmdpst ( UnsignedFile.Multi.Generic ) - warning

17:13:05.0390 5604 tdcmdpst - detected UnsignedFile.Multi.Generic (1)

17:13:05.0531 5604 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:13:05.0671 5604 TDPIPE - ok

17:13:05.0703 5604 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

17:13:05.0828 5604 TDTCP - ok

17:13:05.0859 5604 tdudf (eab2ab0ee3605f5588d2b55ec06f2990) C:\WINDOWS\system32\DRIVERS\tdudf.sys

17:13:05.0968 5604 tdudf ( UnsignedFile.Multi.Generic ) - warning

17:13:05.0968 5604 tdudf - detected UnsignedFile.Multi.Generic (1)

17:13:06.0015 5604 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:13:06.0171 5604 TermDD - ok

17:13:06.0218 5604 TosIde - ok

17:13:06.0250 5604 TPwSav (0e1a5af6e6305e6dc7a69b814f35eadd) C:\WINDOWS\system32\Drivers\TPwSav.sys

17:13:06.0265 5604 TPwSav ( UnsignedFile.Multi.Generic ) - warning

17:13:06.0265 5604 TPwSav - detected UnsignedFile.Multi.Generic (1)

17:13:06.0296 5604 Tvs (96a2f44963346e3213e91e84038cd2cc) C:\WINDOWS\system32\DRIVERS\Tvs.sys

17:13:06.0328 5604 Tvs ( UnsignedFile.Multi.Generic ) - warning

17:13:06.0328 5604 Tvs - detected UnsignedFile.Multi.Generic (1)

17:13:06.0343 5604 Udfs (7cef3e36843bf5dd55120fcce88800ce) C:\WINDOWS\system32\drivers\Udfs.sys

17:13:06.0703 5604 Udfs - ok

17:13:06.0718 5604 ultra - ok

17:13:06.0796 5604 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

17:13:07.0218 5604 Update - ok

17:13:07.0578 5604 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

17:13:07.0703 5604 USBAAPL - ok

17:13:07.0781 5604 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:13:07.0921 5604 usbccgp - ok

17:13:08.0046 5604 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:13:08.0187 5604 usbehci - ok

17:13:08.0218 5604 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:13:08.0359 5604 usbhub - ok

17:13:08.0390 5604 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:13:08.0515 5604 usbscan - ok

17:13:08.0562 5604 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:13:08.0703 5604 USBSTOR - ok

17:13:08.0781 5604 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:13:08.0921 5604 usbuhci - ok

17:13:09.0078 5604 usb_rndisx (ee37e5c79d6c788711296075b2bc95f4) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

17:13:09.0203 5604 usb_rndisx - ok

17:13:09.0343 5604 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

17:13:09.0468 5604 VgaSave - ok

17:13:09.0484 5604 ViaIde - ok

17:13:09.0515 5604 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

17:13:09.0640 5604 VolSnap - ok

17:13:09.0734 5604 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys

17:13:09.0859 5604 w39n51 - ok

17:13:10.0031 5604 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:13:10.0203 5604 Wanarp - ok

17:13:10.0296 5604 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

17:13:10.0343 5604 WDC_SAM - ok

17:13:10.0421 5604 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

17:13:10.0484 5604 Wdf01000 - ok

17:13:10.0500 5604 WDICA - ok

17:13:10.0609 5604 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

17:13:11.0015 5604 wdmaud - ok

17:13:11.0328 5604 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

17:13:11.0468 5604 WpdUsb - ok

17:13:11.0828 5604 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

17:13:11.0953 5604 WS2IFSL - ok

17:13:12.0015 5604 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:13:12.0078 5604 WudfPf - ok

17:13:12.0109 5604 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

17:13:12.0171 5604 WudfRd - ok

17:13:12.0234 5604 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0

17:13:12.0875 5604 \Device\Harddisk0\DR0 - ok

17:13:12.0875 5604 Boot (0x1200) (c7e6baa0c9350f4a90c74fb7f00e9edb) \Device\Harddisk0\DR0\Partition0

17:13:12.0890 5604 \Device\Harddisk0\DR0\Partition0 - ok

17:13:12.0890 5604 ============================================================

17:13:12.0890 5604 Scan finished

17:13:12.0890 5604 ============================================================

17:13:13.0015 5624 Detected object count: 13

17:13:13.0015 5624 Actual detected object count: 13

17:16:06.0687 5624 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

17:16:06.0687 5624 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:16:06.0687 5624 CdaC15BA ( UnsignedFile.Multi.Generic ) - skipped by user

17:16:06.0687 5624 CdaC15BA ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:16:06.0687 5624 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user

17:16:06.0687 5624 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:16:06.0718 5624 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user

17:16:06.0718 5624 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:16:06.0718 5624 MRxSmb ( LockedFile.Multi.Generic ) - skipped by user

17:16:06.0718 5624 MRxSmb ( LockedFile.Multi.Generic ) - User select action: Skip

17:16:06.0750 5624 Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user

17:16:06.0750 5624 Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:16:06.0750 5624 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user

17:16:06.0750 5624 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:16:06.0750 5624 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user

17:16:06.0750 5624 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:16:06.0765 5624 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

17:16:06.0765 5624 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:16:06.0765 5624 tdcmdpst ( UnsignedFile.Multi.Generic ) - skipped by user

17:16:06.0765 5624 tdcmdpst ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:16:06.0765 5624 tdudf ( UnsignedFile.Multi.Generic ) - skipped by user

17:16:06.0765 5624 tdudf ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:16:06.0765 5624 TPwSav ( UnsignedFile.Multi.Generic ) - skipped by user

17:16:06.0765 5624 TPwSav ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:16:06.0765 5624 Tvs ( UnsignedFile.Multi.Generic ) - skipped by user

17:16:06.0765 5624 Tvs ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:16:23.0421 4436 Deinitialize success

Стартирах на два пъти ComboFix. И двата пъти стига до stage 50, след което за част от секундата показва син екран, че програмата е срещнала проблем, компютъра се рестартира и показва съобщение за възстановяване от сериозен проблем и липсва лог от ComboFix.

Прикачвам логовете от OTL и архива от AVZ. След малко ще кача и лог от dds, ще пусна програмата сега, след като направих всичко описано.

Предварително благодаря за отделеното време.

Ето dds лога.

Забравих да уточня, че нямам инсталационен диск.

DDS (Ver_2011-09-30.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Juliana at 19:35:17 on 2012-03-17

Microsoft Windows XP Home Edition 5.1.2600.2.1251.359.1033.18.1526.731 [GMT 2:00]

.

AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Norton Internet Worm Protection *Disabled*

.

============== Running Processes ================

.

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\WINDOWS\system32\dgdersvc.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Common Files\Teleca Shared\logger.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.bg/

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - LocalServer32 - <no file>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - LocalServer32 - <no file>

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - LocalServer32 - <no file>

EB: &Discuss: {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} -

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [KiesTrayAgent] <no file>

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe

mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe

mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP

mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe

mRun: [Zooming] ZoomingHook.exe

mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe

mRun: [TCtryIOHook] TCtrlIOHook.exe

mRun: [TFncKy] TFncKy.exe

mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [CFSServ.exe] CFSServ.exe -NoClient

mRun: [TPSMain] TPSMain.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\juliana\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: &С&валяне &с BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &С&валяне на всички с BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: &С&валяне на всичкото видео с BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: mswsock.dll

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://84.54.135.77/activex/AMC.cab

TCP: NameServer = 217.9.239.90 217.9.239.94

TCP: Interfaces\{F7D4EF26-9254-4F9B-8542-F8C87ECE9F0A} : DHCPNameServer = 217.9.239.90 217.9.239.94

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 66.98.148.65 auto.search.msn.com

Hosts: 66.98.148.65 auto.search.msn.es

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-3-15 14776]

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-1-8 11608]

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-1-8 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-1-8 151297]

R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-10-25 95568]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-12-23 217088]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-4-18 98816]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]

R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-1-8 52056]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-10-25 18120]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-12-23 36640]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 starwindserviceae;Symredrv;c:\windows\system32\svchost.exe -k netsvcs [2006-5-23 14336]

S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-6-17 24576]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-4-1 18432]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-12-23 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-12-23 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-12-23 121576]

S3 uti3otqy;AVZ Kernel Driver;c:\windows\system32\drivers\uti3otqy.sys [2012-3-17 7168]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-7-3 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile="c:\windows\notepad.exe" "%1"

ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"

.

=============== Created Last 30 ================

.

2012-03-17 16:57:43 7168 ----a-w- c:\windows\system32\drivers\uti3otqy.sys

2012-03-17 16:07:22 -------- d-s---w- C:\ComboFix

2012-03-17 15:34:59 -------- d-sha-r- C:\cmdcons

2012-03-17 15:32:57 98816 ----a-w- c:\windows\sed.exe

2012-03-17 15:32:57 256000 ----a-w- c:\windows\PEV.exe

2012-03-17 15:32:57 208896 ----a-w- c:\windows\MBR.exe

2012-03-15 13:37:23 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2012-03-15 13:37:22 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2012-03-15 13:37:22 -------- d-----w- c:\documents and settings\juliana\application data\IObit

2012-03-15 13:37:16 -------- d-----w- c:\program files\IObit

2012-03-14 10:21:36 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd

2012-03-14 10:17:48 -------- d-sh--w- c:\documents and settings\juliana\local settings\application data\59c27c79

.

==================== Find3M ====================

.

2012-03-14 07:30:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 19:35:24,45 ===============

Това е логът от файла attach.txt на dds

Extras.Txt

OTL.Txt

KL_syscure.zip

attach.txt

Моля, не използвайте инструменти без инструкции...Даже няма да си правя труда да ги отворя, защото не е сканирано според изискванията с тях.

Изтеглете Gmer

• Временно спрете Интернета си,всички работещи програми,както и антивирусната си програма.
• Стартирате програмата.
• След завършването на автоматичната проверка,махнете отметките от следните позиции:

  - IAT/EAT

  - Show all

  - махнете отметките от всички локални дискове. Маркирайте само системния дял (обикновенно това е C:\ )

  

• Натиснете бутона Scan
• Изчакайте програмата да завърши сканирането,след което натиснете бутона Save и запишете (save as) резултатите на десктопа с име Gmer.log.
• Включете Интернета си и прикачете Gmer.log в следващия си коментар.

  Забележка:

• Не предприемайте никакви действия върху редовете маркирани с "<--- ROOТKIT" ,защото това може да доведе до проблеми с Windows.

Здравейте. Когато стартирам програмата системата крашва, рестартира се и дава съобщение, че се е възстановила от сериозен проблем.

Изтеглете OTL.exe и го запазете на десктопа.

• Стартирайте OTL (ако е необходимо, потвърдете през UAC).
• Направете следните настройки:
• Сложете отметка пред Scan All Users
• Под менюто File Age изберете 90 days
• Под менюто Standard Registry променете на ALL
• Сложете отметки пред LOP и Purity Check

Под с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Application Data\*.*
%USERPROFILE%\Local Settings\Application Data\*.*
%AllUsersProfile%\*.*
%AllUsersProfile%\Application Data\*.*
%USERPROFILE%\My Documents\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\config\systemprofile\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
%windir%\temp*.*
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_MSIL\*.* /S /MD5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /rp /s
/md5start
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
atapi.sys
iaStor.sys
serial.sys
disk.sys
volsnap.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
tcpip.sys
ipsec.sys
mrxsmb.sys
hlp.dat
/md5stop

• Натиснете маркираният в синьо бутон: Run Scan.
• Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

Докато програмата работи, първите няколко реда от скрипта изчезват, а накрая се създава само OTL файл.

OTL.Txt

СТЪПКА 1

Изтеглете и инсталирайте Erunt.

Оставете настройките по подразбиране и направете бекъп на регистрите.

• Отворете notepad и с copy/paste въведете следната информация:

  REGEDIT4
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
  "netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\
    76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\
    65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\
    00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\
    62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\
    49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\
    57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\
    6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\
    61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\
    52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\
    75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\
    63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\
    68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\
    56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\
    73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,42,49,54,53,00,77,75,61,75,73,65,\
    72,76,00,53,68,65,6c,6c,48,57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,\
    76,63,00,57,6d,64,6d,50,6d,53,4e,00,00

• Запазете файла с името fix.reg.
• Файла трябва да изглежда така -
• Стартирайте го и изберете YES на диалоговия прозорец.

СТЪПКА 2

• Изтеглете GrantPerms.zip и го разархивирайте в папка по избор. Стартирайте GrantPerms.exe и въведете следната информация:

  C:\Documents and Settings\Juliana\Local Settings\Application Data\59c27c79

• Натиснете Unlock и след това List Permissions. Публикувайте лог файла в следващия си пост.

СТЪПКА 3

• Стартирайте файла с двукратен клик на мишката.
• Под с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

:OTL
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\papyjoy.dll -- (zpaction)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcnasvc.dll -- (xpadminserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tb2launch.dll -- (WUSB54Gv4SVC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viaagp1.dll -- (webdriveservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slabser.dll -- (WacomVKHid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\raidmsvr.dll -- (w810obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pwisvc.dll -- (w810mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\incdsrv.dll -- (vmnetdhcp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\crystalaps.dll -- (tsp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se58mdm.dll -- (transactional)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cfosspeed.dll -- (tmesrv3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mr2kserv.dll -- (svv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w800bus.dll -- (starwindserviceae)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wanatw.dll -- (sprtsvc_dellsupportcenter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaantmon.dll -- (SNC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wtwservice.dll -- (smartlinkservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mctaskmanager.dll -- (slimsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emu10k.dll -- (slee_81_service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Alpham2.dll -- (se58obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AsIO.dll -- (SE2Emdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmsaccess.dll -- (scramby)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nsvclog.dll -- (sandradatasrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nod32krn.dll -- (SaiNtSub)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfloppy.dll -- (SaiNtBus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ftdisk.dll -- (s3savagemx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\C-Dilla.dll -- (s116mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\crystalinputfileserver.dll -- (portio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NWUSBPort.dll -- (PdiPorts)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\adpu320.dll -- (pcandis5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mail2ec.dll -- (oraclesnmppeermasteragent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndiswan.dll -- (oracleorahomeclientcache)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracledbconsoleorcl.dll -- (oracleoradb10g_home1isql*plus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ispwdsvc.dll -- (OEM02Vfx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\afd.dll -- (NWADI)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se59bus.dll -- (nuvaud2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ialm.dll -- (n558)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stllssvr.dll -- (MxlW2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UxTuneUp.dll -- (mstdc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ql12160.dll -- (monfilt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kl1.dll -- (mlkkbdntdriver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\IntelC52.dll -- (lxbs_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TeamViewer.dll -- (lvsrvlauncher)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CnxTrLan.dll -- (LHidFilt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viaide.dll -- (kpfwsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se44unic.dll -- (JiaoIO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tpsrv.dll -- (inspect)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MS1000.dll -- (ifxtcs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UimBus.dll -- (icdsptsv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websenseclientdeployservice.dll -- (HWIONT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dcstor32.dll -- (hf30service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MR97310_USB_DUAL_CAMERA.dll -- (FETNDISB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvupdtio.dll -- (EU3_USB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ibmcicstransactiongateway.dll -- (EPSON_EB_RPCV4_01)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pinger.dll -- (emclisrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQLAgent$MICROSOFTSMLBIZ.dll -- (elnkservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mferkdk.dll -- (DLH5X)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\icepack.dll -- (digictrl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\procdd.dll -- (DCamUSBDXGTech)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nicser_wmp11.dll -- (cyberpowerups)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wlankeeper.dll -- (cvslock)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se45nd5.dll -- (cpqdfw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amfilter.dll -- (com4qlb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NSNDIS5.dll -- (cercsr6)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DynDNS_Updater_Service.dll -- (belmonitorservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\idrivert.dll -- (AVRec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USBMN1X1.dll -- (amdagp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nwcworkstation.dll -- (_iomega_active_disk_service_)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Juliana\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012.03.17 18:57:44 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uti3otqy.sys -- (uti3otqy)
[2012.03.14 12:17:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Juliana\Local Settings\Application Data\59c27c79
:files
C:\I386\sp2.cab:mrxsmb.sys /E
C:\WINDOWS\system32\drivers\mrxsmb.sys|c:\mrxsmb.sys /replace
:commands
[reboot]

След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл - OTL fix log. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

Ето двата лога. Забравих да спомена в началото, че имам външен хард диск, който използвам само за съхранение на големи файлове. От началото на проблемите го държа изключен. Това проблем ли е? ========== OTL ========== Service zpaction stopped successfully! Service zpaction deleted successfully! File %systemroot%\system32\papyjoy.dll not found. Service xpadminserver stopped successfully! Service xpadminserver deleted successfully! File %systemroot%\system32\mcnasvc.dll not found. Service WUSB54Gv4SVC stopped successfully! Service WUSB54Gv4SVC deleted successfully! File %systemroot%\system32\tb2launch.dll not found. Service webdriveservice stopped successfully! Service webdriveservice deleted successfully! File %systemroot%\system32\viaagp1.dll not found. Service WacomVKHid stopped successfully! Service WacomVKHid deleted successfully! File %systemroot%\system32\slabser.dll not found. Service w810obex stopped successfully! Service w810obex deleted successfully! File %systemroot%\system32\raidmsvr.dll not found. Service w810mgmt stopped successfully! Service w810mgmt deleted successfully! File %systemroot%\system32\pwisvc.dll not found. Service vmnetdhcp stopped successfully! Service vmnetdhcp deleted successfully! File %systemroot%\system32\incdsrv.dll not found. Service tsp stopped successfully! Service tsp deleted successfully! File %systemroot%\system32\crystalaps.dll not found. Service transactional stopped successfully! Service transactional deleted successfully! File %systemroot%\system32\se58mdm.dll not found. Service tmesrv3 stopped successfully! Service tmesrv3 deleted successfully! File %systemroot%\system32\cfosspeed.dll not found. Service svv stopped successfully! Service svv deleted successfully! File %systemroot%\system32\mr2kserv.dll not found. Service starwindserviceae stopped successfully! Service starwindserviceae deleted successfully! File %systemroot%\system32\w800bus.dll not found. Service sprtsvc_dellsupportcenter stopped successfully! Service sprtsvc_dellsupportcenter deleted successfully! File %systemroot%\system32\wanatw.dll not found. Service SNC stopped successfully! Service SNC deleted successfully! File %systemroot%\system32\iaantmon.dll not found. Service smartlinkservice stopped successfully! Service smartlinkservice deleted successfully! File %systemroot%\system32\wtwservice.dll not found. Service slimsvc stopped successfully! Service slimsvc deleted successfully! File %systemroot%\system32\mctaskmanager.dll not found. Service slee_81_service stopped successfully! Service slee_81_service deleted successfully! File %systemroot%\system32\emu10k.dll not found. Service se58obex stopped successfully! Service se58obex deleted successfully! File %systemroot%\system32\Alpham2.dll not found. Service SE2Emdm stopped successfully! Service SE2Emdm deleted successfully! File %systemroot%\system32\AsIO.dll not found. Service scramby stopped successfully! Service scramby deleted successfully! File %systemroot%\system32\nmsaccess.dll not found. Service sandradatasrv stopped successfully! Service sandradatasrv deleted successfully! File %systemroot%\system32\nsvclog.dll not found. Service SaiNtSub stopped successfully! Service SaiNtSub deleted successfully! File %systemroot%\system32\nod32krn.dll not found. Service SaiNtBus stopped successfully! Service SaiNtBus deleted successfully! File %systemroot%\system32\sfloppy.dll not found. Service s3savagemx stopped successfully! Service s3savagemx deleted successfully! File %systemroot%\system32\ftdisk.dll not found. Service s116mgmt stopped successfully! Service s116mgmt deleted successfully! File %systemroot%\system32\C-Dilla.dll not found. Service portio stopped successfully! Service portio deleted successfully! File %systemroot%\system32\crystalinputfileserver.dll not found. Service PdiPorts stopped successfully! Service PdiPorts deleted successfully! File %systemroot%\system32\NWUSBPort.dll not found. Service pcandis5 stopped successfully! Service pcandis5 deleted successfully! File %systemroot%\system32\adpu320.dll not found. Service oraclesnmppeermasteragent stopped successfully! Service oraclesnmppeermasteragent deleted successfully! File %systemroot%\system32\mail2ec.dll not found. Service oracleorahomeclientcache stopped successfully! Service oracleorahomeclientcache deleted successfully! File %systemroot%\system32\ndiswan.dll not found. Service oracleoradb10g_home1isql*plus stopped successfully! Service oracleoradb10g_home1isql*plus deleted successfully! File %systemroot%\system32\oracledbconsoleorcl.dll not found. Service OEM02Vfx stopped successfully! Service OEM02Vfx deleted successfully! File %systemroot%\system32\ispwdsvc.dll not found. Service NWADI stopped successfully! Service NWADI deleted successfully! File %systemroot%\system32\afd.dll not found. Service nuvaud2 stopped successfully! Service nuvaud2 deleted successfully! File %systemroot%\system32\se59bus.dll not found. Service n558 stopped successfully! Service n558 deleted successfully! File %systemroot%\system32\ialm.dll not found. Service MxlW2k stopped successfully! Service MxlW2k deleted successfully! File %systemroot%\system32\stllssvr.dll not found. Service mstdc stopped successfully! Service mstdc deleted successfully! File %systemroot%\system32\UxTuneUp.dll not found. Service monfilt stopped successfully! Service monfilt deleted successfully! File %systemroot%\system32\ql12160.dll not found. Service mlkkbdntdriver stopped successfully! Service mlkkbdntdriver deleted successfully! File %systemroot%\system32\kl1.dll not found. Service lxbs_device stopped successfully! Service lxbs_device deleted successfully! File %systemroot%\system32\IntelC52.dll not found. Service lvsrvlauncher stopped successfully! Service lvsrvlauncher deleted successfully! File %systemroot%\system32\TeamViewer.dll not found. Service LHidFilt stopped successfully! Service LHidFilt deleted successfully! File %systemroot%\system32\CnxTrLan.dll not found. Service kpfwsvc stopped successfully! Service kpfwsvc deleted successfully! File %systemroot%\system32\viaide.dll not found. Service JiaoIO stopped successfully! Service JiaoIO deleted successfully! File %systemroot%\system32\se44unic.dll not found. Service inspect stopped successfully! Service inspect deleted successfully! File %systemroot%\system32\tpsrv.dll not found. Service ifxtcs stopped successfully! Service ifxtcs deleted successfully! File %systemroot%\system32\MS1000.dll not found. Service icdsptsv stopped successfully! Service icdsptsv deleted successfully! File %systemroot%\system32\UimBus.dll not found. Service HWIONT stopped successfully! Service HWIONT deleted successfully! File %systemroot%\system32\websenseclientdeployservice.dll not found. Service hf30service stopped successfully! Service hf30service deleted successfully! File %systemroot%\system32\dcstor32.dll not found. Service FETNDISB stopped successfully! Service FETNDISB deleted successfully! File %systemroot%\system32\MR97310_USB_DUAL_CAMERA.dll not found. Service EU3_USB stopped successfully! Service EU3_USB deleted successfully! File %systemroot%\system32\lvupdtio.dll not found. Service EPSON_EB_RPCV4_01 stopped successfully! Service EPSON_EB_RPCV4_01 deleted successfully! File %systemroot%\system32\ibmcicstransactiongateway.dll not found. Service emclisrv stopped successfully! Service emclisrv deleted successfully! File %systemroot%\system32\pinger.dll not found. Service elnkservice stopped successfully! Service elnkservice deleted successfully! File %systemroot%\system32\SQLAgent$MICROSOFTSMLBIZ.dll not found. Service DLH5X stopped successfully! Service DLH5X deleted successfully! File %systemroot%\system32\mferkdk.dll not found. Service digictrl stopped successfully! Service digictrl deleted successfully! File %systemroot%\system32\icepack.dll not found. Service DCamUSBDXGTech stopped successfully! Service DCamUSBDXGTech deleted successfully! File %systemroot%\system32\procdd.dll not found. Service cyberpowerups stopped successfully! Service cyberpowerups deleted successfully! File %systemroot%\system32\nicser_wmp11.dll not found. Service cvslock stopped successfully! Service cvslock deleted successfully! File %systemroot%\system32\wlankeeper.dll not found. Service cpqdfw stopped successfully! Service cpqdfw deleted successfully! File %systemroot%\system32\se45nd5.dll not found. Service com4qlb stopped successfully! Service com4qlb deleted successfully! File %systemroot%\system32\amfilter.dll not found. Service cercsr6 stopped successfully! Service cercsr6 deleted successfully! File %systemroot%\system32\NSNDIS5.dll not found. Service belmonitorservice stopped successfully! Service belmonitorservice deleted successfully! File %systemroot%\system32\DynDNS_Updater_Service.dll not found. Service AVRec stopped successfully! Service AVRec deleted successfully! File %systemroot%\system32\idrivert.dll not found. Service amdagp stopped successfully! Service amdagp deleted successfully! File %systemroot%\system32\USBMN1X1.dll not found. Service _iomega_active_disk_service_ stopped successfully! Service _iomega_active_disk_service_ deleted successfully! File %systemroot%\system32\nwcworkstation.dll not found. Service catchme stopped successfully! Service catchme deleted successfully! File C:\DOCUME~1\Juliana\LOCALS~1\Temp\catchme.sys not found. Service uti3otqy stopped successfully! Service uti3otqy deleted successfully! C:\WINDOWS\system32\drivers\uti3otqy.sys moved successfully. C:\Documents and Settings\Juliana\Local Settings\Application Data\59c27c79\U folder moved successfully. C:\Documents and Settings\Juliana\Local Settings\Application Data\59c27c79 folder moved successfully. ========== FILES ========== mrxsmb.sys extracted to C:\ File C:\WINDOWS\system32\drivers\mrxsmb.sys successfully replaced with c:\mrxsmb.sys ========== COMMANDS ========== OTL by OldTimer - Version 3.2.39.1 log created on 03182012_220242

Perms.txt

Не, не е проблем.

Сега изтрийте вашето копие на Combofix и след това следвайте инструкциите:

1. Изтеглете ComboFix от BleepingComputer

и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.

3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

4. ComboFix ще провери дали Windows Recovery Console e инсталиранa.

*Ако Windows Recovery Console не е инсталирана, ще е необходимо да използвате YES за инсталация на Windows Recovery Console

*Ако Windows Recovery Console е инсталирана, ComboFix ще продължи работата си.

Забележка: Необходимо е да сте свързани към Интернет за да може Windows Recovery Console да се изтегли.

След инсталация на Windows Recovery Console потвърдете с YES, за да продължите напред. Снимка:

5. ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на ComboFix, моля да прочетете това: Manually restoring the Internet connection section.

6. Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

Програмата стига до stage 50, след което излиза син екран за грешка, компютъра се рестартира и дава съобщение за възстановяване от сериозен проблем. Няма създаден лог.

А вие инсталирахте ли Recovery Console-ата, както е описано в инструкциите ?

Ако да, може ли временно да деинсталирате Avira от Control Panel-a => Add/Remove Programs

След това изтеглете Avira Registry Cleaner и стартирайте инструмента.

Натиснете Configuration => сложете всички отметки и натиснете OK.

Натиснете Scan for keys => в края на проверката изберете select all => и ако има намерени ключове натиснете => delete

После направете нов опит с Combofix.

Да, конзолата беше инсталирана. Махнах Avira, но cleaner-а не тръгва. Първо от линка не искаше да се свали, свалих я ръчно от сайта на Avira, но когато се опитам да стартирам програмата ми дава съобщение, че конфигурацията не е валидна и да преинсталирам.

Ок, оставете Cleaner-a.

Опитайте с AppRemover 2.2.23.1

Стартирайте инструмента и изберете Next.

Изберете Clean up a Failed Uninstall и натиснете Next

На въпроса дали да се извърши Deep Scan изберете Continue.

След като завърши проверката, ако има отметка пред Avira, я сложете (но само за нея) и натиснете Next за да премахнете остатъците от антивирусната.

Рестартирайте компютъра и пробвайте наново с Combofix.

Avira я нямаше, но откри следи от ESET. Все пак опитах отново с ComboFix и отново стига до stage50 и след това крашва и компютъра се рестартира. Съжалявам, че ви отнемам толкова време и съм изключително благодарен. Ще очаквам още напътствия и ще пиша отново утре. Лека вечер.

Ок, ще приложим друга тактика:

СТЪПКА 1

• Изтеглете Malwarebytes' Anti-Malware Free от тук
• Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.
• Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.
• Ако има намерени обновявания, тя ще ги изтегли и инсталира.
• Стартирайте програмата и изберете "Perform Quick Scan", след това кликнете на Scan.
• Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.
• Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
• Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.
• Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

СТЪПКА 2

• Изтеглете Junction.zip и го разархивирайте в папка на десктопа.

  Копирайте файла Junction.exe в C:Windows

• Отидете до Start => Run... => въведете командата отдолу с Copy/Paste и натиснете OK

  cmd /c junction -s c: >log.txt&log.txt& del log.txt

• Изчакайте проверката да завърши и да се появи лог файла.
• Копирайте съдържанието му в следващия си пост.

СТЪПКА 3

• Стартирайте файла с двукратен клик на мишката.
• Под с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

:services
avgio
AntiVirScheduler
AntiVirService
avgntflt
avipbb
ssmdrv
Symredrv
:files
c:program filesavira
ipconfig /flushdns /c
netsh winsock reset catalog /c
netsh int ip reset reset.log hit /c
netsh interface ipv4 reset /c
netsh interface ipv6 reset /c
:commands
[resethosts]
[emptytemp]

След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл - OTL fix log. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

СТЪПКА 4

• Изтеглете zoek.exe и я запазете на десктопа.
• Стартирайте приложението и изберете бутон X
• С copy/paste копирайте следния скрипт в програмата:

  C:WINDOWSSystem32dds_log_ad13.cmd;f
  

• Затворете прозореца, като се съгласите да запазите промените.
• Програмата ще извърши своите декствия и ще се появи лог файла.
• Копирайте съдържанието му в следващия си коментар.

Лека вечер !

Здравейте. Zoek работи 15-20 минути без никакъв ефект. Прозорецът си стои отворен, но по нищо не личи да работи някакъв процес. Нормално ли е?

Ето останалите логове.

All processes killed

========== SERVICES/DRIVERS ==========

Error: No service named avgio was found to stop!

Service\Driver key avgio not found.

Error: No service named AntiVirScheduler was found to stop!

Service\Driver key AntiVirScheduler not found.

Error: No service named AntiVirService was found to stop!

Service\Driver key AntiVirService not found.

Error: No service named avgntflt was found to stop!

Service\Driver key avgntflt not found.

Error: No service named avipbb was found to stop!

Service\Driver key avipbb not found.

Error: No service named ssmdrv was found to stop!

Service\Driver key ssmdrv not found.

Error: No service named Symredrv was found to stop!

Service\Driver key Symredrv not found.

========== FILES ==========

File\Folder c:\program files\avira not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Juliana\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Juliana\Desktop\cmd.txt deleted successfully.

< netsh winsock reset catalog /c >

Sucessfully reset the Winsock Catalog.

You must restart the machine in order to complete the reset.

C:\Documents and Settings\Juliana\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Juliana\Desktop\cmd.txt deleted successfully.

< netsh int ip reset reset.log hit /c >

The syntax supplied for this command is not valid. Check help for the correct syntax.

Usage: reset [name=]<string>

Parameters:

Tag Value

name - The name of a file to which to append information

regarding what settings were reset.

Remarks: Resets TCP/IP and related components to a clean state.

Examples:

reset resetlog.txt

C:\Documents and Settings\Juliana\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Juliana\Desktop\cmd.txt deleted successfully.

< netsh interface ipv4 reset /c >

The following command was not found: interface ipv4 reset.

C:\Documents and Settings\Juliana\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Juliana\Desktop\cmd.txt deleted successfully.

< netsh interface ipv6 reset /c >

IPv6 is not installed.

C:\Documents and Settings\Juliana\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Juliana\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: Intel

User: Juliana

->Temp folder emptied: 742088 bytes

->Temporary Internet Files folder emptied: 323211259 bytes

->Java cache emptied: 362150 bytes

->FireFox cache emptied: 52800935 bytes

->Flash cache emptied: 74495 bytes

User: LocalService

->Temp folder emptied: 65716 bytes

->Temporary Internet Files folder emptied: 8116614 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 33432 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 368,00 mb

OTL by OldTimer - Version 3.2.39.1 log created on 03192012_104908

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Juliana\Local Settings\Temp\~DF745A.tmp not found!

File\Folder C:\Documents and Settings\Juliana\Local Settings\Temp\~DF745F.tmp not found!

File\Folder C:\Documents and Settings\Juliana\Local Settings\Temp\~DF74B1.tmp not found!

File\Folder C:\Documents and Settings\Juliana\Local Settings\Temp\~DF74B6.tmp not found!

File\Folder C:\Documents and Settings\Juliana\Local Settings\Temp\~DF75B3.tmp not found!

File\Folder C:\Documents and Settings\Juliana\Local Settings\Temp\~DF75B8.tmp not found!

C:\Documents and Settings\Juliana\Local Settings\Temporary Internet Files\Content.IE5\SM98VXY0\like[10].htm moved successfully.

C:\Documents and Settings\Juliana\Local Settings\Temporary Internet Files\Content.IE5\SGLCNPHI\adsCAG35ZF1.htm moved successfully.

C:\Documents and Settings\Juliana\Local Settings\Temporary Internet Files\Content.IE5\O4DSX03B\xd_proxy[2].htm moved successfully.

C:\Documents and Settings\Juliana\Local Settings\Temporary Internet Files\Content.IE5\GZIGM0PS\adsCAB1204V.htm moved successfully.

C:\Documents and Settings\Juliana\Local Settings\Temporary Internet Files\Content.IE5\8NJ3808V\adsCAFIEHZS.htm moved successfully.

C:\Documents and Settings\Juliana\Local Settings\Temporary Internet Files\Content.IE5\8NJ3808V\index[3].htm moved successfully.

C:\Documents and Settings\Juliana\Local Settings\Temporary Internet Files\Content.IE5\6WYF8M7J\adsCAR5H44K.htm moved successfully.

C:\Documents and Settings\Juliana\Local Settings\Temporary Internet Files\Content.IE5\5CB9CODT\adsCA02S0A8.htm moved successfully.

C:\Documents and Settings\Juliana\Local Settings\Temporary Internet Files\Content.IE5\2AICAFZ8\fb_iframe[1].html moved successfully.

C:\Documents and Settings\Juliana\Local Settings\Temporary Internet Files\Content.IE5\0M8844TG\fastbutton[1].htm moved successfully.

C:\Documents and Settings\Juliana\Local Settings\Temporary Internet Files\Content.IE5\032O8NTX\login_status[11].htm moved successfully.

C:\Documents and Settings\Juliana\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_884.dat not found!

Registry entries deleted on Reboot...

mbam-log-2012-03-19 (10-25-00).txt

log.txt

Затворете zoek.exe Това не е нормално, но лог файловете ми показаха къде е проблема. В момента съм на работа и ще пиша към 16.30 На финалната права сме...имаме да премахнем една папка (заключена), един Junction към нея и един файл (празен и упорит). Всичко ще оправим.

Супер, ще чакам

Стартирайте GMER и разгънете категориите от стрелкичките.

Отидете на Files => вдясно влезте в папката C:\WINDOWS\$NtUninstallKB55876$\

Вдясноте поле ще видите файл - 2579806779.

Кликнете върху него и изберете Kill.

Съгласете се на диалоговия прозорец, че искате да продължите.

Излезте и влезте отново в папката...

Сега трябва да са видими и някои подпапки с файлове в тях.

Влезте в тези подпапки и Kill-нете един по един всички файлове в тях.

После вече един по един ги изтрийте, докато не остане празна папката.

Не трийте папката !!!

Отворете Start => Run => напишете CMD и натиснете Enter

Въведете командата:

fsutil reparsepoint delete C:\WINDOWS\$NtUninstallKB55876$

Натиснете Enter

След това въведете командата

rd C:\WINDOWS\$NtUninstallKB55876$

Сега папката трябва да се изтрие вече.

После

Изтеглете The Avenger и го разархивирайте на вашия десктоп.

Стартирайте The Avenger и копирайте следния скрипт и го поставете в текстовото поле на програмата:

Files to delete:
c:\windows\system32\dds_log_ad13.cmd

Накрая изберете Execute и при въпрос от страна на програмата, посочете Yes. Така компютъра ще се рестартира. След рестартирането, копирайте и поставете тук, съдържанието на лог файла от програмата, намиращ се в C:\avenger.txt

Когато стартирам Gmer системата крашва със син екран и се рестартира.

Брей...пробвал съм този метод вече и бачка...да не е нещо харудерно се чудя вече.

Нали преди крашваше само при сканиране с Gmer, не и при стартиране ?

Да пробваме така:

• Стартирайте GrantPerms.exe и въведете следната информация:

  C:\WINDOWS\$NtUninstallKB55876$\2579806779
  C:\WINDOWS\$NtUninstallKB55876$
  

• Натиснете Unlock и след това List Permissions. Публикувайте лог файла в следващия си пост.

После:

Отворете Start => Run => напишете CMD и натиснете Enter

Въведете командата:

fsutil reparsepoint delete C:\WINDOWS\$NtUninstallKB55876$

И после:

Изтеглете The Avenger и го разархивирайте на вашия десктоп.

Стартирайте The Avenger и копирайте следния скрипт и го поставете в текстовото поле на програмата:

Files to delete:
C:\WINDOWS\$NtUninstallKB55876$\2579806779
c:\windows\system32\dds_log_ad13.cmd

Накрая изберете Execute и при въпрос от страна на програмата, посочете Yes. Така компютъра ще се рестартира. След рестартирането, копирайте и поставете тук, съдържанието на лог файла от програмата, намиращ се в C:\avenger.txt

Ето логовете:

GrantPerms by Farbar

Ran by Juliana (administrator) at 2012-03-19 18:15:59

===============================================

ERROR: Parsing the SD of <\\?\C:\WINDOWS\$NtUninstallKB55876$\2579806779 > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

\\?\C:\WINDOWS\$NtUninstallKB55876$

Owner: BUILTIN\Administrators

DACL(NP)(AI):

BUILTIN\Administrators FULL ALLOW (CI)(OI)(I)

NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(I)

CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)

BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)

BUILTIN\Users ADD SUBDIRECTORY ALLOW (CI)(I)

BUILTIN\Users ADD FILE ALLOW (CI)(I)

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: could not open file "C:\WINDOWS\$NtUninstallKB55876$\2579806779"

Deletion of file "C:\WINDOWS\$NtUninstallKB55876$\2579806779" failed!

Status: 0xc0000279

File "c:\windows\system32\dds_log_ad13.cmd" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Мда...пак на камък.

Ще се наложи да се поизмъчим за наглед лесна задачка...но като не ви сработват и GMER и Combofix така ще е.

Изтеглете IceSword и разархивирайте архива в папка на десктопа.

Стартирайте файла IceSword.exe и отидене на Files.

Намерете файла C:\WINDOWS\$NtUninstallKB55876$\2579806779 и с десен бутон изберете Force Delete.

Ако се получи рестартирайте компютъра и ще продължим.

Ако не се получи ще се наложи да пробваме с нова преименувана версия на Combofix или да стартираме Combofix от Safe Mode.

Ако пак не се получи, ще се наложи да използваме LiveCD и може би и флашка за целта.

Заради гадните сини екрани положението много се усложни...

За съжаление не се получава.

Ок, докато тествам нова стратегия (доста ме затруднихте с тези BSODs) направете следното.

Изтрийте вашата версия на Combofix и изтеглете нова от BleepingComputer

По време на свалянето преименувайте файла на sVchost.exe

Стартирайте файла и изчакайте проверката да завърши.

Публикувайте лог файла в следващия си коментар.

Ако пак забие на син екран, рестартирайте в Safe Mode.

По време на рестарт, натискайте бутона F8 многократно.

От опциите изберете Safe Mode.

Стартирайте sVchost.exe и изчакайте да рестартира машината.

Щом Combofix рестартира компютъра, е нужно пак да заредите в Safe Mode за да завърши проверката както трябва.

Щом се появи лог файла, рестартирайте в Normal Mode и публикувайте лог файла.

Ако не стане, ще трябва да го направим по трудния начин...

Стана най-после През safe mode, но го докара до края. Ето лога.

log.txt