Премини към съдържанието

    Препоръчан отговор


    Здравейте, като си пусна комп-а от няколко дни ми показва this application was created using an evaluation version of xenocode postbuild 2008.There are 11 days remaining in your evaluation period и от както ми го изписва това започва само да изпраща по скайп следния файл JPG0000082.scr който въобще не съществува на моят компютър.

    Редактирано от nologo
    Корекция на заглавие с главни букви (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте hardbow!

    Аз съм Maniac и ще Ви помагам да почистите вашата система от зловреден софтуер. Анализа на логовете, както и премахването на зловредния софтуер, може да отнеме време, затова моля бъдете търпеливи. Моля, имайте предвид следното:

    • Аз ще Ви помагам само за почистването на вашата система от зловреден софтуер. За всякакви други проблеми, моля създайте нова тема в съответния форум и опишете детайлно проблема Ви.
    • Решението се отнася само за този проблем и само на този компютър.
    • Задължително трябва да разполагате с администраторски привилегии, за да получим възможността успешно да почистим вашата системата.
    • Следвайте инструкциите ми стриктно, докато не Ви кажа, че системата Ви е напълно чиста. Това, че симптомите са изчезнали, не значи че всичко е наред.
    • Ако не разбирате нещо, моля Ви попитайте ме, а не рискувайте. По-добре е малко да се позабавим, отколкото да усложним нещата.
    • При наличие на руткит, аз не гарантирам 100% почистване.
    • Проявете търпение, защото процедурата по почистването на вашата система може да отнеме известно време, в зависимост от вида на зловредния софтуер.
    • Цялата кореспонденция минава през тази тема, не създавайте нова тема и не използвайте друга тема за тази цел.
    • Публикувайте лог файловете си директно във вашия коментар, вместо да бъдат прикачвани.

    Публикувано изображение

    Изтеглете DDS от тук или тук. Запазете го на вашия десктоп.

    Изключете Real-Time защитата на вашия антивирусен софтуер и всякакви скриптови блокери. Накрая, стартирайте инструмента.

    • Когато DDS приключи успешно анализа на системата Ви ще отвори два лог файла.
    • DDS.txt
    Attach.txt
    • Запазете ги на вашия десктоп и след това го публикувайте в следващия ви коментар в тази тема.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Следвайте инструкциите ми стриктно, докато не Ви кажа, че системата Ви е напълно чиста. Това, че симптомите са изчезнали, не значи че всичко е наред.

    Публикувайте лог файловете си директно във вашия коментар, вместо да бъдат прикачвани.

    Запазете ги на вашия десктоп и след това го публикувайте в следващия ви коментар в тази тема.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    . DDS (Ver_11-03-05.01) - NTFSx86 Run by Administrator at 15:14:25.25 on 23.03.2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1251. 359.1033.18.2038.1439 [GMT 2:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc D:\program files\TECDOC_CD\1_2011\db\tbmux32.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Printkey-Pro\Printkeypro.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\explorer.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.mail.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033 mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [igfxtrei] c:\program files\canon\mf toolbox ver4.7\multy.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey-pro\Printkeypro.exe mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287223936864 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {CA8394A2-5AC2-4DFD-BD8C-4D158F64F46F} = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll mASetup: {B086B195-A18A-1DEB-341D-64B194C70AA0} - c:\documents and settings\administrator\application data\svchos.exe s . ============= SERVICES / DRIVERS =============== . R1 MpKslfcbf675e;MpKslfcbf675e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7aaae025-5aca-4963-9411-c391a621bf80}\MpKslfcbf675e.sys [2011-3-23 28752] R2 MicroGuard;MicroGuard Copy Protection;c:\windows\system32\drivers\mgnt.sys [2011-3-22 40480] R2 MSSQL$MICROCATLIVE;SQL Server (MICROCATLIVE);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712] R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992] R2 Transbase TECDOC CD 1_2011 Service;Transbase TECDOC CD 1_2011 Service;d:\program files\tecdoc_cd\1_2011\db\tbmux32.exe [2010-10-25 356352] R4 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264] S1 MpKsl38b2cc07;MpKsl38b2cc07;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d6dea34-6307-44f7-ae02-22c1f809deeb}\mpksl38b2cc07.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d6dea34-6307-44f7-ae02-22c1f809deeb}\MpKsl38b2cc07.sys [?] . =============== Created Last 30 ================ . 2011-03-23 13:06:58 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7aaae025-5aca-4963-9411-c391a621bf80}\MpKslfcbf675e.sys 2011-03-23 12:05:28 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7aaae025-5aca-4963-9411-c391a621bf80}\mpengine.dll 2011-03-23 11:50:13 -------- d-s---w- C:\Tool 2011-03-23 11:46:54 -------- d--h--w- c:\windows\system32\Bifrost 2011-03-23 10:48:03 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes 2011-03-23 10:47:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-03-23 10:27:45 -------- d-sha-r- C:\cmdcons 2011-03-23 10:25:17 98816 ----a-w- c:\windows\sed.exe 2011-03-23 10:25:17 89088 ----a-w- c:\windows\MBR.exe 2011-03-23 10:25:17 256512 ----a-w- c:\windows\PEV.exe 2011-03-23 10:25:17 161792 ----a-w- c:\windows\SWREG.exe 2011-03-23 07:37:53 -------- d-----w- c:\program files\ETKA 2011-03-22 09:44:07 6656 ----a-w- c:\windows\system32\haspvdd.dll 2011-03-22 09:44:07 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys 2011-03-22 09:44:07 383 ----a-w- c:\windows\system32\haspdos.sys 2011-03-22 09:05:57 -------- d-----w- c:\windows\system32\URTTEMP 2011-03-22 08:30:40 -------- d-----w- c:\program files\MSXML 6.0 2011-03-22 08:29:04 -------- d-----w- c:\program files\Microsoft SQL Server 2011-03-22 08:28:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Infomedia 2011-03-22 08:28:36 -------- d-----w- c:\program files\Microsoft WSE 2011-03-22 08:27:50 -------- d-----w- c:\program files\Infomedia 2011-03-22 08:27:06 30208 ----a-w- c:\windows\system32\Mg32.dll 2011-03-22 08:27:06 21760 ----a-w- c:\windows\system32\Mg16.dll 2011-03-22 08:27:05 40480 ----a-w- c:\windows\system32\drivers\mgnt.sys 2011-03-15 07:08:26 828 ----a-w- c:\documents and settings\administrator\desinstart.bat 2011-03-15 07:08:26 63 ----a-w- c:\program files\dialogysclip.bat 2011-03-15 07:08:26 575 ----a-w- c:\documents and settings\administrator\desinst.bat 2011-03-15 07:08:26 156 ----a-w- c:\documents and settings\administrator\save_uninst.bat 2011-03-15 07:08:26 -------- d-----w- c:\program files\Dialogys 2011-03-15 07:08:22 -------- d-----w- c:\program files\_jvm 2011-03-14 14:30:54 -------- d-----w- c:\docume~1\admini~1\applic~1\TeamViewer 2011-03-14 14:30:49 -------- d-----w- c:\documents and settings\administrator\temp 2011-03-12 11:25:18 -------- d-----w- c:\program files\DocBackupAP 2011-03-12 10:28:39 -------- d-----w- c:\program files\SEDREAP 2011-03-12 09:55:38 -------- d-----w- c:\program files\DocBackupJRE 2011-03-12 07:40:47 -------- d-----w- c:\program files\uTorrent 2011-03-12 07:40:12 -------- d-----w- c:\docume~1\admini~1\applic~1\uTorrent 2011-03-11 11:33:09 -------- d-----w- c:\program files\Printkey-Pro . ==================== Find3M ==================== . 2011-02-12 08:34:04 875520 ----a-w- c:\windows\system32\VFP6RENU.DLL 2011-02-12 08:34:04 3370768 ----a-w- c:\windows\system32\VFP6R.DLL 2011-02-12 08:34:04 24990 ----a-w- c:\windows\system32\VFP6RUN.EXE 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 19:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 17:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-28 13:23:05 191488 ----a-w- c:\windows\system32\hlvdd.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:42:25 439808 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:14:45 1864064 ----a-w- c:\windows\system32\win32k.sys . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: Maxtor_6L080M0 rev.BANC1G10 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe >>UNKNOWN [0x89E078C0]<< _asm { MOV EAX, 0x89e077e0; XCHG [ESP], EAX; PUSH EAX; PUSH 0x89e0a0d4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; } 1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x89D80AB8] \Driver\Disk[0x89D8A330] -> IRP_MJ_CREATE -> 0x89E078C0 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: detected hooks: \Driver\Disk -> 0x89e078c0 user & kernel MBR OK Warning: possible MBR rootkit infection ! . ============= FINISH: 15:15:11.48 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 15.10.2010 15:40:07 System Uptime: 23.03.2011 15:06:24 (0 hours ago) . Motherboard: Dell Inc. | | 0H8052 Processor: Intel® Celeron® CPU 2.53GHz | Microprocessor | 2526/533mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 75 GiB total, 38.716 GiB free. D: is FIXED (NTFS) - 149 GiB total, 46.188 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {36FC9E60-C465-11CF-8056-444553540000} Description: Autodata Protection Service Device ID: ROOT\USB\0000 Manufacturer: (Standard system devices) Name: Autodata Protection Service PNP Device ID: ROOT\USB\0000 Service: adatadrv . Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Description: Nokia E51 Device ID: ROOT\WPD\0000 Manufacturer: Nokia Name: Nokia E51 PNP Device ID: ROOT\WPD\0000 Service: WUDFRd . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . µTorrent Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9.4.3 Adobe SVG Viewer 3.0 Advanced SystemCare 3 Broadcom Gigabit Integrated Controller Canon MF Drivers Canon MF Toolbox 4.7.0.0.mf02 Compatibility Pack for the 2007 Office system Dialogys ETKA7 Google Chrome Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB971276-v3) Intel® Graphics Media Accelerator Driver Java Auto Updater Java 6 Update 24 Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Antimalware Microsoft Application Error Reporting Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office Professional Edition 2003 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (MICROCATLIVE) Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft User-Mode Driver Framework Feature Pack 1.9 Microsoft WSE 2.0 SP3 Runtime Microsoft WSE 3.0 Runtime MSVC80_x86_v2 MSVC90_x86 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser PC Connectivity Solution Printkey-Pro Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Sentinel Protection Installer 7.5.0 Skype Toolbars Skype™ 5.1 SoundMAX Spelling Dictionaries Support For Adobe Reader 9 TECDOC CD TECDOC CD 1.2011 Tech-Cat v1.40.0. tvt setup vfp9.0 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955704) Update for Windows XP (KB955759) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VW AUDI PREISE WebFldrs XP Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Internet Explorer 8 WinRAR archiver XP Codec Pack . ==== Event Viewer Messages From Past Week ======== . 22.03.2011 08:32:18, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period. 21.03.2011 18:13:05, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly. 21.03.2011 18:13:05, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly. 21.03.2011 14:04:10, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort1. 21.03.2011 14:03:03, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D. 18.03.2011 08:22:21, error: Service Control Manager [7034] - The SEDREAP service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Изглежда сте се опитали сам да си решите проблема, като сте ползвали ComboFix без да сте инструктиран от някой от нашия екип, но сте се провалили, защото проблемът ви не може да се реши от него. Все още намира се на вашата система? Имали сте и Malwarebytes, който явно не е деинсталиран правилно и имате остатъци от него. Моля, отговерете ми на въпроса, за да можем да продължим.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    вярно е ,че се опитах с Combo fleх , но вече го няма на комп-а , а за Malwarebytes не си спомням да съм имал тагава програма или е било много одавна и е останало нещо ако не е била премахната прeди преинсталиране на windows-a.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Разбира се, че е вярно, но тъй като не сте обучаван да работите с нея (впрочем се казва ComboFix), няма как да ви е особено полезна. Не знаете също, че е необходимо да се деинсталира по специфичен начин, а не да се трие директно. За Malwarebytes нямам обяснение, просто се вижда, че има остатъци от нея. Сега:

    Стъпка 1:

    • Изтеглете и стартирайте mbam-clean.exe от тук
    • Ще ви бъде поискано компютъра да бъде рестартиран, моля разрешете тази стъпка да бъде изпълнена много внимателно

    Стъпка 2:

    Изтеглете Malwarebytes' Anti-Malware от тук

    Кликнете два пъти върху mbam-setup.exe за да инсталирате програмата.

    * Уверете се, че има отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware, след това кликнете на Finish.

    * Ако има намерени по-нови обновления, тя ще ги изтегли и инсталира.

    * Стартирайте програмата и изберете "Perform Quick Scan", след това кликнете на Scan.

    * Сканирането ще отнеме малко време, затова моля бъдете търпеливи.

    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

    * Уверете се, че на всички редове има отметки, и кликнете Remove Selected.

    * Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

    Бележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

    В следващия лог файл, моля включете следните лог файлове:

    • Лог файлът от Malwarebytes' Anti-Malware
    • Нов свеж лог файл от DDS (не е необходимо да добавяте и Attach.txt)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6141 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23.03.2011 16:08:04 mbam-log-2011-03-23 (16-08-04).txt Scan type: Quick scan Objects scanned: 136912 Time elapsed: 2 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\WINDOWS\system32\Bifrost (Backdoor.Bifrose) -> Delete on reboot. Files Infected: c:\WINDOWS\system32\Bifrost\klog.dat (Backdoor.Bifrose) -> Delete on reboot. . DDS (Ver_11-03-05.01) - NTFSx86 Run by Administrator at 16:12:34.06 on 23.03.2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1251. 359.1033.18.2038.1315 [GMT 2:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc D:\program files\TECDOC_CD\1_2011\db\tbmux32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Printkey-Pro\Printkeypro.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.mail.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033 mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [igfxtrei] c:\program files\canon\mf toolbox ver4.7\multy.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey-pro\Printkeypro.exe mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287223936864 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {CA8394A2-5AC2-4DFD-BD8C-4D158F64F46F} = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll mASetup: {B086B195-A18A-1DEB-341D-64B194C70AA0} - c:\documents and settings\administrator\application data\svchos.exe s . ============= SERVICES / DRIVERS =============== . R2 MicroGuard;MicroGuard Copy Protection;c:\windows\system32\drivers\mgnt.sys [2011-3-22 40480] R2 MSSQL$MICROCATLIVE;SQL Server (MICROCATLIVE);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712] R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992] R2 Transbase TECDOC CD 1_2011 Service;Transbase TECDOC CD 1_2011 Service;d:\program files\tecdoc_cd\1_2011\db\tbmux32.exe [2010-10-25 356352] R4 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264] S1 MpKsl38b2cc07;MpKsl38b2cc07;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d6dea34-6307-44f7-ae02-22c1f809deeb}\mpksl38b2cc07.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d6dea34-6307-44f7-ae02-22c1f809deeb}\MpKsl38b2cc07.sys [?] . =============== Created Last 30 ================ . 2011-03-23 14:02:09 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes 2011-03-23 14:02:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-23 14:02:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-03-23 14:01:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-23 14:01:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-23 12:05:28 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7aaae025-5aca-4963-9411-c391a621bf80}\mpengine.dll 2011-03-23 11:50:13 -------- d-s---w- C:\Tool 2011-03-23 10:27:45 -------- d-sha-r- C:\cmdcons 2011-03-23 10:25:17 98816 ----a-w- c:\windows\sed.exe 2011-03-23 10:25:17 89088 ----a-w- c:\windows\MBR.exe 2011-03-23 10:25:17 256512 ----a-w- c:\windows\PEV.exe 2011-03-23 10:25:17 161792 ----a-w- c:\windows\SWREG.exe 2011-03-23 07:37:53 -------- d-----w- c:\program files\ETKA 2011-03-22 09:44:07 6656 ----a-w- c:\windows\system32\haspvdd.dll 2011-03-22 09:44:07 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys 2011-03-22 09:44:07 383 ----a-w- c:\windows\system32\haspdos.sys 2011-03-22 09:05:57 -------- d-----w- c:\windows\system32\URTTEMP 2011-03-22 08:30:40 -------- d-----w- c:\program files\MSXML 6.0 2011-03-22 08:29:04 -------- d-----w- c:\program files\Microsoft SQL Server 2011-03-22 08:28:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Infomedia 2011-03-22 08:28:36 -------- d-----w- c:\program files\Microsoft WSE 2011-03-22 08:27:50 -------- d-----w- c:\program files\Infomedia 2011-03-22 08:27:06 30208 ----a-w- c:\windows\system32\Mg32.dll 2011-03-22 08:27:06 21760 ----a-w- c:\windows\system32\Mg16.dll 2011-03-22 08:27:05 40480 ----a-w- c:\windows\system32\drivers\mgnt.sys 2011-03-15 07:08:26 828 ----a-w- c:\documents and settings\administrator\desinstart.bat 2011-03-15 07:08:26 63 ----a-w- c:\program files\dialogysclip.bat 2011-03-15 07:08:26 575 ----a-w- c:\documents and settings\administrator\desinst.bat 2011-03-15 07:08:26 156 ----a-w- c:\documents and settings\administrator\save_uninst.bat 2011-03-15 07:08:26 -------- d-----w- c:\program files\Dialogys 2011-03-15 07:08:22 -------- d-----w- c:\program files\_jvm 2011-03-14 14:30:54 -------- d-----w- c:\docume~1\admini~1\applic~1\TeamViewer 2011-03-14 14:30:49 -------- d-----w- c:\documents and settings\administrator\temp 2011-03-12 11:25:18 -------- d-----w- c:\program files\DocBackupAP 2011-03-12 10:28:39 -------- d-----w- c:\program files\SEDREAP 2011-03-12 09:55:38 -------- d-----w- c:\program files\DocBackupJRE 2011-03-12 07:40:47 -------- d-----w- c:\program files\uTorrent 2011-03-12 07:40:12 -------- d-----w- c:\docume~1\admini~1\applic~1\uTorrent 2011-03-11 11:33:09 -------- d-----w- c:\program files\Printkey-Pro . ==================== Find3M ==================== . 2011-02-12 08:34:04 875520 ----a-w- c:\windows\system32\VFP6RENU.DLL 2011-02-12 08:34:04 3370768 ----a-w- c:\windows\system32\VFP6R.DLL 2011-02-12 08:34:04 24990 ----a-w- c:\windows\system32\VFP6RUN.EXE 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 19:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 17:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-28 13:23:05 191488 ----a-w- c:\windows\system32\hlvdd.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:42:25 439808 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:14:45 1864064 ----a-w- c:\windows\system32\win32k.sys . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: Maxtor_6L080M0 rev.BANC1G10 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe >>UNKNOWN [0x89E3B450]<< _asm { MOV EAX, 0x89e3b370; XCHG [ESP], EAX; PUSH EAX; PUSH 0x89e3eeb4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; } 1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x89DCCAB8] \Driver\Disk[0x89E34768] -> IRP_MJ_CREATE -> 0x89E3B450 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: detected hooks: \Driver\Disk -> 0x89e3b450 user & kernel MBR OK Warning: possible MBR rootkit infection ! . ============= FINISH: 16:13:19.82 ===============

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    • Стартирайте отново MBRCheck.exe.
    • Ако има намерен непознат бууткод (bootcode), ще се появят няколко опции. Натиснете Y, след това ENTER за повече опции. Поставете 2 и натиснете ENTER.
    • Ще се покаже меню - Enter the physical disk number to fix (0-99, -1 to cancel). Изберете 0 и натиснете ENTER.
    • Програмата ще ви даде избор за MBR кодове. Изберете 1 за Windows XP и натиснете ENTER. След това потвърдете с Yes и натиснете ENTER.
    • После с ляв клик в горната част (където е надписа с името на програмата) изберете Edit и от менюто: Select All. Натиснете ENTER, за да копирате текста. Поставете го в Notepad и го запишете като MBRCheck results.txt на десктопа.
    • Рестартирайте компютъра.
    • Поставете съдържанието на MBRCheck results.txt в следващия си коментар.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Много се извинявам, обърках инструкциите!

    • Изтеглете: MBRCheck.exe на вашия десктоп.
    • Спрете временно антивирусната си програма
    • Стартирайте MBRCheck.exe (за Vista и Windows 7 ще трябва да потвърдите през UAC)
    • След това на десктопа ще се появи черен прозорец
    • Ако има намерен непознат бууткод (bootcode), ще се появят няколко опции. Не ги използвайте! Само натиснете N, след това ENTER два пъти.
    • Ако няма проблеми, само натиснете ENTER
    • Ще се генерира текстов файл - MBRCheck_mm.dd.yy_hh.mm.ss на вашия десктоп (тук mm е месец, dd - ден, yyyy - година, hh - час, mm - минута и ss - секунда). Oтворете този файл, маркирайте и копирайте с десен клик Copy (Копирай или Ctrl+С) изцяло текста, който се съдържа в него. Публикувайте копирания текст с Paste (Постави) в следващия си коментар.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000003d Kernel Drivers (total 124): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806D1000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xBA0A8000 hxaren.sys 0xB9ED4000 sptd.sys 0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS 0xB9EBC000 \WINDOWS\System32\Drivers\SPTD0909.SYS 0xB9E8E000 ACPI.sys 0xB9E7D000 pci.sys 0xBA0B8000 isapnp.sys 0xBA670000 pciide.sys 0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xBA0C8000 MountMgr.sys 0xB9E5E000 ftdisk.sys 0xBA5AC000 dmload.sys 0xB9E38000 dmio.sys 0xBA330000 PartMgr.sys 0xBA0D8000 VolSnap.sys 0xB9E20000 atapi.sys 0xBA0E8000 disk.sys 0xBA0F8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9E00000 fltMgr.sys 0xB9DE9000 KSecDD.sys 0xB9D5C000 Ntfs.sys 0xB9D2F000 NDIS.sys 0xB9D15000 Mup.sys 0xBA128000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB9B77000 \SystemRoot\system32\DRIVERS\ialmnt5.sys 0xB9B63000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB9B39000 \SystemRoot\system32\DRIVERS\b57xp32.sys 0xBA360000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB9B15000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA368000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB9AD5000 \SystemRoot\system32\drivers\smwdm.sys 0xB9AB1000 \SystemRoot\system32\drivers\portcls.sys 0xBA138000 \SystemRoot\system32\drivers\drmk.sys 0xB9A8E000 \SystemRoot\system32\drivers\ks.sys 0xB99DB000 \SystemRoot\system32\drivers\senfilt.sys 0xBA388000 \SystemRoot\system32\DRIVERS\fdc.sys 0xB99C7000 \SystemRoot\system32\DRIVERS\parport.sys 0xBA148000 \SystemRoot\system32\DRIVERS\serial.sys 0xBA594000 \SystemRoot\system32\DRIVERS\serenum.sys 0xBA158000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xBA168000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB997D000 \SystemRoot\System32\Drivers\dtscsi.sys 0xB9965000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0xBA7AE000 \SystemRoot\system32\DRIVERS\audstub.sys 0xBA178000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xBA59C000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB9926000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xBA188000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xBA198000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xBA3C0000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB9915000 \SystemRoot\system32\DRIVERS\psched.sys 0xBA1A8000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xBA3D0000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xBA3E0000 \SystemRoot\system32\DRIVERS\raspti.sys 0xB98E5000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xBA1B8000 \SystemRoot\system32\DRIVERS\termdd.sys 0xBA3F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xBA3F8000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xBA5B4000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB9887000 \SystemRoot\system32\DRIVERS\update.sys 0xB9CC8000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xBA1C8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xBA1F8000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xBA5B8000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xBA418000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0xBA580000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA67D000 \SystemRoot\System32\Drivers\Null.SYS 0xBA5BC000 \SystemRoot\System32\Drivers\Beep.SYS 0xBA440000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xBA448000 \SystemRoot\System32\drivers\vga.sys 0xBA5C0000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBA5C4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBA458000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA468000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBA590000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xA96A4000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xA964B000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xA9623000 \SystemRoot\system32\DRIVERS\netbt.sys 0xA95FD000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xBA228000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xA95DB000 \SystemRoot\System32\drivers\afd.sys 0xBA238000 \SystemRoot\system32\DRIVERS\netbios.sys 0xA95B0000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xA9540000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xBA258000 \SystemRoot\System32\Drivers\Fips.SYS 0xB9CCC000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xBA278000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xBA298000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xBA488000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xB9877000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xB986F000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xB9867000 \SystemRoot\system32\DRIVERS\usbscan.sys 0xBA4A0000 \SystemRoot\system32\DRIVERS\usbprint.sys 0xBF800000 \SystemRoot\System32\win32k.sys 0xA96FB000 \SystemRoot\System32\drivers\Dxapi.sys 0xBA350000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA77C000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF021000 \SystemRoot\System32\ialmdnt5.dll 0xBF012000 \SystemRoot\System32\ialmrnt5.dll 0xBF043000 \SystemRoot\System32\ialmdev5.DLL 0xBF07E000 \SystemRoot\System32\ialmdd5.DLL 0xBF16E000 \SystemRoot\System32\ATMFD.DLL 0xA93C1000 \SystemRoot\system32\DRIVERS\WudfPf.sys 0xA9399000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA9192000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0xA90ED000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xA9478000 \??\C:\WINDOWS\system32\drivers\Haspnt.sys 0xBA634000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xA90B0000 \SystemRoot\System32\Drivers\SENTINEL.SYS 0xA8F66000 \??\C:\WINDOWS\system32\drivers\hardlock.sys 0xA8F42000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xA9229000 \??\C:\WINDOWS\system32\drivers\mgnt.sys 0xA8EC2000 \SystemRoot\system32\DRIVERS\srv.sys 0xA8A25000 \SystemRoot\system32\drivers\wdmaud.sys 0xA8C8A000 \SystemRoot\system32\drivers\sysaudio.sys 0xA8646000 \SystemRoot\System32\Drivers\HTTP.sys 0xBA378000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys 0xA8233000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 42): 0 System Idle Process 4 System 676 C:\WINDOWS\system32\smss.exe 732 C:\WINDOWS\system32\csrss.exe 756 C:\WINDOWS\system32\winlogon.exe 804 C:\WINDOWS\system32\services.exe 816 C:\WINDOWS\system32\lsass.exe 972 C:\WINDOWS\system32\svchost.exe 1052 C:\WINDOWS\system32\svchost.exe 1160 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 1212 C:\WINDOWS\system32\svchost.exe 1248 C:\WINDOWS\system32\svchost.exe 1384 C:\WINDOWS\system32\svchost.exe 1468 C:\WINDOWS\system32\svchost.exe 1592 C:\WINDOWS\system32\spoolsv.exe 196 C:\WINDOWS\system32\svchost.exe 340 C:\Program Files\Java\jre6\bin\jqs.exe 460 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe 568 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe 352 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe 988 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 1116 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 1128 C:\WINDOWS\system32\svchost.exe 1152 D:\program files\TECDOC_CD\1_2011\db\tbmux32.exe 2020 C:\WINDOWS\system32\alg.exe 2272 C:\WINDOWS\explorer.exe 2504 C:\WINDOWS\system32\hkcmd.exe 2512 C:\WINDOWS\system32\igfxpers.exe 2548 C:\Program Files\Analog Devices\Core\smax4pnp.exe 2564 C:\Program Files\Microsoft Security Client\msseces.exe 2592 C:\Program Files\DAEMON Tools\daemon.exe 2652 C:\Program Files\Common Files\Java\Java Update\jusched.exe 2696 C:\Program Files\Skype\Phone\Skype.exe 2712 C:\Program Files\uTorrent\uTorrent.exe 3544 C:\Program Files\Printkey-Pro\Printkeypro.exe 3644 C:\WINDOWS\system32\svchost.exe 3652 C:\Program Files\Internet Explorer\iexplore.exe 556 C:\Program Files\Skype\Plugin Manager\skypePM.exe 2908 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3852 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3300 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 316 C:\Documents and Settings\Administrator\My Documents\Downloads\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: Maxtor6L080M0, Rev: BANC1G10 PhysicalDrive1 Model Number: WDCWD1600AAJS-75M0A0, Rev: 02.03E02 Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A 149 GB \\.\PhysicalDrive1 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Done!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Страхотно! :)

    Изтеглете ComboFix от някой от следните линкове:

    Линк 1

    Линк 2

    * ВАЖНО !!! Запазете ComboFix.exe на вашия десктоп

    • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

    Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

    • Преименувайте ComboFix.exe на Tool.exe

    • Стартирайте Tool.exe и следвайте инструкциите.

    Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

    • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

    • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

    ** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

    Публикувано изображение

    След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

    Публикувано изображение

    Изберете Yes, за да продължи сканирането за зловреден софтуер.

    Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

    Бележка:

    • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
    • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
    • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
    • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
    • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

    Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

    Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ComboFix 11-03-22.09 - Administrator 23.03.2011 16:54:52.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251. 359.1033.18.2038.1469 [GMT 2:00] Running from: c:\documents and settings\Administrator\Desktop\Tool.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\srsvc.dll . . . is infected!! . . ((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 ))))))))))))))))))))))))))))))) . . 2011-03-23 14:02 . 2011-03-23 14:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-03-23 14:02 . 2011-03-23 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-23 14:02 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-23 14:01 . 2011-03-23 14:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-23 14:01 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-23 12:05 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7AAAE025-5ACA-4963-9411-C391A621BF80}\mpengine.dll 2011-03-23 07:37 . 2011-03-23 07:37 -------- d-----w- c:\program files\ETKA 2011-03-22 09:44 . 2011-03-22 09:44 6656 ----a-w- c:\windows\system32\haspvdd.dll 2011-03-22 09:44 . 2011-03-22 09:44 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys 2011-03-22 09:44 . 2011-03-22 09:44 383 ----a-w- c:\windows\system32\haspdos.sys 2011-03-22 09:05 . 2011-03-22 09:05 -------- d-----w- c:\windows\system32\URTTEMP 2011-03-22 08:31 . 2011-03-22 08:31 -------- d-----w- c:\program files\Microsoft.NET 2011-03-22 08:30 . 2011-03-22 08:30 -------- d-----w- c:\program files\MSXML 6.0 2011-03-22 08:29 . 2011-03-23 07:17 -------- d-----w- c:\program files\Microsoft SQL Server 2011-03-22 08:28 . 2011-03-22 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Infomedia 2011-03-22 08:28 . 2011-03-22 08:28 -------- d-----w- c:\program files\Microsoft WSE 2011-03-22 08:27 . 2011-03-22 08:27 -------- d-----w- c:\program files\Infomedia 2011-03-22 08:27 . 1998-03-03 09:45 30208 ----a-w- c:\windows\system32\Mg32.dll 2011-03-22 08:27 . 1998-03-02 13:03 21760 ----a-w- c:\windows\system32\Mg16.dll 2011-03-22 08:27 . 1998-03-03 11:55 40480 ----a-w- c:\windows\system32\drivers\mgnt.sys 2011-03-15 07:08 . 2011-03-15 07:08 -------- d-----w- c:\program files\Dialogys 2011-03-15 07:08 . 2011-03-15 07:08 828 ----a-w- c:\documents and settings\Administrator\desinstart.bat 2011-03-15 07:08 . 2011-03-15 07:08 63 ----a-w- c:\program files\dialogysclip.bat 2011-03-15 07:08 . 2011-03-15 07:08 575 ----a-w- c:\documents and settings\Administrator\desinst.bat 2011-03-15 07:08 . 2011-03-15 07:08 156 ----a-w- c:\documents and settings\Administrator\save_uninst.bat 2011-03-15 07:08 . 2011-03-15 07:08 -------- d-----w- c:\program files\_jvm 2011-03-14 14:30 . 2011-03-14 14:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer 2011-03-14 14:30 . 2011-03-14 14:30 -------- d-----w- c:\documents and settings\Administrator\temp 2011-03-12 11:25 . 2011-03-22 07:03 -------- d-----w- c:\program files\DocBackupAP 2011-03-12 10:28 . 2011-03-22 07:04 -------- d-----w- c:\program files\SEDREAP 2011-03-12 09:55 . 2011-03-12 12:27 -------- d-----w- c:\program files\DocBackupJRE 2011-03-12 09:22 . 2011-03-12 09:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-03-12 07:40 . 2011-03-12 07:40 -------- d-----w- c:\program files\uTorrent 2011-03-12 07:40 . 2011-03-23 14:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent 2011-03-11 11:33 . 2011-03-11 11:33 -------- d-----w- c:\program files\Printkey-Pro 2011-03-03 13:29 . 2011-03-03 13:29 -------- d-----w- c:\program files\Common Files\Java 2011-03-03 13:28 . 2011-03-03 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2011-03-01 06:06 . 2011-03-01 06:06 -------- d-----w- c:\program files\Common Files\Skype 2011-02-25 08:43 . 2011-02-25 08:43 -------- d-----w- c:\windows\Sun . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-12 08:34 . 2011-02-12 08:34 875520 ----a-w- c:\windows\system32\VFP6RENU.DLL 2011-02-12 08:34 . 2011-02-12 08:34 3370768 ----a-w- c:\windows\system32\VFP6R.DLL 2011-02-12 08:34 . 2011-02-12 08:34 24990 ----a-w- c:\windows\system32\VFP6RUN.EXE 2011-02-11 06:54 . 2011-01-31 06:38 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-02-09 13:53 . 2008-04-14 02:42 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2008-04-14 02:41 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 19:40 . 2010-10-16 08:05 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 17:19 . 2010-10-16 08:05 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2010-10-15 12:27 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-31 06:40 . 2011-01-31 06:40 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys 2011-01-31 06:38 . 2011-01-31 06:38 96384 ----a-w- c:\windows\system32\drivers\sptd0909.sys 2011-01-31 06:38 . 2011-01-31 06:38 664064 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-01-28 13:23 . 2011-01-28 13:23 191488 ----a-w- c:\windows\system32\hlvdd.dll 2011-01-27 11:57 . 2010-10-15 12:27 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:42 . 2008-04-14 02:42 439808 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2008-04-14 02:39 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:14 . 2010-09-27 09:11 1864064 ----a-w- c:\windows\system32\win32k.sys . . ------- Sigcheck ------- . . [-] 2010-09-27 . 5E1B839DF6C674B1250B1B2124699B3B . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . c:\windows\System32\srsvc.dll ... is missing !! . ((((((((((((((((((((((((((((( SnapShot@2011-03-23_10.38.13 ))))))))))))))))))))))))))))))))))))))))) . + 2011-03-23 14:10 . 2011-03-23 14:10 16384 c:\windows\Temp\Perflib_Perfdata_154.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-01-29 136176] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-12 399224] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "igfxtrei"="c:\program files\Canon\MF Toolbox Ver4.7\multy.exe" [2011-03-21 293783] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Printkey-Pro.lnk - c:\program files\Printkey-Pro\Printkeypro.exe [2000-7-14 1417728] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\DocBackupJRE\\j2re1.5.0_22\\bin\\javaw.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.01.2011 08:38 664064] R2 MicroGuard;MicroGuard Copy Protection;c:\windows\system32\drivers\mgnt.sys [22.03.2011 10:27 40480] R2 MSSQL$MICROCATLIVE;SQL Server (MICROCATLIVE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24.11.2008 22:31 29263712] R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [11.07.2008 01:02 328992] R2 Transbase TECDOC CD 1_2011 Service;Transbase TECDOC CD 1_2011 Service;d:\program files\TECDOC_CD\1_2011\db\tbmux32.exe [25.10.2010 22:40 356352] S1 MpKsl38b2cc07;MpKsl38b2cc07;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D6DEA34-6307-44F7-AE02-22C1F809DEEB}\MpKsl38b2cc07.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D6DEA34-6307-44F7-AE02-22C1F809DEEB}\MpKsl38b2cc07.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B086B195-A18A-1DEB-341D-64B194C70AA0}] c:\documents and settings\Administrator\Application Data\svchos.exe [bU] . Contents of the 'Scheduled Tasks' folder . 2011-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1606980848-1177238915-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-29 10:23] . 2011-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1606980848-1177238915-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-29 10:23] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.mail.com/ TCP: {CA8394A2-5AC2-4DFD-BD8C-4D158F64F46F} = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-23 17:00 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-484763869-1606980848-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,d3,ed,90,1e,1e,3b,4d,b3,b4,c6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,dd,3b,e9,47,47,53,42,bc,34,59,\ . [HKEY_USERS\S-1-5-21-484763869-1606980848-1177238915-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2836) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll c:\windows\system32\webcheck.dll . Completion time: 2011-03-23 17:02:40 ComboFix-quarantined-files.txt 2011-03-23 15:02 ComboFix2.txt 2011-03-23 10:40 . Pre-Run: 41 554 759 680 bytes free Post-Run: 41 554 841 600 bytes free . - - End Of File - - 2B633511758B3AA866102B373E53D966

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Моля, влезте в www.virustotal.com и качете следния файл:

    c:\windows\system32\sfcfiles.dll

    Изпратете го за анализ и след това публикувайте резултатите в следващия ви пост в тази тема.

    Междувременно, проверете и за файла:

    c:\windows\system32\srsvc.dll

    Някак си съм объркан по отношение на него, защото в началото ComboFix казва, че файлът е инфектиран, а в последствие изписва, че липсва, затова ви моля да направите същото и за него.

    П.П.: Време за почивка в края на деня, затова ще излезна за една разходка, по-късно ще прегледам отговора ви и ще ви дам следващите инструкции.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

    File name: sfcfiles.dll

    Submission date: 2011-03-23 15:14:28 (UTC)

    Current status: finished

    Result: 0/ 41 (0.0%)

    VT Community

    not reviewed

    Safety score: -

    Compact

    Print results

    Antivirus Version Last Update Result

    AhnLab-V3 2011.03.24.00 2011.03.23 -

    AntiVir 7.11.5.46 2011.03.23 -

    Antiy-AVL 2.0.3.7 2011.03.22 -

    Avast 4.8.1351.0 2011.03.23 -

    Avast5 5.0.677.0 2011.03.23 -

    AVG 10.0.0.1190 2011.03.23 -

    BitDefender 7.2 2011.03.23 -

    CAT-QuickHeal 11.00 2011.03.23 -

    ClamAV 0.96.4.0 2011.03.23 -

    Commtouch 5.2.11.5 2011.03.22 -

    Comodo 8075 2011.03.23 -

    DrWeb 5.0.2.03300 2011.03.23 -

    eSafe 7.0.17.0 2011.03.22 -

    eTrust-Vet 36.1.8231 2011.03.23 -

    F-Prot 4.6.2.117 2011.03.22 -

    F-Secure 9.0.16440.0 2011.03.23 -

    Fortinet 4.2.254.0 2011.03.23 -

    GData 21 2011.03.23 -

    Ikarus T3.1.1.97.0 2011.03.23 -

    Jiangmin 13.0.900 2011.03.23 -

    K7AntiVirus 9.94.4188 2011.03.23 -

    McAfee 5.400.0.1158 2011.03.23 -

    McAfee-GW-Edition 2010.1C 2011.03.23 -

    Microsoft 1.6603 2011.03.23 -

    NOD32 5978 2011.03.23 -

    Norman 6.07.03 2011.03.23 -

    nProtect 2011-02-10.01 2011.02.15 -

    Panda 10.0.3.5 2011.03.23 -

    PCTools 7.0.3.5 2011.03.21 -

    Prevx 3.0 2011.03.23 -

    Rising 23.50.01.06 2011.03.22 -

    Sophos 4.63.0 2011.03.23 -

    SUPERAntiSpyware 4.40.0.1006 2011.03.23 -

    Symantec 20101.3.0.103 2011.03.23 -

    TheHacker 6.7.0.1.155 2011.03.23 -

    TrendMicro 9.200.0.1012 2011.03.23 -

    TrendMicro-HouseCall 9.200.0.1012 2011.03.23 -

    VBA32 3.12.14.3 2011.03.23 -

    VIPRE 8792 2011.03.23 -

    ViRobot 2011.3.23.4372 2011.03.23 -

    VirusBuster 13.6.265.0 2011.03.23 -

    Additional informationShow all

    MD5 : 5e1b839df6c674b1250b1b2124699b3b

    SHA1 : d5b72084d320dbbb730f2cf9d73c5789b1527042

    SHA256: 50a4c14754dd84177f18c8791b2067e472502db017f98d8b1c1dba1de9a22c8e

    VT Community

    This file has never been reviewed by any VT Community member. Be the first one to comment on it!

    VirusTotal Team

    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

    File name: srvsvc.dll

    Submission date: 2011-03-23 15:23:14 (UTC)

    Current status: finished

    Result: 0/ 41 (0.0%)

    VT Community

    not reviewed

    Safety score: -

    Compact

    Print results

    Antivirus Version Last Update Result

    AhnLab-V3 2011.03.24.00 2011.03.23 -

    AntiVir 7.11.5.46 2011.03.23 -

    Antiy-AVL 2.0.3.7 2011.03.22 -

    Avast 4.8.1351.0 2011.03.23 -

    Avast5 5.0.677.0 2011.03.23 -

    AVG 10.0.0.1190 2011.03.23 -

    BitDefender 7.2 2011.03.23 -

    CAT-QuickHeal 11.00 2011.03.23 -

    ClamAV 0.96.4.0 2011.03.23 -

    Commtouch 5.2.11.5 2011.03.22 -

    Comodo 8075 2011.03.23 -

    DrWeb 5.0.2.03300 2011.03.23 -

    eSafe 7.0.17.0 2011.03.22 -

    eTrust-Vet 36.1.8231 2011.03.23 -

    F-Prot 4.6.2.117 2011.03.22 -

    F-Secure 9.0.16440.0 2011.03.23 -

    Fortinet 4.2.254.0 2011.03.23 -

    GData 21 2011.03.23 -

    Ikarus T3.1.1.97.0 2011.03.23 -

    Jiangmin 13.0.900 2011.03.23 -

    K7AntiVirus 9.94.4188 2011.03.23 -

    McAfee 5.400.0.1158 2011.03.23 -

    McAfee-GW-Edition 2010.1C 2011.03.23 -

    Microsoft 1.6603 2011.03.23 -

    NOD32 5978 2011.03.23 -

    Norman 6.07.03 2011.03.23 -

    nProtect 2011-02-10.01 2011.02.15 -

    Panda 10.0.3.5 2011.03.23 -

    PCTools 7.0.3.5 2011.03.21 -

    Prevx 3.0 2011.03.23 -

    Rising 23.50.01.06 2011.03.22 -

    Sophos 4.63.0 2011.03.23 -

    SUPERAntiSpyware 4.40.0.1006 2011.03.23 -

    Symantec 20101.3.0.103 2011.03.23 -

    TheHacker 6.7.0.1.155 2011.03.23 -

    TrendMicro 9.200.0.1012 2011.03.23 -

    TrendMicro-HouseCall 9.200.0.1012 2011.03.23 -

    VBA32 3.12.14.3 2011.03.23 -

    VIPRE 8792 2011.03.23 -

    ViRobot 2011.3.23.4372 2011.03.23 -

    VirusBuster 13.6.265.0 2011.03.23 -

    Additional informationShow all

    MD5 : 3a7c3cbe5d96b8ae96ce81f0b22fb527

    SHA1 : 064dee60e5f82259247a665b59214c14496a2730

    SHA256: 0044f03132596a494448cce5f3d6ecc12617bb4cf6bae348f79d4dc40acd6ee0

    VT Community

    This file has never been reviewed by any VT Community member. Be the first one to comment on it!

    VirusTotal Team

    Не намерих файл srsvc.dll , затова съм пуснал този щото той се доближава най близко до този който Вие искате.

    П.П.: утре ще продължим нататък

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Благодаря, обаче мен ме интересува точно определен, а не близък до него, защото това са две различни неща.

    Моля, изтеглете SystemLook от някой от следните линкове и го запазете на вашия работен плот.

    Линк #1

    Линк #2

    • Кликнете два пъти върху SystemLook.exe, за да го стартирате.
    • Копирайте следното съдържание в основното текстово поле:

      :filefind
      *srsvc*

    • Кликнете на бутона Look, за да започне сканирането.
    • Когато приключи, Notepad ще се стартира, съдържащ резултатите от сканирането. Моля, копирайте лог файла в следващия си пост в тази тема.
    Бележка: Лог файлът също може да бъде намерен на вашия работен плод под името SystemLook.txt

    Междувременно, би ли проверил и следния файл:

    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D6DEA34-6307-44F7-AE02-22C1F809DEEB}\MpKsl38b2cc07.sys

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    SystemLook 04.09.10 by jpshortstuff

    Log created at 08:30 on 24/03/2011 by Administrator

    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*srsvc*"

    No files found.

    -= EOF =-

    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D6DEA34-6307-44F7-AE02-22C1F809DEEB}\MpKsl38b2cc07.sys - и това го нямам на компютъра

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Отворете Notepad и чрез комбинацията copy/paste поставете следния текст:

    http://www.kaldata.com/forums/index.php?showtopic=174646
    
    Collect::[8]
    c:\documents and settings\Administrator\Application Data\svchos.exe
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B086B195-A18A-1DEB-341D-64B194C70AA0}]
    

    Запазете файла с името CFScript.txt и го поставете върху ComboFix.

    Публикувано изображение

    След като, програмата приключи ще Ви изведе лог файла. Отново чрез комбинацията от Copy/Paste поставете информацията тук.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.