ZeroAccess [ПРИКЛЮЧЕН]

13 март 201214 г.

Attach: . DDS (Ver_2011-09-30.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 8/17/2008 8:01:35 PM System Uptime: 3/13/2012 5:37:26 PM (0 hours ago) . Motherboard: FOXCONN | | A6VMX Processor: AMD Athlon 64 X2 Dual Core Processor 4200+ | Socket 940 | 2199/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 112 GiB total, 66.866 GiB free. D: is CDROM () E: is FIXED (NTFS) - 121 GiB total, 112.78 GiB free. F: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 7-Zip 4.64 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Photoshop CS Adobe Shockwave Player 11.5 ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver AVG 2012 BitComet 0.56 Bluesoleil2.6.0.8 Release 070517 BurnAware Free 2.3.8 Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common ccc-core-preinstall ccc-core-static ccc-utility CCC Help English CCleaner (remove only) Diablo II DriverMax 4 GOM Player Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) ICQ Toolbar Inhatch web plugins Java Auto Updater Java 6 Update 30 Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office XP Professional with FrontPage Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox 10.0.2 (x86 en-US) MSVC90_x86 Nokia Connectivity Cable Driver Nokia PC Suite PC Connectivity Solution Photo! Editor 1.1 PiX Pang 1.6d Realtek High Definition Audio Driver Samsung Video Codec 1.1 Uninstall Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Skins Skype™ 3.8 Softonic toolbar on IE and Chrome Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB978506) Update for Windows XP (KB2345886) Update for Windows XP (KB2541763) Update for Windows XP (KB2641690) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP Windows Driver Package - Nokia Modem (02/25/2011 4.7) Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 . ==== Event Viewer Messages From Past Week ======== . 3/7/2012 5:34:37 PM, error: Service Control Manager [7024] - The Workstation service terminated with service-specific error 2250 (0x8CA). 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Xyz777s service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Wuolservice service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Wmconnectcds service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Wfxsvc service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Websensecamreportserver service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Webdriveservice service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The WavxDMgr service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Vmsprog service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The VirtualFD service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The UVCFTR service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Usbser service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The USBDeviceService service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The USB11LDR service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Us30sys service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Ufad-ws60 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The TUWinStylerThemeSvc service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Tsddd service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Trlokom_rmhsvc service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Trcboot service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Tphdexlgsvc service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Tmactmon service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Tgsrvc_smartagent service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The TCtrlIO service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Symappcore service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Sus2pl service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The StreamDispatcher service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The StkAMini service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Stacsv service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Ssmdrv service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Ssdiagn service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Sony_ssm.sys service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Smservauth service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The SMNDIS5 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Slpsvdr service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Slee_81_service service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The SiSGbeXP service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Shuttleengine service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Shockprf service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Servicemgr service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Serialkeys service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Sentinelprotectionserver service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The SecureStorageService service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The SE2Ebus service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Se2Dnd5 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The SE27obex service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The ScFBPNT3 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Sansaservice service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The S616nd5 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The S616mgmt service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The RTSTOR service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Roxliveshare service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Rnadirmultiplexor service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Rimmptsk service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Procmon10 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Procexp90 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Portmapper service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Pmshellsrv service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Pktfilter service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The PhilCam8116 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Pavfnsvr service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The OsaFsLoc service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Oraclesnmppeermasteragent service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Oracleorahomehttpserver service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Oracleorahome90agent service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The OdysseyIM3 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Nvata service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Nsynas32 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Nsvcip service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The NsTrcNT service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Nisum service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Ni_nic service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The NetwareWorkstation service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The NETw3v32 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Navex15 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Mscsptisrv service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Mrpostman service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Mmc_2K service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Mirrorv3 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Milshieldcleaner service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Mctaskmanager service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Magictuneengine service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The MA8032U service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The MA-620 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Lxby_device service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Lxbx_device service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The LVCap138 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Lktimesync service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Kpf4 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The K750bus service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Isdrv120 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Ikfileflt service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Ifp800 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Iclarityqosservice service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Ibmsmbus service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Ialm service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Iaimfp4 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Hsf_dpv service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Hsf_dp service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Hpt3xx service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Hibernation service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The GoProto service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The GMSIPCI service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Fuj02b1 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Freepops service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Foldersize service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The ET5Drv service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Eloggersvc6 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The EIO service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The EhttpSrv service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Dot4ufd service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The DNE service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The DN2AKNET service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Digitizer service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The DcFpoint service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Db2 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The CXTUNE service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Crystalaps service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Compaq_rba service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Cmdmon service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The ClntMgmt.sys service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Citrixxteserver service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Cimnotify service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Cicsclient service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Cccredmgr service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Camdrl service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Cachemgr service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The C34nb4c5 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Bb-run service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Basfipm service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Avg7updsvc service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Atkkeyboardservice service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The ATKFUSService service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The AtiHdmiService service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Aspi32 service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The As6frin service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Aolavupd service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Anydvd service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The AmeLanPc service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The Agnwifi service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The AffinegyService service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The 3c1807pd service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7023] - The {d31a0762-0ceb-444e-acff-b049a1f6fe91} service terminated with the following error: The specified module could not be found. 3/7/2012 5:34:37 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service has returned a service-specific error code. 3/7/2012 5:34:37 PM, error: Service Control Manager [7000] - The AG Windows Service service failed to start due to the following error: The system cannot find the path specified. 3/7/2012 5:34:37 PM, error: Service Control Manager [7000] - The AG Core Services service failed to start due to the following error: The system cannot find the path specified. 3/7/2012 5:33:20 PM, error: Workstation [5727] - Could not load RDR device driver. 3/10/2012 2:50:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 3/10/2012 2:49:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips IPSec NetBIOS NetBT Processor RasAcd Rdbss Tcpip 3/10/2012 1:23:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix BTHidMgr Fips IPSec NetBIOS NetBT Processor RasAcd Rdbss Tcpip 3/10/2012 1:23:28 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 3/10/2012 1:23:28 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/10/2012 1:23:28 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/10/2012 1:23:28 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 3/10/2012 1:22:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 3/10/2012 1:06:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips Processor 3/10/2012 1:05:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} . ==== End Of File =========================== dds DDS (Ver_2011-09-30.01) - NTFS_x86 NETWORK Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30 Run by Administrator at 17:51:39 on 2012-03-13 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.895.713 [GMT 2:00] . FW: Norton Internet Worm Protection *Disabled* . ============== Running Processes ================ . C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . uInternet Connection Wizard,ShellNext = hxxp://www.icq.com/client/unregister.html mSearchAssistant = hxxp://www.google.com/ie BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: Softonic Helper Object: {E87806B5-E908-45FD-AF5E-957D83E58E68} - c:\program files\softonic\softonic\1.5.11.5\bh\softonic.dll TB: Kiwee Toolbar: {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - TB: Softonic Toolbar: {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - c:\program files\softonic\softonic\1.5.11.5\softonicTlbr.dll uRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE uRunOnce: [avg_spchecker] "c:\program files\avg\avg9\notification\SPChecker1.exe" /start mRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033 mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{A7F79D08-18FD-4C2F-909B-97F91EC7B243} : NameServer = 78.128.82.1,193.24.240.25 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\4cr7to3r.default\ FF - plugin: c:\program files\inhatchteam\inhatch\npinhatch.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608] S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016] S2 AGCoreService;AG Core Services;"c:\program files\agi\core\4.2.0.10752\agcoreservice.exe" --> c:\program files\agi\core\4.2.0.10752\AGCoreService.exe [?] S2 AGWinService;AG Windows Service;"c:\program files\agi\common\win32\pythonservice.exe" --> c:\program files\agi\common\win32\PythonService.exe [?] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] S2 ccproxy;Shuttleengine;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 CTMFLT;WavxDMgr;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 CTMMOUNT;Avg7updsvc;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 ikfilesec;Hpt3xx;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 iksyssec;Pktfilter;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 mcdetect.exe;Oraclesnmppeermasteragent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 mcredirector;Cicsclient;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 ofcpfwsvc;Ibmsmbus;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 SbieDrv;Tsddd;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 vsmon;Hsf_dp;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720] S3 BTIAUSB;Generic Bluetooth Device;c:\windows\system32\drivers\btiausb.sys [2008-7-30 23808] S3 BTPROT;Generic Bluetooth Filter;c:\windows\system32\drivers\btprot.sys [2008-8-2 453120] S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?] . =============== File Associations =============== . ShellExec: FOXITR~1.EXE: print="c:\docume~1\raini4ka\locals~1\temp\tempor~1.zip\FOXITR~1.EXE"/p "%1" ShellExec: FOXITR~1.EXE: printto="c:\docume~1\raini4ka\locals~1\temp\tempor~1.zip\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4" ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE . =============== Created Last 30 ================ . 2012-03-13 15:46:47 98992 ----a-w- c:\windows\system32\drivers\18744141.sys 2012-03-13 15:46:47 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-10 11:07:19 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-10 11:07:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-10 11:05:59 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla 2012-03-02 17:31:10 0 --sha-w- c:\windows\system32\dds_log_trash.cmd . ==================== Find3M ==================== . . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ExcelStor_Technology_J9250S rev.GM2OA52A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntoskrnl.exe >>UNKNOWN [0x857C68C0]<< _asm { MOV EAX, 0x857c67e0; XCHG [ESP], EAX; PUSH EAX; PUSH 0x857a0684; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; } 1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x85738AB8] \Driver\Disk[0x8569FD20] -> IRP_MJ_CREATE -> 0x857C68C0 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: detected hooks: \Driver\Disk -> 0x857c68c0 user & kernel MBR OK Warning: possible MBR rootkit infection ! . ============= FINISH: 17:51:46.50 ===============

Цитирай

icotonev

HJT Team

Пол:Мъж
Град:гр.Ямбол
Интереси:Malware Removal, Security Analyst, Malware Hunters,Trusted Helper

13 март 201214 г.

Здарвейте..!

Изтеглете ComboFix от тук или тук и го запазете на десктопа си.

Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

Стартирайте Combo-Fix.com и следвайте инструкциите.

Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

Изберете Yes, за да продължи сканирането за зловреден софтуер.

Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

Бележка:

Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

Цитирай

13 март 201214 г.

Автор

това ли е?

ComboFix 12-03-13.01 - Administrator 03/13/2012 18:13:06.1.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.895.745 [GMT 2:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini

c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll

c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini

c:\documents and settings\Raini4ka\Local Settings\Application Data\aa8602a1\U

c:\documents and settings\Raini4ka\Local Settings\Application Data\aa8602a1\U\800000cb.@

c:\program files\Mozilla Firefox\components\AskHPRFF.js

c:\windows\system32\dds_log_trash.cmd

c:\windows\system32\dllcache\dlimport.exe

.

Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected

Restored copy from - The cat found it

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SERVICE

-------\Legacy_SVCHOST

-------\Service_service

.

((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))

.

2012-03-13 15:46 . 2012-03-13 15:46 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-10 11:07 . 2012-03-10 11:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-10 11:07 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-10 11:05 . 2012-03-10 11:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2012-03-02 17:29 . 2012-03-13 16:17 -------- d-sh--w- c:\documents and settings\Raini4ka\Local Settings\Application Data\aa8602a1

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-18 11:14 . 2011-12-14 18:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]

2009-11-06 23:07 297808 ----a-w- c:\windows\system32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]

2012-01-11 14:29 241872 ----a-w- c:\program files\Softonic\softonic\1.5.11.5\bh\softonic.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}"= "mscoree.dll" [2009-11-06 297808]

"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]

.

[HKEY_CLASSES_ROOT\clsid\{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}]

[HKEY_CLASSES_ROOT\UnifiedToolbar.UnifiedToolbar]

.

[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]

[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]

[HKEY_CLASSES_ROOT\Softonic.dskBnd]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Raini4ka\Start Menu\Programs\Startup\

Webshots.lnk - c:\program files\Webshots\Launcher.exe [2009-1-15 157000]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 24576]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2011-12-16 09:04 1508408 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-02-23 16:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2706:TCP"= 2706:TCP:Inhatch P2P Streaming

"2707:TCP"= 2707:TCP:Inhatch P2P Streaming

"2708:TCP"= 2708:TCP:Inhatch P2P Streaming

"2709:TCP"= 2709:TCP:Inhatch P2P Streaming

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]

S2 AGCoreService;AG Core Services;"c:\program files\AGI\core\4.2.0.10752\AGCoreService.exe" --> c:\program files\AGI\core\4.2.0.10752\AGCoreService.exe [?]

S2 AGWinService;AG Windows Service;"c:\program files\AGI\common\win32\PythonService.exe" --> c:\program files\AGI\common\win32\PythonService.exe [?]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]

S3 BTIAUSB;Generic Bluetooth Device;c:\windows\system32\drivers\btiausb.sys [7/30/2008 8:04 AM 23808]

S3 BTPROT;Generic Bluetooth Filter;c:\windows\system32\drivers\btprot.sys [8/2/2008 9:22 AM 453120]

S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

CdaC15BA

adobeactivefilemonitor5.0

irmon

ikfilesec

smbios

PCISys

pdlnshay

dnserver32

netdevio

gotomypc

websenseclientdeployservice

lxbs_device

L6POD

com0com

sfusvc

curtainssyssvc

QWAVE

SE27mdfl

retrowdsvc

LUsbKbd

SbieDrv

dxdebug

application

snapman380

pclepci

cpqfws2e

pdlnatdl

aavmker4

se58obex

M3AD

bcserver

beatjamupnpmusicserver

cebdaldr

transarcafsdaemon

VMAUDIO

Alpham2

bridge

phnxvcdservice

regservice

CoachVc

npkcusb

i81x

RimSerPort

slimsvc

client32

symfw

epson_pm_rpcv4_01

lmimirr

vsmon

netrcacm

backupexecagentbrowser

motmodem

wg4n

CTMFLT

ofcpfwsvc

aaksrv

rt73

w800obex

uleadburninghelper

CTMMOUNT

GT680x

cpucoolserver

dlacdbhm

hpdskflt

houdiniserver

ccproxy

ScFBPNT3

tosrfusb

CTSBLFX.DLL

cdralw2k

z525bus

WmFilter

awecho

wandrv

stac97

Cinemsup

meiudf

fgdxbus

aic116x

bglivesvc

PTDCVsp

nimcdldu

SWNC5E00

SE2Emgmt

MSMQ

BUFADPT

iksyssec

HpqRemHid

ibmpmsvc

ndassvc

oracleorahomeagent

bdpredir

SECYPUSB

ATWPKT2

vzupsvc

sonypvs1

AVCSTRM

logonsvcid

ibmfilter

ood2000

se44bus

SE2Bbus

ql2100

ihcservice

UpdateCenterService

retinaengine

mwlsvc

sandradatasrv

windowblinds

djsnetcn

eamon

CAMCHALA

mcredirector

CTEAPSFX.DLL

jtagserver

snmptrapdservice

iaimtv2

wlancig

bvrp_pci

BrSerIf

radclock

ipassconnectengine

zpjava

DC21x4

ScanUSBEMPIA

adiloader

tbhsd

gtndis5

EPOWER

zd1211u(zydas)

lvprcsrv

AtiPcie

sonicatheaterinstallerservice

fallback

mcdetect.exe

VAIOMediaPlatform-PhotoServer-HTTP

sdbus

dvd-ram_service

epgspooler

USB_RNDIS

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

napagent

hkmsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = hxxp://www.icq.com/client/unregister.html

TCP: Interfaces\{A7F79D08-18FD-4C2F-909B-97F91EC7B243}: NameServer = 78.128.82.1,193.24.240.25

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4cr7to3r.default\

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-97307645.sys

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-13 18:19

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(704)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(1212)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2012-03-13 18:21:50 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-13 16:21

.

Pre-Run: 71,656,161,280 bytes free

Post-Run: 72,395,689,984 bytes free

.

- - End Of File - - FA5C48DF593B282BE33988A07365CF85

Цитирай

icotonev

HJT Team

Пол:Мъж
Град:гр.Ямбол
Интереси:Malware Removal, Security Analyst, Malware Hunters,Trusted Helper

13 март 201214 г.

Направете бекъп на регистрите.Изтеглете програмата ERUNT,инсталирате и стартирате програмата,избирате папка за съхранение,в секцията Backup options,трябва да бъдат маркирани "System registry" , "Current user registry" и "Other open user registries",натискате "Ok" и потвърждавате създаването на папка.

Описание с картинки на ERUNT: тук

Отворете notepad и с copy/paste въведете следната информация:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\
  76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\
  65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\
  00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\
  62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\
  49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\
  57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\
  6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\
  61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\
  52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\
  75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\
  63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\
  68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\
  56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\
  73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,\
  6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,\
  57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,00

Запазете файла с името fix.reg.
Файла трябва да изглежда така -
Стартирайте го и изберете YES на диалоговия прозорец.
Рестартирайте компютъра си.

След горната процедура:

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

KILLALL::
ClearJavaCache::

Folder::
c:\documents and settings\Raini4ka\Local Settings\Application Data\aa8602a1

След съхранението преместете CFScript.txt на иконата на ComboFix.exe

Генерирания рапорт прикачете в следващия си пост..!

Цитирай

16 март 201214 г.

Автор

Не стана от първия път, не направи лог... чак втория. ComboFix 12-03-16.03 - Raini4ka 03.2012 г. 21:01:26.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.895.494 [GMT 2:00] Running from: c:\documents and settings\Raini4ka\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Raini4ka\Desktop\CFScript.txt.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\documents and settings\Raini4ka\Local Settings\Application Data\aa8602a1 c:\documents and settings\Raini4ka\Local Settings\Application Data\aa8602a1\@ . . ((((((((((((((((((((((((( Files Created from 2012-02-16 to 2012-03-16 ))))))))))))))))))))))))))))))) . . 2012-03-16 17:05 . 2012-03-16 17:05 -------- d-----w- c:\program files\ERUNT 2012-03-13 18:45 . 2012-03-13 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2012-03-13 18:45 . 2012-03-13 19:29 -------- d-----w- c:\program files\DAEMON Tools Lite 2012-03-13 18:35 . 2012-03-13 18:35 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-03-13 18:34 . 2012-03-13 18:51 -------- d-----w- c:\documents and settings\Raini4ka\Application Data\DAEMON Tools Lite 2012-03-10 11:07 . 2012-03-10 11:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-10 11:07 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-10 11:05 . 2012-03-10 11:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-18 11:14 . 2011-12-14 18:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-03-13_16.19.10 ))))))))))))))))))))))))))))))))))))))))) . + 2012-03-16 19:07 . 2012-03-16 19:07 16384 c:\windows\temp\Perflib_Perfdata_234.dat + 2012-03-16 17:06 . 2012-03-16 17:06 8192 c:\windows\ERDNT\16.3.2012 і\Users\00000004\UsrClass.dat + 2012-03-16 17:06 . 2012-03-16 17:06 8192 c:\windows\ERDNT\16.3.2012 і\Users\00000002\UsrClass.dat - 2008-08-17 19:48 . 2012-01-23 19:08 121336 c:\windows\system32\FNTCACHE.DAT + 2012-03-13 16:50 . 2012-03-13 16:50 121336 c:\windows\system32\FNTCACHE.DAT + 2012-03-16 17:06 . 2012-03-16 17:06 221184 c:\windows\ERDNT\16.3.2012 і\Users\00000006\UsrClass.dat + 2012-03-16 17:06 . 2012-03-16 17:06 229376 c:\windows\ERDNT\16.3.2012 і\Users\00000003\NTUSER.DAT + 2012-03-16 17:06 . 2012-03-16 17:06 229376 c:\windows\ERDNT\16.3.2012 і\Users\00000001\NTUSER.DAT + 2012-03-16 17:06 . 2005-10-20 10:02 163328 c:\windows\ERDNT\16.3.2012 і\ERDNT.EXE + 2012-03-16 17:06 . 2012-03-16 17:06 5173248 c:\windows\ERDNT\16.3.2012 і\Users\00000005\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-06 297808] . [HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}] [HKEY_CLASSES_ROOT\agihelper.AGUtils] [HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}] [HKEY_CLASSES_ROOT\agcutils.AGSearchHook] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}] 2009-11-06 23:07 297808 ----a-w- c:\windows\system32\mscoree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}"= "mscoree.dll" [2009-11-06 297808] . [HKEY_CLASSES_ROOT\clsid\{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}] [HKEY_CLASSES_ROOT\UnifiedToolbar.UnifiedToolbar] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Raini4ka\Start Menu\Programs\Startup\ Webshots.lnk - c:\program files\Webshots\Launcher.exe [2009-1-15 157000] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 24576] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2011-12-16 09:04 1508408 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2706:TCP"= 2706:TCP:Inhatch P2P Streaming "2707:TCP"= 2707:TCP:Inhatch P2P Streaming "2708:TCP"= 2708:TCP:Inhatch P2P Streaming "2709:TCP"= 2709:TCP:Inhatch P2P Streaming . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11.7.2011 і. 01:14 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 і. 06:30 32592] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.3.2012 і. 20:35 721904] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07.10.2011 і. 06:23 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 і. 01:14 295248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02.8.2011 і. 06:09 192776] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11.7.2011 і. 01:14 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11.7.2011 і. 01:14 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04.10.2011 і. 06:21 16720] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 і. 06:25 4433248] S3 BTIAUSB;Generic Bluetooth Device;c:\windows\system32\drivers\btiausb.sys [30.7.2008 і. 08:04 23808] S3 BTPROT;Generic Bluetooth Filter;c:\windows\system32\drivers\btprot.sys [02.8.2008 і. 09:22 453120] S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=10&cc= uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: Interfaces\{A7F79D08-18FD-4C2F-909B-97F91EC7B243}: NameServer = 78.128.82.1,193.24.240.25 FF - ProfilePath - c:\documents and settings\Raini4ka\Application Data\Mozilla\Firefox\Profiles\6z9q3fcq.default\ FF - prefs.js: browser.search.selectedEngine - My Way FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50727 FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.softonic_i.hmpg - true FF - user.js: extensions.softonic_i.hmpgUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=13&cc= FF - user.js: extensions.softonic_i.dfltSrch - true FF - user.js: extensions.softonic_i.srchPrvdr - Search the web (Softonic) FF - user.js: extensions.softonic_i.keyWordUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=2&cc=&q= FF - user.js: extensions.softonic_i.dnsErr - true FF - user.js: extensions.softonic_i.newTab - true FF - user.js: extensions.softonic_i.newTabUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=15&cc= FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=1&cc=&q= FF - user.js: extensions.softonic_i.id - b46d9a40000000000000001167000000 FF - user.js: extensions.softonic_i.instlDay - 15377 FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5 FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5 FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.514:41 FF - user.js: extensions.softonic_i.prtnrId - softonic FF - user.js: extensions.softonic_i.prdct - softonic FF - user.js: extensions.softonic_i.aflt - SD FF - user.js: extensions.softonic_i.smplGrp - eng7 FF - user.js: extensions.softonic_i.tlbrId - en11DECdefault FF - user.js: extensions.softonic_i.instlRef - MON00005 FF - user.js: extensions.softonic_i.dfltLng - FF - user.js: extensions.softonic_i.excTlbr - false . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-16 21:07 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1060) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(944) c:\windows\system32\WININET.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\RTHDCPL.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\program files\Webshots\webshots.scr c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2012-03-16 21:11:39 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-16 19:11 ComboFix2.txt 2012-03-13 16:21 . Pre-Run: 72 552 415 232 bytes free Post-Run: 72 551 149 568 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 54BE2C0D7F564554EE94C3D47526F51E

Цитирай

icotonev

HJT Team

Пол:Мъж
Град:гр.Ямбол
Интереси:Malware Removal, Security Analyst, Malware Hunters,Trusted Helper

16 март 201214 г.

Моля, изтеглете aswMBR и го запазете на вашия десктоп.

Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
Изчакайте да изтегли дефинициите на avast!
От падащото меню посочете дял C:\ както е на снимката:

Изберете Scan бутона, за да започне проверката.
Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.

Моля,изтрийте изтрийте вашата версия на TDSSKiller , изтеглете последната версия на TDSSKiller - оттук и я запазете на вашия декстоп.

Стартирайте TDSSKiller.exe за да стартирате приложението. След това кликнете върху бутона Change parameters.
Сложете отметки пред Verify Driver Digital Signature и Detect TDLFS file system и натиснете ОК.
Натиснете бутона Start Scan.
Ако подозрителен обект бъде засечен, действието по подразбиране ще бъде Skip, кликнете върху Continue.
Ако зловредни обекти бъдат намерени, тогава от падащото меню ще имате три възможности.
Бъдете сигурни, че избраното действие е Cure и натиснете върху Continue > Рестартирайте за да бъде завършена поправката.

Забележка: Ако Cure бутона не е наличен от възможностите, тогава моля изберете Skip бутона, не избирайте Delete освен ако не сте инструктирани затова.
Лог файл ще бъде създаден в свободната директория на дял C:\ . Потърсете за лог с името "TDSSKiller.[Version]_[Date]_[Time]_log.txt" и копирайте съдържанието му в следващия си пост.

Цитирай

16 март 201214 г.

Автор

aswMBR version Run date: 2012-03-16 21:24:04 ----------------------------- 21:24:04.828 21:24:04.828 21:24:04.828 21:24:05.140 Initialize success 21:26:15.953 21:28:58.203 21:28:58.203 21:28:58.218 21:28:58.218 Disk 0 MBR scan 21:28:58.234 21:28:58.234 21:28:58.265 21:28:58.265 21:28:58.343 21:29:09.328 Service scanning 21:29:21.750 21:29:25.390 Modules scanning 21:29:32.437 21:29:32.468 21:29:32.468 21:29:32.468 21:29:32.468 21:29:32.750 AVAST engine scan C:\ 21:40:35.187 21:40:35.921 22:07:02.171 22:12:47.218 22:12:47.234 22:14:04.0281 1216 22:14:04.0406 1216 22:14:04.0406 1216 22:14:04.0406 1216 SystemInfo: 22:14:04.0406 1216 22:14:04.0406 1216 22:14:04.0406 1216 22:14:04.0406 1216 22:14:04.0406 1216 22:14:04.0406 1216 22:14:04.0406 1216 22:14:04.0406 1216 22:14:04.0406 1216 22:14:04.0406 1216 Page size: 0x1000 22:14:04.0406 1216 22:14:04.0406 1216 22:14:06.0546 1216 22:14:06.0562 1216 22:14:06.0562 1216 MBR used 22:14:06.0562 1216 22:14:06.0562 1216 22:14:06.0609 1216 22:14:06.0609 1216 22:14:19.0453 0984 22:14:19.0453 0984 Scan started 22:14:19.0453 0984 22:14:19.0453 0984 22:14:19.0671 0984 Abiosdsk - ok 22:14:19.0687 0984 abp480n5 - ok 22:14:19.0734 0984 22:14:20.0390 0984 ACPI - ok 22:14:20.0453 0984 22:14:20.0593 0984 ACPIEC - ok 22:14:20.0593 0984 adpu160m - ok 22:14:20.0640 0984 22:14:20.0765 0984 aec - ok 22:14:20.0812 0984 22:14:20.0875 0984 AFD - ok 22:14:20.0937 0984 Aha154x - ok 22:14:20.0953 0984 aic78u2 - ok 22:14:20.0968 0984 aic78xx - ok 22:14:20.0968 0984 AliIde - ok 22:14:20.0984 0984 amsint - ok 22:14:21.0000 0984 asc - ok 22:14:21.0015 0984 asc3350p - ok 22:14:21.0015 0984 asc3550 - ok 22:14:21.0046 0984 22:14:21.0171 0984 AsyncMac - ok 22:14:21.0203 0984 22:14:21.0328 0984 atapi - ok 22:14:21.0328 0984 Atdisk - ok 22:14:21.0437 0984 22:14:21.0562 0984 ati2mtag - ok 22:14:21.0640 0984 22:14:21.0765 0984 Atmarpc - ok 22:14:21.0812 0984 22:14:21.0937 0984 audstub - ok 22:14:21.0984 0984 22:14:22.0015 0984 AVGIDSDriver - ok 22:14:22.0078 0984 22:14:22.0093 0984 AVGIDSEH - ok 22:14:22.0109 0984 22:14:22.0109 0984 AVGIDSFilter - ok 22:14:22.0125 0984 22:14:22.0125 0984 AVGIDSShim - ok 22:14:22.0140 0984 22:14:22.0156 0984 Avgldx86 - ok 22:14:22.0187 0984 22:14:22.0203 0984 Avgmfx86 - ok 22:14:22.0234 0984 22:14:22.0250 0984 Avgrkx86 - ok 22:14:22.0265 0984 22:14:22.0281 0984 Avgtdix - ok 22:14:22.0343 0984 22:14:22.0500 0984 Beep - ok 22:14:22.0562 0984 22:14:22.0562 0984 BlueletAudio - ok 22:14:22.0593 0984 22:14:22.0593 0984 22:14:22.0640 0984 22:14:22.0640 0984 BT - ok 22:14:22.0671 0984 22:14:22.0687 0984 Btcsrusb - ok 22:14:22.0718 0984 22:14:22.0734 0984 BTHidEnum - ok 22:14:22.0734 0984 22:14:22.0750 0984 BTHidMgr - ok 22:14:22.0796 0984 22:14:22.0843 0984 BTIAUSB - ok 22:14:22.0937 0984 22:14:22.0953 0984 BTNetFilter - ok 22:14:23.0046 0984 22:14:23.0078 0984 BTPROT - ok 22:14:23.0093 0984 catchme - ok 22:14:23.0140 0984 22:14:23.0281 0984 cbidf2k - ok 22:14:23.0328 0984 cd20xrnt - ok 22:14:23.0343 0984 22:14:23.0500 0984 Cdaudio - ok 22:14:23.0531 0984 22:14:23.0640 0984 Cdfs - ok 22:14:23.0671 0984 22:14:23.0796 0984 Cdrom - ok 22:14:23.0859 0984 Changer - ok 22:14:23.0875 0984 CmdIde - ok 22:14:23.0906 0984 Cpqarray - ok 22:14:23.0937 0984 dac2w2k - ok 22:14:23.0953 0984 dac960nt - ok 22:14:24.0015 0984 22:14:24.0109 0984 Disk - ok 22:14:24.0156 0984 22:14:24.0296 0984 dmboot - ok 22:14:24.0343 0984 22:14:24.0468 0984 dmio - ok 22:14:24.0515 0984 22:14:24.0656 0984 dmload - ok 22:14:24.0703 0984 22:14:24.0828 0984 DMusic - ok 22:14:24.0859 0984 dpti2o - ok 22:14:24.0890 0984 22:14:25.0000 0984 drmkaud - ok 22:14:25.0078 0984 22:14:25.0203 0984 Fastfat - ok 22:14:25.0218 0984 22:14:25.0343 0984 Fdc - ok 22:14:25.0375 0984 22:14:25.0484 0984 Fips - ok 22:14:25.0531 0984 22:14:25.0656 0984 Flpydisk - ok 22:14:25.0703 0984 22:14:25.0812 0984 FltMgr - ok 22:14:25.0859 0984 22:14:26.0000 0984 Fs_Rec - ok 22:14:26.0062 0984 22:14:26.0203 0984 Ftdisk - ok 22:14:26.0203 0984 FXDrv32 - ok 22:14:26.0250 0984 22:14:26.0343 0984 Gpc - ok 22:14:26.0421 0984 22:14:26.0531 0984 HDAudBus - ok 22:14:26.0578 0984 22:14:26.0687 0984 HidUsb - ok 22:14:26.0734 0984 hpn - ok 22:14:26.0796 0984 22:14:26.0843 0984 HTTP - ok 22:14:26.0859 0984 i2omgmt - ok 22:14:26.0875 0984 i2omp - ok 22:14:26.0906 0984 22:14:27.0281 0984 i8042prt - ok 22:14:27.0359 0984 22:14:27.0468 0984 Imapi - ok 22:14:27.0484 0984 ini910u - ok 22:14:27.0609 0984 22:14:27.0828 0984 22:14:27.0875 0984 IntelIde - ok 22:14:27.0906 0984 22:14:28.0031 0984 Ip6Fw - ok 22:14:28.0078 0984 22:14:28.0218 0984 22:14:28.0281 0984 22:14:28.0390 0984 IpInIp - ok 22:14:28.0421 0984 22:14:28.0531 0984 IpNat - ok 22:14:28.0562 0984 22:14:28.0656 0984 IPSec - ok 22:14:28.0687 0984 22:14:28.0781 0984 IRENUM - ok 22:14:28.0875 0984 22:14:28.0984 0984 isapnp - ok 22:14:29.0031 0984 22:14:29.0125 0984 Kbdclass - ok 22:14:29.0140 0984 22:14:29.0250 0984 kmixer - ok 22:14:29.0265 0984 22:14:29.0312 0984 KSecDD - ok 22:14:29.0375 0984 lbrtfdc - ok 22:14:29.0468 0984 22:14:29.0609 0984 mnmdd - ok 22:14:29.0656 0984 22:14:29.0765 0984 Modem - ok 22:14:29.0812 0984 22:14:29.0921 0984 Mouclass - ok 22:14:29.0984 0984 22:14:30.0125 0984 mouhid - ok 22:14:30.0171 0984 22:14:30.0281 0984 MountMgr - ok 22:14:30.0296 0984 mraid35x - ok 22:14:30.0312 0984 22:14:30.0421 0984 MRxDAV - ok 22:14:30.0484 0984 22:14:30.0593 0984 Msfs - ok 22:14:30.0625 0984 22:14:30.0734 0984 MSKSSRV - ok 22:14:30.0765 0984 22:14:30.0875 0984 MSPCLOCK - ok 22:14:30.0937 0984 22:14:31.0046 0984 MSPQM - ok 22:14:31.0093 0984 22:14:31.0203 0984 mssmbios - ok 22:14:31.0250 0984 22:14:31.0281 0984 Mup - ok 22:14:31.0390 0984 22:14:31.0500 0984 NDIS - ok 22:14:31.0546 0984 22:14:31.0562 0984 NdisTapi - ok 22:14:31.0593 0984 22:14:31.0703 0984 Ndisuio - ok 22:14:31.0828 0984 22:14:31.0937 0984 NdisWan - ok 22:14:32.0000 0984 22:14:32.0031 0984 NDProxy - ok 22:14:32.0093 0984 22:14:32.0218 0984 NetBIOS - ok 22:14:32.0265 0984 22:14:32.0375 0984 NetBT - ok 22:14:32.0421 0984 22:14:32.0531 0984 Npfs - ok 22:14:32.0593 0984 22:14:32.0750 0984 Ntfs - ok 22:14:32.0812 0984 22:14:32.0953 0984 Null - ok 22:14:32.0984 0984 22:14:33.0125 0984 NwlnkFlt - ok 22:14:33.0156 0984 22:14:33.0281 0984 NwlnkFwd - ok 22:14:33.0343 0984 22:14:33.0437 0984 Parport - ok 22:14:33.0500 0984 22:14:33.0609 0984 PartMgr - ok 22:14:33.0640 0984 22:14:33.0765 0984 ParVdm - ok 22:14:33.0843 0984 22:14:33.0875 0984 pccsmcfd - ok 22:14:33.0953 0984 22:14:34.0062 0984 PCI - ok 22:14:34.0093 0984 PCIDump - ok 22:14:34.0125 0984 22:14:34.0265 0984 PCIIde - ok 22:14:34.0296 0984 22:14:34.0406 0984 Pcmcia - ok 22:14:34.0437 0984 PDCOMP - ok 22:14:34.0453 0984 PDFRAME - ok 22:14:34.0468 0984 PDRELI - ok 22:14:34.0468 0984 PDRFRAME - ok 22:14:34.0484 0984 perc2 - ok 22:14:34.0500 0984 perc2hib - ok 22:14:34.0546 0984 22:14:34.0656 0984 PptpMiniport - ok 22:14:34.0687 0984 22:14:34.0796 0984 Processor - ok 22:14:34.0812 0984 22:14:34.0921 0984 PSched - ok 22:14:34.0953 0984 22:14:35.0078 0984 Ptilink - ok 22:14:35.0125 0984 22:14:35.0140 0984 PxHelp20 - ok 22:14:35.0156 0984 ql1080 - ok 22:14:35.0171 0984 Ql10wnt - ok 22:14:35.0187 0984 ql12160 - ok 22:14:35.0187 0984 ql1240 - ok 22:14:35.0203 0984 ql1280 - ok 22:14:35.0234 0984 22:14:35.0375 0984 RasAcd - ok 22:14:35.0421 0984 22:14:35.0531 0984 Rasl2tp - ok 22:14:35.0562 0984 22:14:35.0687 0984 RasPppoe - ok 22:14:35.0718 0984 22:14:35.0843 0984 Raspti - ok 22:14:35.0875 0984 22:14:36.0000 0984 Rdbss - ok 22:14:36.0015 0984 22:14:36.0140 0984 RDPCDD - ok 22:14:36.0203 0984 22:14:36.0328 0984 rdpdr - ok 22:14:36.0390 0984 22:14:36.0437 0984 RDPWD - ok 22:14:36.0500 0984 22:14:36.0609 0984 redbook - ok 22:14:36.0687 0984 22:14:36.0828 0984 ROOTMODEM - ok 22:14:36.0875 0984 22:14:36.0921 0984 RTLE8023xp - ok 22:14:37.0046 0984 22:14:37.0156 0984 Secdrv - ok 22:14:37.0218 0984 22:14:37.0328 0984 serenum - ok 22:14:37.0359 0984 22:14:37.0468 0984 Serial - ok 22:14:37.0546 0984 22:14:37.0656 0984 Sfloppy - ok 22:14:37.0671 0984 Simbad - ok 22:14:37.0703 0984 Sparrow - ok 22:14:37.0750 0984 22:14:37.0843 0984 splitter - ok 22:14:37.0890 0984 22:14:37.0890 0984 22:14:37.0890 0984 22:14:37.0890 0984 22:14:37.0953 0984 22:14:38.0062 0984 sr - ok 22:14:38.0125 0984 22:14:38.0218 0984 Srv - ok 22:14:38.0281 0984 22:14:38.0390 0984 swenum - ok 22:14:38.0437 0984 22:14:38.0562 0984 swmidi - ok 22:14:38.0578 0984 symc810 - ok 22:14:38.0578 0984 symc8xx - ok 22:14:38.0593 0984 sym_hi - ok 22:14:38.0609 0984 sym_u3 - ok 22:14:38.0625 0984 22:14:38.0750 0984 sysaudio - ok 22:14:38.0796 0984 22:14:38.0906 0984 Tcpip - ok 22:14:39.0000 0984 22:14:39.0109 0984 TDPIPE - ok 22:14:39.0140 0984 22:14:39.0250 0984 TDTCP - ok 22:14:39.0265 0984 22:14:39.0375 0984 TermDD - ok 22:14:39.0437 0984 TosIde - ok 22:14:39.0500 0984 22:14:39.0609 0984 Udfs - ok 22:14:39.0625 0984 ultra - ok 22:14:39.0671 0984 22:14:39.0812 0984 Update - ok 22:14:39.0875 0984 22:14:39.0984 0984 usbehci - ok 22:14:40.0015 0984 22:14:40.0125 0984 usbhub - ok 22:14:40.0140 0984 22:14:40.0234 0984 usbohci - ok 22:14:40.0265 0984 22:14:40.0390 0984 usbprint - ok 22:14:40.0468 0984 22:14:40.0578 0984 usbscan - ok 22:14:40.0593 0984 22:14:40.0703 0984 USBSTOR - ok 22:14:40.0765 0984 22:14:40.0765 0984 VComm - ok 22:14:40.0781 0984 22:14:40.0796 0984 VcommMgr - ok 22:14:40.0906 0984 22:14:41.0015 0984 VgaSave - ok 22:14:41.0015 0984 ViaIde - ok 22:14:41.0046 0984 22:14:41.0156 0984 VolSnap - ok 22:14:41.0203 0984 22:14:41.0312 0984 Wanarp - ok 22:14:41.0359 0984 22:14:41.0390 0984 Wdf01000 - ok 22:14:41.0437 0984 WDICA - ok 22:14:41.0484 0984 22:14:41.0578 0984 wdmaud - ok 22:14:41.0671 0984 22:14:41.0812 0984 WS2IFSL - ok 22:14:41.0843 0984 22:14:41.0890 0984 WudfPf - ok 22:14:41.0953 0984 22:14:41.0984 0984 WudfRd - ok 22:14:42.0031 0984 22:14:42.0234 0984 22:14:42.0234 0984 22:14:42.0234 0984 22:14:42.0265 0984 22:14:42.0265 0984 22:14:42.0265 0984 22:14:42.0265 0984 Scan finished 22:14:42.0265 0984 22:14:42.0390 1360 22:14:42.0390 1360 22:15:16.0812 1360 22:15:16.0812 1360 22:15:35.0796 2228 0.9.9.1665 Copyright© 2011 AVAST Software OS Version: Windows 5.1.2600 Service Pack 3 Number of processors: 2 586 0x6B02 ComputerName: RAINI4KA-014ACF UserName: Raini4ka AVAST engine defs: 12031600 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Disk 0 Vendor: ExcelStor_Technology_J9250S GM2OA52A Size: 238475MB BusType: 3 Disk 0 MBR read successfully Disk 0 Windows XP default MBR code Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114329 MB offset 63 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 124142 MB offset 234147375 Disk 0 scanning sectors +488392065 Disk 0 scanning C:\WINDOWS\system32\drivers Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32 Disk 0 trace - called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spfh.sys >>UNKNOWN [0x85587938]<< 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8547eab8] 3 CLASSPNP.SYS[f75dcfd7] -> nt!IofCallDriver -> \Device\0000007e[0x8553e510] 5 ACPI.sys[f735a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85483940] File: C:\Qoobox\Quarantine\C\Documents and Settings\Raini4ka\Local Settings\Application Data\aa8602a1\U\[email protected] **INFECTED** Win32:Sirefef-AO [Rtk] File: C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mrxsmb.sys.vir **INFECTED** Win32:Sirefef-PA [Rtk] Scan finished successfully Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Raini4ka\Desktop\MBR.dat" The log file has been saved successfully to "C:\Documents and Settings\Raini4ka\Desktop\aswMBR.txt" TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43 ============================================================ Current date / time: 2012/03/16 22:14:04.0406 OS Version: 5.1.2600 ServicePack: 3.0 Product type: Workstation ComputerName: RAINI4KA-014ACF UserName: Raini4ka Windows directory: C:\WINDOWS System windows directory: C:\WINDOWS Processor architecture: Intel x86 Number of processors: 2 Boot type: Normal boot ============================================================ Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 \Device\Harddisk0\DR0: \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF4CDF0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDF4CE2F, BlocksNum 0xF277752 Initialize success ============================================================ ============================================================ Mode: Manual; SigCheck; TDLFS; ============================================================ ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys ati2mtag (9a6bfd014090c96a2f3708d98e5a3f40) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys BlueletAudio (852a1bd08e7dfeb9e30b5440881c0501) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys BlueletSCOAudio (8fc27b12a02b43947787f0ef1885df9b) C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys BlueletSCOAudio - ok BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys Btcsrusb (da473d279420234170da795f1cad4479) C:\WINDOWS\system32\Drivers\btcusb.sys BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\WINDOWS\system32\Drivers\vbtenum.sys BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\WINDOWS\system32\Drivers\BTHidMgr.sys BTIAUSB (decb9dc9082d2bfb15b6010a94b48c40) C:\WINDOWS\system32\DRIVERS\btiausb.sys BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys BTPROT (fda982f929c6fb8da98bd27e96f0e618) C:\WINDOWS\system32\DRIVERS\btprot.sys cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys IntcAzAudAddService (8f924588c272fdaa28cf31a9bbc21a72) C:\WINDOWS\system32\drivers\RtkHDAud.sys IntcAzAudAddService - ok Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys IpFilterDriver - ok IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys RTLE8023xp (3400495f5b219d5153c770a95499579c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9 sptd ( LockedFile.Multi.Generic ) - warning sptd - detected LockedFile.Multi.Generic (1) sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS VComm (51750b0539986186c6931fc40d171521) C:\WINDOWS\system32\DRIVERS\VComm.sys VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\WINDOWS\system32\Drivers\VcommMgr.sys VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 \Device\Harddisk0\DR0 - ok Boot (0x1200) (e80369fd896a59daeefabd5e1a316fcc) \Device\Harddisk0\DR0\Partition0 \Device\Harddisk0\DR0\Partition0 - ok Boot (0x1200) (876232f233e786cbf1bfc0cdd86afbbf) \Device\Harddisk0\DR0\Partition1 \Device\Harddisk0\DR0\Partition1 - ok ============================================================ ============================================================ Detected object count: 1 Actual detected object count: 1 sptd ( LockedFile.Multi.Generic ) - skipped by user sptd ( LockedFile.Multi.Generic ) - User select action: Skip Deinitialize success

Цитирай

icotonev

HJT Team

Пол:Мъж
Град:гр.Ямбол
Интереси:Malware Removal, Security Analyst, Malware Hunters,Trusted Helper

17 март 201214 г.

Прекрасно..!

Изтеглете OTL.exe и го запазете на десктопа.

Стартирайте OTL (ако е необходимо, потвърдете през UAC).
Направете следните настройки:
Сложете отметка пред Scan All Users
Под менюто File Age => изберете 90 days
Под менюто Standard Registry => променете на ALL
Сложете отметки пред LOP и Purity Check

Под

с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Application Data\*.*
%USERPROFILE%\Local Settings\Application Data\*.*
%AllUsersProfile%\*.*
%AllUsersProfile%\Application Data\*.*
%USERPROFILE%\My Documents\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\config\systemprofile\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
%windir%\temp*.*
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_MSIL\*.* /S /MD5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
/md5start
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
atapi.sys
iaStor.sys
serial.sys
disk.sys
volsnap.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
tcpip.sys
ipsec.sys
hlp.dat
/md5stop

Натиснете маркираният в синьо бутон: Run Scan.
Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията "прикачени файлове", когато публикувате мнение).

Цитирай

19 март 201214 г.

Автор

Заповядайте!

OTL.Txt

Extras.Txt

Цитирай

icotonev

HJT Team

Пол:Мъж
Град:гр.Ямбол
Интереси:Malware Removal, Security Analyst, Malware Hunters,Trusted Helper

19 март 201214 г.

Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

:OTL
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CSRBC.dll -- (zpjava)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvalz.dll -- (zd1211u(zydas))
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQLWriter.dll -- (z525bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mskservice.dll -- (WmFilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpqalert.dll -- (wlancig)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sis162u.dll -- (windowblinds)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmap.dll -- (wg4n)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\clsched.dll -- (websenseclientdeployservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Pcatip.dll -- (wandrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UDFReadr.dll -- (w800obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\InterBaseServer.dll -- (vzupsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\icraplus.dll -- (vsmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btfirst.dll -- (VMAUDIO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hsf_dpv.dll -- (VAIOMediaPlatform-PhotoServer-HTTP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATWPKT2.dll -- (USB_RNDIS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\2wirepcp.dll -- (UpdateCenterService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symantecantibotshim.dll -- (uleadburninghelper)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pcnet.dll -- (transarcafsdaemon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websenseuserservice.dll -- (tosrfusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SISNICXP.dll -- (tbhsd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HidBth.dll -- (symfw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NwSapAgent.dll -- (SWNC5E00)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\phnxvcdservice.dll -- (stac97)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SISNICXP.dll -- (sonypvs1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\uphclean.dll -- (sonicatheaterinstallerservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s716mdm.dll -- (snmptrapdservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ssm_bus.dll -- (snapman380)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atitool.dll -- (smbios)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\procexp90.dll -- (slimsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UsbserFilt.dll -- (sfusvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mrvw245.dll -- (SECYPUSB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvmpu401.dll -- (se58obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dklogger.dll -- (se44bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\idsvc.dll -- (SE2Emgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se59mgmt.dll -- (SE2Bbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lgsnd_filter.dll -- (SE27mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AtlsAud.dll -- (sdbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxrjd31d.dll -- (ScFBPNT3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mskssrv.dll -- (ScanUSBEMPIA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\JRAID.dll -- (SbieDrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viaide.dll -- (sandradatasrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlcf_device.dll -- (rt73)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se2End5.dll -- (RimSerPort)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\netw4x32.dll -- (retrowdsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Bmgmt.dll -- (retinaengine)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\clisvc.dll -- (regservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eaps2kbd.dll -- (radclock)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wtwservice.dll -- (QWAVE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Maplom.dll -- (ql2100)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sffdisk.dll -- (PTDCVsp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\battc.dll -- (phnxvcdservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\incdpass.dll -- (pdlnshay)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pivot.dll -- (pdlnatdl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dktknsrv.dll -- (pclepci)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\XAudio.dll -- (PCISys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mvdcodec.dll -- (oracleorahomeagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmigameport.dll -- (ood2000)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eskerlicensecontrol.dll -- (ofcpfwsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctxhttp.dll -- (npkcusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATSWPDRV.dll -- (nimcdldu)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\flpydisk.dll -- (netrcacm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvrd64.dll -- (netdevio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USRpdA.dll -- (ndassvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\issuser.dll -- (mwlsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\syntp.dll -- (MSMQ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NxNetMon.dll -- (motmodem)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvpr2mon.dll -- (meiudf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecrpcservice.dll -- (mcredirector)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ziptoa.dll -- (mcdetect.exe)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosrfbnp.dll -- (M3AD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vsapint.dll -- (lxbs_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symantecantibotwatcher.dll -- (lvprcsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlcc_device.dll -- (LUsbKbd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\trayman.dll -- (logonsvcid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\enecbpth.dll -- (lmimirr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmuda.dll -- (L6POD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmpci.dll -- (jtagserver)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\irmon.dll -- (irmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UDFReadr.dll -- (ipassconnectengine)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\d-link_st3402.dll -- (iksyssec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TCtrlIO.dll -- (ikfilesec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bufserv.dll -- (ihcservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vrmonsvc.dll -- (ibmpmsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pgfilter.dll -- (ibmfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FETNDIS.dll -- (iaimtv2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimfp3.dll -- (i81x)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlndoem.dll -- (HpqRemHid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tiwlnsvc.dll -- (hpdskflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mqdmmdfl.dll -- (houdiniserver)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavdrv.dll -- (gtndis5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\n558.dll -- (GT680x)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\netmnt.dll -- (gotomypc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eliservice.dll -- (fgdxbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DCamUSBEMPIA.dll -- (fallback)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MobilePreInstallerService.dll -- (epson_pm_rpcv4_01)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pmsveh.dll -- (EPOWER)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bc_prt_f.dll -- (epgspooler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s716nd5.dll -- (eamon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\webrootenterpriseclientservice.dll -- (dxdebug)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AR5523.dll -- (dvd-ram_service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nsengine.dll -- (dnserver32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sisperf.dll -- (dlacdbhm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcd_device.dll -- (djsnetcn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mssql$soshome22.dll -- (DC21x4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbio.dll -- (curtainssyssvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se59mdfl.dll -- (CTSBLFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ssrtln.dll -- (CTMMOUNT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\maya70docserver.dll -- (CTMFLT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DCamUSBEMPIA.dll -- (CTEAPSFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TryAndDecideService.dll -- (cpucoolserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\erecoveryservice.dll -- (cpqfws2e)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DSDrv4.dll -- (com0com)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pxhelp20.dll -- (CoachVc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ca-messagequeuing.dll -- (client32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MASPINT.dll -- (Cinemsup)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w800mdfl.dll -- (cebdaldr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DN2AKNET.dll -- (cdralw2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mqdmmdm.dll -- (CdaC15BA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\processor.dll -- (ccproxy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s616mgmt.dll -- (CAMCHALA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lmouflt2.dll -- (bvrp_pci)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wwnetdde.dll -- (BUFADPT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ofcpfwsvc.dll -- (BrSerIf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecdevicemediaservice.dll -- (bridge)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wmp54gv4svc.dll -- (bglivesvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQLAgent$MICROSOFTSMLBIZ.dll -- (beatjamupnpmusicserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\liveupdate.dll -- (bdpredir)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Mvc25U870_VID_1262&PID_25FD.dll -- (bcserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnslea.dll -- (backupexecagentbrowser)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ultra66.dll -- (awecho)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vzupsvc.dll -- (AVCSTRM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qserver.dll -- (ATWPKT2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acs.dll -- (AtiPcie)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s125mdm.dll -- (application)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndis.dll -- (Alpham2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smservaz.dll -- (aic116x)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\transcode360.dll -- (adobeactivefilemonitor5.0)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\msfs.dll -- (adiloader)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winpower.dll -- (aavmker4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\autocomplete.dll -- (aaksrv)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.

:Reg

:files

autorun.inf /alldrives
autorun.exe /alldrives
recycler /alldrives
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[clearallrestorepoints]
[emptyflash]
[Reboot]

След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

Цитирай

20 март 201214 г.

Автор

All processes killed

========== OTL ==========

Service zpjava stopped successfully!

Service zpjava deleted successfully!

File %systemroot%\system32\CSRBC.dll not found.

Service zd1211u(zydas) stopped successfully!

Service zd1211u(zydas) deleted successfully!

File %systemroot%\system32\tvalz.dll not found.

Service z525bus stopped successfully!

Service z525bus deleted successfully!

File %systemroot%\system32\SQLWriter.dll not found.

Service WmFilter stopped successfully!

Service WmFilter deleted successfully!

File %systemroot%\system32\mskservice.dll not found.

Service wlancig stopped successfully!

Service wlancig deleted successfully!

File %systemroot%\system32\cpqalert.dll not found.

Service windowblinds stopped successfully!

Service windowblinds deleted successfully!

File %systemroot%\system32\sis162u.dll not found.

Service wg4n stopped successfully!

Service wg4n deleted successfully!

File %systemroot%\system32\nmap.dll not found.

Service websenseclientdeployservice stopped successfully!

Service websenseclientdeployservice deleted successfully!

File %systemroot%\system32\clsched.dll not found.

Service wandrv stopped successfully!

Service wandrv deleted successfully!

File %systemroot%\system32\Pcatip.dll not found.

Service w800obex stopped successfully!

Service w800obex deleted successfully!

File %systemroot%\system32\UDFReadr.dll not found.

Service vzupsvc stopped successfully!

Service vzupsvc deleted successfully!

File %systemroot%\system32\InterBaseServer.dll not found.

Service vsmon stopped successfully!

Service vsmon deleted successfully!

File %systemroot%\system32\icraplus.dll not found.

Service VMAUDIO stopped successfully!

Service VMAUDIO deleted successfully!

File %systemroot%\system32\btfirst.dll not found.

Service VAIOMediaPlatform-PhotoServer-HTTP stopped successfully!

Service VAIOMediaPlatform-PhotoServer-HTTP deleted successfully!

File %systemroot%\system32\hsf_dpv.dll not found.

Service USB_RNDIS stopped successfully!

Service USB_RNDIS deleted successfully!

File %systemroot%\system32\ATWPKT2.dll not found.

Service UpdateCenterService stopped successfully!

Service UpdateCenterService deleted successfully!

File %systemroot%\system32\2wirepcp.dll not found.

Service uleadburninghelper stopped successfully!

Service uleadburninghelper deleted successfully!

File %systemroot%\system32\symantecantibotshim.dll not found.

Service transarcafsdaemon stopped successfully!

Service transarcafsdaemon deleted successfully!

File %systemroot%\system32\pcnet.dll not found.

Service tosrfusb stopped successfully!

Service tosrfusb deleted successfully!

File %systemroot%\system32\websenseuserservice.dll not found.

Service tbhsd stopped successfully!

Service tbhsd deleted successfully!

File %systemroot%\system32\SISNICXP.dll not found.

Service symfw stopped successfully!

Service symfw deleted successfully!

File %systemroot%\system32\HidBth.dll not found.

Service SWNC5E00 stopped successfully!

Service SWNC5E00 deleted successfully!

File %systemroot%\system32\NwSapAgent.dll not found.

Service stac97 stopped successfully!

Service stac97 deleted successfully!

File %systemroot%\system32\phnxvcdservice.dll not found.

Service sonypvs1 stopped successfully!

Service sonypvs1 deleted successfully!

File %systemroot%\system32\SISNICXP.dll not found.

Service sonicatheaterinstallerservice stopped successfully!

Service sonicatheaterinstallerservice deleted successfully!

File %systemroot%\system32\uphclean.dll not found.

Service snmptrapdservice stopped successfully!

Service snmptrapdservice deleted successfully!

File %systemroot%\system32\s716mdm.dll not found.

Service snapman380 stopped successfully!

Service snapman380 deleted successfully!

File %systemroot%\system32\ssm_bus.dll not found.

Service smbios stopped successfully!

Service smbios deleted successfully!

File %systemroot%\system32\atitool.dll not found.

Service slimsvc stopped successfully!

Service slimsvc deleted successfully!

File %systemroot%\system32\procexp90.dll not found.

Service sfusvc stopped successfully!

Service sfusvc deleted successfully!

File %systemroot%\system32\UsbserFilt.dll not found.

Service SECYPUSB stopped successfully!

Service SECYPUSB deleted successfully!

File %systemroot%\system32\mrvw245.dll not found.

Service se58obex stopped successfully!

Service se58obex deleted successfully!

File %systemroot%\system32\nvmpu401.dll not found.

Service se44bus stopped successfully!

Service se44bus deleted successfully!

File %systemroot%\system32\dklogger.dll not found.

Service SE2Emgmt stopped successfully!

Service SE2Emgmt deleted successfully!

File %systemroot%\system32\idsvc.dll not found.

Service SE2Bbus stopped successfully!

Service SE2Bbus deleted successfully!

File %systemroot%\system32\se59mgmt.dll not found.

Service SE27mdfl stopped successfully!

Service SE27mdfl deleted successfully!

File %systemroot%\system32\lgsnd_filter.dll not found.

Service sdbus stopped successfully!

Service sdbus deleted successfully!

File %systemroot%\system32\AtlsAud.dll not found.

Service ScFBPNT3 stopped successfully!

Service ScFBPNT3 deleted successfully!

File %systemroot%\system32\lxrjd31d.dll not found.

Service ScanUSBEMPIA stopped successfully!

Service ScanUSBEMPIA deleted successfully!

File %systemroot%\system32\mskssrv.dll not found.

Service SbieDrv stopped successfully!

Service SbieDrv deleted successfully!

File %systemroot%\system32\JRAID.dll not found.

Service sandradatasrv stopped successfully!

Service sandradatasrv deleted successfully!

File %systemroot%\system32\viaide.dll not found.

Service rt73 stopped successfully!

Service rt73 deleted successfully!

File %systemroot%\system32\dlcf_device.dll not found.

Service RimSerPort stopped successfully!

Service RimSerPort deleted successfully!

File %systemroot%\system32\se2End5.dll not found.

Service retrowdsvc stopped successfully!

Service retrowdsvc deleted successfully!

File %systemroot%\system32\netw4x32.dll not found.

Service retinaengine stopped successfully!

Service retinaengine deleted successfully!

File %systemroot%\system32\SE2Bmgmt.dll not found.

Service regservice stopped successfully!

Service regservice deleted successfully!

File %systemroot%\system32\clisvc.dll not found.

Service radclock stopped successfully!

Service radclock deleted successfully!

File %systemroot%\system32\eaps2kbd.dll not found.

Service QWAVE stopped successfully!

Service QWAVE deleted successfully!

File %systemroot%\system32\wtwservice.dll not found.

Service ql2100 stopped successfully!

Service ql2100 deleted successfully!

File %systemroot%\system32\Maplom.dll not found.

Service PTDCVsp stopped successfully!

Service PTDCVsp deleted successfully!

File %systemroot%\system32\sffdisk.dll not found.

Service phnxvcdservice stopped successfully!

Service phnxvcdservice deleted successfully!

File %systemroot%\system32\battc.dll not found.

Service pdlnshay stopped successfully!

Service pdlnshay deleted successfully!

File %systemroot%\system32\incdpass.dll not found.

Service pdlnatdl stopped successfully!

Service pdlnatdl deleted successfully!

File %systemroot%\system32\pivot.dll not found.

Service pclepci stopped successfully!

Service pclepci deleted successfully!

File %systemroot%\system32\dktknsrv.dll not found.

Service PCISys stopped successfully!

Service PCISys deleted successfully!

File %systemroot%\system32\XAudio.dll not found.

Service oracleorahomeagent stopped successfully!

Service oracleorahomeagent deleted successfully!

File %systemroot%\system32\mvdcodec.dll not found.

Service ood2000 stopped successfully!

Service ood2000 deleted successfully!

File %systemroot%\system32\cmigameport.dll not found.

Service ofcpfwsvc stopped successfully!

Service ofcpfwsvc deleted successfully!

File %systemroot%\system32\eskerlicensecontrol.dll not found.

Service npkcusb stopped successfully!

Service npkcusb deleted successfully!

File %systemroot%\system32\ctxhttp.dll not found.

Service nimcdldu stopped successfully!

Service nimcdldu deleted successfully!

File %systemroot%\system32\ATSWPDRV.dll not found.

Service netrcacm stopped successfully!

Service netrcacm deleted successfully!

File %systemroot%\system32\flpydisk.dll not found.

Service netdevio stopped successfully!

Service netdevio deleted successfully!

File %systemroot%\system32\nvrd64.dll not found.

Service ndassvc stopped successfully!

Service ndassvc deleted successfully!

File %systemroot%\system32\USRpdA.dll not found.

Service mwlsvc stopped successfully!

Service mwlsvc deleted successfully!

File %systemroot%\system32\issuser.dll not found.

Service MSMQ stopped successfully!

Service MSMQ deleted successfully!

File %systemroot%\system32\syntp.dll not found.

Service motmodem stopped successfully!

Service motmodem deleted successfully!

File %systemroot%\system32\NxNetMon.dll not found.

Service meiudf stopped successfully!

Service meiudf deleted successfully!

File %systemroot%\system32\lvpr2mon.dll not found.

Service mcredirector stopped successfully!

Service mcredirector deleted successfully!

File %systemroot%\system32\backupexecrpcservice.dll not found.

Service mcdetect.exe stopped successfully!

Service mcdetect.exe deleted successfully!

File %systemroot%\system32\ziptoa.dll not found.

Service M3AD stopped successfully!

Service M3AD deleted successfully!

File %systemroot%\system32\tosrfbnp.dll not found.

Service lxbs_device stopped successfully!

Service lxbs_device deleted successfully!

File %systemroot%\system32\vsapint.dll not found.

Service lvprcsrv stopped successfully!

Service lvprcsrv deleted successfully!

File %systemroot%\system32\symantecantibotwatcher.dll not found.

Service LUsbKbd stopped successfully!

Service LUsbKbd deleted successfully!

File %systemroot%\system32\dlcc_device.dll not found.

Service logonsvcid stopped successfully!

Service logonsvcid deleted successfully!

File %systemroot%\system32\trayman.dll not found.

Service lmimirr stopped successfully!

Service lmimirr deleted successfully!

File %systemroot%\system32\enecbpth.dll not found.

Service L6POD stopped successfully!

Service L6POD deleted successfully!

File %systemroot%\system32\cmuda.dll not found.

Service jtagserver stopped successfully!

Service jtagserver deleted successfully!

File %systemroot%\system32\cmpci.dll not found.

Service irmon stopped successfully!

Service irmon deleted successfully!

File %SystemRoot%\System32\irmon.dll not found.

Service ipassconnectengine stopped successfully!

Service ipassconnectengine deleted successfully!

File %systemroot%\system32\UDFReadr.dll not found.

Service iksyssec stopped successfully!

Service iksyssec deleted successfully!

File %systemroot%\system32\d-link_st3402.dll not found.

Service ikfilesec stopped successfully!

Service ikfilesec deleted successfully!

File %systemroot%\system32\TCtrlIO.dll not found.

Service ihcservice stopped successfully!

Service ihcservice deleted successfully!

File %systemroot%\system32\bufserv.dll not found.

Service ibmpmsvc stopped successfully!

Service ibmpmsvc deleted successfully!

File %systemroot%\system32\vrmonsvc.dll not found.

Service ibmfilter stopped successfully!

Service ibmfilter deleted successfully!

File %systemroot%\system32\pgfilter.dll not found.

Service iaimtv2 stopped successfully!

Service iaimtv2 deleted successfully!

File %systemroot%\system32\FETNDIS.dll not found.

Service i81x stopped successfully!

Service i81x deleted successfully!

File %systemroot%\system32\iaimfp3.dll not found.

Service HpqRemHid stopped successfully!

Service HpqRemHid deleted successfully!

File %systemroot%\system32\pdlndoem.dll not found.

Service hpdskflt stopped successfully!

Service hpdskflt deleted successfully!

File %systemroot%\system32\tiwlnsvc.dll not found.

Service houdiniserver stopped successfully!

Service houdiniserver deleted successfully!

File %systemroot%\system32\mqdmmdfl.dll not found.

Service HidServ stopped successfully!

Service HidServ deleted successfully!

File %SystemRoot%\System32\hidserv.dll not found.

Service helpsvc stopped successfully!

Service helpsvc deleted successfully!

File %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll not found.

Service gtndis5 stopped successfully!

Service gtndis5 deleted successfully!

File %systemroot%\system32\pavdrv.dll not found.

Service GT680x stopped successfully!

Service GT680x deleted successfully!

File %systemroot%\system32\n558.dll not found.

Service gotomypc stopped successfully!

Service gotomypc deleted successfully!

File %systemroot%\system32\netmnt.dll not found.

Service fgdxbus stopped successfully!

Service fgdxbus deleted successfully!

File %systemroot%\system32\eliservice.dll not found.

Service fallback stopped successfully!

Service fallback deleted successfully!

File %systemroot%\system32\DCamUSBEMPIA.dll not found.

Service epson_pm_rpcv4_01 stopped successfully!

Service epson_pm_rpcv4_01 deleted successfully!

File %systemroot%\system32\MobilePreInstallerService.dll not found.

Service EPOWER stopped successfully!

Service EPOWER deleted successfully!

File %systemroot%\system32\pmsveh.dll not found.

Service epgspooler stopped successfully!

Service epgspooler deleted successfully!

File %systemroot%\system32\bc_prt_f.dll not found.

Service eamon stopped successfully!

Service eamon deleted successfully!

File %systemroot%\system32\s716nd5.dll not found.

Service dxdebug stopped successfully!

Service dxdebug deleted successfully!

File %systemroot%\system32\webrootenterpriseclientservice.dll not found.

Service dvd-ram_service stopped successfully!

Service dvd-ram_service deleted successfully!

File %systemroot%\system32\AR5523.dll not found.

Service dnserver32 stopped successfully!

Service dnserver32 deleted successfully!

File %systemroot%\system32\nsengine.dll not found.

Service dlacdbhm stopped successfully!

Service dlacdbhm deleted successfully!

File %systemroot%\system32\sisperf.dll not found.

Service djsnetcn stopped successfully!

Service djsnetcn deleted successfully!

File %systemroot%\system32\lxcd_device.dll not found.

Service DC21x4 stopped successfully!

Service DC21x4 deleted successfully!

File %systemroot%\system32\mssql$soshome22.dll not found.

Service curtainssyssvc stopped successfully!

Service curtainssyssvc deleted successfully!

File %systemroot%\system32\usbio.dll not found.

Service CTSBLFX.DLL stopped successfully!

Service CTSBLFX.DLL deleted successfully!

File %systemroot%\system32\se59mdfl.dll not found.

Service CTMMOUNT stopped successfully!

Service CTMMOUNT deleted successfully!

File %systemroot%\system32\ssrtln.dll not found.

Service CTMFLT stopped successfully!

Service CTMFLT deleted successfully!

File %systemroot%\system32\maya70docserver.dll not found.

Service CTEAPSFX.DLL stopped successfully!

Service CTEAPSFX.DLL deleted successfully!

File %systemroot%\system32\DCamUSBEMPIA.dll not found.

Service cpucoolserver stopped successfully!

Service cpucoolserver deleted successfully!

File %systemroot%\system32\TryAndDecideService.dll not found.

Service cpqfws2e stopped successfully!

Service cpqfws2e deleted successfully!

File %systemroot%\system32\erecoveryservice.dll not found.

Service com0com stopped successfully!

Service com0com deleted successfully!

File %systemroot%\system32\DSDrv4.dll not found.

Service CoachVc stopped successfully!

Service CoachVc deleted successfully!

File %systemroot%\system32\pxhelp20.dll not found.

Service client32 stopped successfully!

Service client32 deleted successfully!

File %systemroot%\system32\ca-messagequeuing.dll not found.

Service Cinemsup stopped successfully!

Service Cinemsup deleted successfully!

File %systemroot%\system32\MASPINT.dll not found.

Service cebdaldr stopped successfully!

Service cebdaldr deleted successfully!

File %systemroot%\system32\w800mdfl.dll not found.

Service cdralw2k stopped successfully!

Service cdralw2k deleted successfully!

File %systemroot%\system32\DN2AKNET.dll not found.

Service CdaC15BA stopped successfully!

Service CdaC15BA deleted successfully!

File %systemroot%\system32\mqdmmdm.dll not found.

Service ccproxy stopped successfully!

Service ccproxy deleted successfully!

File %systemroot%\system32\processor.dll not found.

Service CAMCHALA stopped successfully!

Service CAMCHALA deleted successfully!

File %systemroot%\system32\s616mgmt.dll not found.

Service bvrp_pci stopped successfully!

Service bvrp_pci deleted successfully!

File %systemroot%\system32\lmouflt2.dll not found.

Service BUFADPT stopped successfully!

Service BUFADPT deleted successfully!

File %systemroot%\system32\wwnetdde.dll not found.

Service BrSerIf stopped successfully!

Service BrSerIf deleted successfully!

File %systemroot%\system32\ofcpfwsvc.dll not found.

Service bridge stopped successfully!

Service bridge deleted successfully!

File %systemroot%\system32\backupexecdevicemediaservice.dll not found.

Service bglivesvc stopped successfully!

Service bglivesvc deleted successfully!

File %systemroot%\system32\wmp54gv4svc.dll not found.

Service beatjamupnpmusicserver stopped successfully!

Service beatjamupnpmusicserver deleted successfully!

File %systemroot%\system32\SQLAgent$MICROSOFTSMLBIZ.dll not found.

Service bdpredir stopped successfully!

Service bdpredir deleted successfully!

File %systemroot%\system32\liveupdate.dll not found.

Service bcserver stopped successfully!

Service bcserver deleted successfully!

File %systemroot%\system32\Mvc25U870_VID_1262&PID_25FD.dll not found.

Service backupexecagentbrowser stopped successfully!

Service backupexecagentbrowser deleted successfully!

File %systemroot%\system32\pdlnslea.dll not found.

Service awecho stopped successfully!

Service awecho deleted successfully!

File %systemroot%\system32\ultra66.dll not found.

Service AVCSTRM stopped successfully!

Service AVCSTRM deleted successfully!

File %systemroot%\system32\vzupsvc.dll not found.

Service ATWPKT2 stopped successfully!

Service ATWPKT2 deleted successfully!

File %systemroot%\system32\qserver.dll not found.

Service AtiPcie stopped successfully!

Service AtiPcie deleted successfully!

File %systemroot%\system32\acs.dll not found.

Service application stopped successfully!

Service application deleted successfully!

File %systemroot%\system32\s125mdm.dll not found.

Service Alpham2 stopped successfully!

Service Alpham2 deleted successfully!

File %systemroot%\system32\ndis.dll not found.

Service aic116x stopped successfully!

Service aic116x deleted successfully!

File %systemroot%\system32\smservaz.dll not found.

Service adobeactivefilemonitor5.0 stopped successfully!

Service adobeactivefilemonitor5.0 deleted successfully!

File %systemroot%\system32\transcode360.dll not found.

Service adiloader stopped successfully!

Service adiloader deleted successfully!

File %systemroot%\system32\msfs.dll not found.

Service aavmker4 stopped successfully!

Service aavmker4 deleted successfully!

File %systemroot%\system32\winpower.dll not found.

Service aaksrv stopped successfully!

Service aaksrv deleted successfully!

File %systemroot%\system32\autocomplete.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.

========== REGISTRY ==========

========== FILES ==========

autorun.inf not found in C:\

autorun.inf not found in E:\

autorun.exe not found in C:\

autorun.exe not found in E:\

recycler not found in C:\

E:\RECYCLER\S-1-5-21-448539723-861567501-839522115-500 folder moved successfully.

E:\RECYCLER\S-1-5-21-448539723-861567501-839522115-1003 folder moved successfully.

E:\RECYCLER folder moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Raini4ka\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Raini4ka\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->FireFox cache emptied: 32896343 bytes

->Flash cache emptied: 434 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 466 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Raini4ka

->Temp folder emptied: 80628634 bytes

->Temporary Internet Files folder emptied: 51442906 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 237888649 bytes

->Flash cache emptied: 9475 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2163087 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 328 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 586271 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 387,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore points cleared and new OTL Restore Point set!

[EMPTYFLASH]

User: Administrator

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

->Flash cache emptied: 0 bytes

User: NetworkService

User: Raini4ka

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.39.1 log created on 03202012_165601

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Цитирай

icotonev

HJT Team

Пол:Мъж
Град:гр.Ямбол
Интереси:Malware Removal, Security Analyst, Malware Hunters,Trusted Helper

20 март 201214 г.

Идеално...!

Как е системата сега? Наблюдавате ли някъкви проблеми..?

Следват контролни сканирания:

Изтеглете Malwarebytes' Anti-Malware или от тук

* Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.

* Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.

* Ако има намерени обновявания, тя ще ги изтегли и инсталира.

* Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.

* Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.

* Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

* Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

* Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

Изтеглете програмата: ESET Online Scanner

Стартирайте esetsmartinstaller_enu.exe
Сложете отметка на YES, I accept the Terms of Use и изберете Start:
Скенерът ще започне да изтегля компонентите, които са му необходими:
Уверете се, че има отметки на следните редове:

Накрая изберете Start
Скенерът ще започне да изтегля последните дефиниции.
След, като сканирането завърши изберете Finish.
Отидете в: C:\Program Files\ESET\ESET Online Scanner
Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си коментар.

Цитирай

20 март 201214 г.

Автор

MBAM Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.20.06 Windows XP Service Pack 3 x86 NTFS (Safe Mode) Internet Explorer 8.0.6001.18702 Administrator :: RAINI4KA-014ACF [administrator] 3/20/2012 6:05:47 PM mbam-log-2012-03-20 (18-05-47).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 221799 Time elapsed: 1 hour(s), 7 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESET ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=48cc89ef37b38f469bc9d6a33123c73d # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-03-20 03:56:41 # local_time=2012-03-20 05:56:41 (+0200, FLE Standard Time) # country="Bulgaria" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=768 16777215 100 0 0 0 0 0 # compatibility_mode=1024 16777175 100 0 8374202 8374202 0 0 # compatibility_mode=8192 67108863 100 0 3785 3785 0 0 # scanned=41073 # found=3 # cleaned=3 # scan_time=2546 C:\Documents and Settings\Raini4ka\My Documents\snimki skype\Picture18.JPG.zip Win32/Gyimface.A worm (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Raini4ka\Local Settings\Application Data\aa8602a1\U\[email protected] a variant of Win32/Agent.TEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mrxsmb.sys.vir Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Обърках се и първо пуснах есет-скенера, дано не е проблем. Системата още след комбо или тдскилъра си пролича, не помня кое точно помогна. Благодаря!

Цитирай

icotonev

HJT Team

Пол:Мъж
Град:гр.Ямбол
Интереси:Malware Removal, Security Analyst, Malware Hunters,Trusted Helper

20 март 201214 г.

Радвам се....има още нещо което искам да проверя и ще се ориантираме към приключване..!

Изтеглете Junction.zip и го разархивирайте в папка на десктопа.
Копирайте файла Junction.exe в C:\Windows
Отидете до Start => Run... => въведете командата отдолу с Copy/Paste и натиснете OK

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

Изчакайте проверката да завърши и да се появи лог файла.
Копирайте съдържанието му в следващия си пост.

Цитирай

20 март 201214 г.

Автор

Junction v1.06 - Windows junction creator and reparse point viewer Copyright © 2000-2010 Mark Russinovich Sysinternals - www.sysinternals.com Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process. ... ... ... ... ... ... ... ... ... ... Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied. ... ... ...\\?\c:\\WINDOWS\$NtUninstallKB22488$\1991837164: SYMBOLIC LINK Print Name : c:\windows\system32\config Substitute Name: \systemroot\system32\config ..\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 .\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e ... ... ... ... ... ... ... ... ..

Цитирай

icotonev

HJT Team

Пол:Мъж
Град:гр.Ямбол
Интереси:Malware Removal, Security Analyst, Malware Hunters,Trusted Helper

20 март 201214 г.

Тук има една папка..която трябва да изтрием..!

Изтеглете и направете една проверка с yorkyt.exe

Стартирайте файла и рестартирайте за да се инсталира драйвъра.

След края на проверката може да се наложи нов рестарт за завършване на почистването.

Публикувайте логфайл с резултата в следващия си пост..!

Цитирай

20 март 201214 г.

Автор

много бил дълъг коментара, не мога и да го прикача. Казва алл доне накрая ама сигурно ще искате да го видите.

Редактирано 20 март 201214 г. от icotonev (преглед на промените)

Цитирай

icotonev

HJT Team

Пол:Мъж
Град:гр.Ямбол
Интереси:Malware Removal, Security Analyst, Malware Hunters,Trusted Helper

20 март 201214 г.

Архивирайте го и го качете на някй сървър ..например тук: http://www.zippyshare.com/

Цитирай

20 март 201214 г.

Автор

http://www54.zippyshare.com/v/89670607/file.html

Цитирай

icotonev

HJT Team

Пол:Мъж
Град:гр.Ямбол
Интереси:Malware Removal, Security Analyst, Malware Hunters,Trusted Helper

20 март 201214 г.

За съжаление инструмента не се е справил...Упорита папка....Ще опитаме по друг начин..!

Изтеглете inherit.exe от sUBs и го запазете на десктопа си.

Отворете Start => Run => въведете с copy/paste командата:

"%userprofile%\desktop\inherit.exe" "c:\WINDOWS\$NtUninstallKB22488$\1991837164"

И натиснете ОК.

Повторете командата с тази:

"%userprofile%\desktop\inherit.exe" "c:\WINDOWS\$NtUninstallKB22488$"

След това изпълнете тази команда:

fsutil reparsepoint delete c:\WINDOWS\$NtUninstallKB22488$

Натиснете Enter

Ако всичко мине без грешка и проблеми изпълнете:

Стартирайте файла с двукратен клик на мишката.
Под с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

:files
rd /s/q c:\WINDOWS\$NtUninstallKB22488$ /c
:commands
[reboot]

След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

Цитирай

20 март 201214 г.

Автор

мисля е това:

========== FILES ==========

< rd /s/q c:WINDOWS$NtUninstallKB22488$ /c >

C:Documents and SettingsRaini4kaDesktopcmd.bat deleted successfully.

C:Documents and SettingsRaini4kaDesktopcmd.txt deleted successfully.

========== COMMANDS ==========

OTL by OldTimer - Version 3.2.39.1 log created on 03202012_215807

Цитирай

icotonev

HJT Team

Пол:Мъж
Град:гр.Ямбол
Интереси:Malware Removal, Security Analyst, Malware Hunters,Trusted Helper

20 март 201214 г.

Не, повторете отново всичко от предния ми пост....На финала сме..!

Цитирай

20 март 201214 г.

Автор

на 3тия старт->рън, нищо не излиза като съобщение, не знам дали е от това. бебчо трябва да спи, ще продължа утре... Благодаря!

Цитирай

icotonev

HJT Team

Пол:Мъж
Град:гр.Ямбол
Интереси:Malware Removal, Security Analyst, Malware Hunters,Trusted Helper

20 март 201214 г.

Ок ....утре ще довършим.....имаме работа за половин час...!Лека вечер..!

Цитирай

26 март 201214 г.

Автор

Моля да ме извините за забавянето... Пак направих процедурата (пост 20), и единствения лог след рестарта е в папката на ОТЛ, а предполагам трябва на десктопа да е?

Цитирай

Добре дошли!

ZeroAccess [ПРИКЛЮЧЕН]

Featured Replies

Архивирана тема

Разглеждащи това в момента 0

Дарение

Бюлетин

Профил

Навигация

Търсене

Конфигуриране на push известия в браузъра

Chrome (Android)

Chrome (Desktop)

Safari (iOS 16.4+)

Safari (macOS)

Edge (Android)

Edge (Desktop)

Firefox (Android)

Firefox (Desktop)