Имам вируси, а не мога да се справя сама, моля помогнете

[Danielle Dion Knowles]

Къде да ги търся тези логфайлове? Имам два файла hiberfil.sys , pagefile.sys Предполагам не е това? И тези wininit... какво да ги правя като ги отворя? Съжалявам за може би глупавите въпроси, но не разбирам много попринцип.

[B-boy/StyLe/]

Лог файловете са точно там, където съм посочил в снимката.

Отворете събитията от Wininit и копирайте съдържанието на прозорците в следващия си пост.

 

http://img5.imageshack.us/img5/4893/image000f.png

 

Бтв и има ли промяна след проверката на дяловете ?

[Danielle Dion Knowles]

Checking file system on C:

The type of the file system is NTFS.

 

A disk check has been scheduled.

Windows will now check the disk.

 

CHKDSK is verifying files (stage 1 of 5)...

172288 file records processed. File verification completed.

354 large file records processed. 0 bad file records processed. 2 EA records processed. 28 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)...

224162 index entries processed. Index verification completed.

0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)...

172288 file SDs/SIDs processed. Cleaning up 5 unused index entries from index $SII of file 0x9.

Cleaning up 5 unused index entries from index $SDH of file 0x9.

Cleaning up 5 unused security descriptors.

Security descriptor verification completed.

25938 data files processed. CHKDSK is verifying Usn Journal...

35966072 USN bytes processed. Usn Journal verification completed.

CHKDSK is verifying file data (stage 4 of 5)...

172272 files processed. File data verification completed.

CHKDSK is verifying free space (stage 5 of 5)...

830949 free clusters processed. Free space verification is complete.

Windows has checked the file system and found no problems.

 

51097599 KB total disk space.

47431904 KB in 100409 files.

65732 KB in 25939 indexes.

0 KB in bad sectors.

276167 KB in use by the system.

65536 KB occupied by the log file.

3323796 KB available on disk.

 

4096 bytes in each allocation unit.

12774399 total allocation units on disk.

830949 allocation units available on disk.

 

Internal Info:

00 a1 02 00 96 ed 01 00 a4 a0 03 00 00 00 00 00 ................

ed 0b 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 ................

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

 

Windows has finished checking your disk.

Please wait while your computer restarts.

Това ли трябваше да направя? За D: къде да търся? Нямам промяна след проверката.

[B-boy/StyLe/]

Лог файла за дял D:\ се намира там, където и за C:\ Пак с името Wininit.

 

Можем да проверим с още по-мощни инструменти, но първо пробвайте да почистите временните файлове с CCleaner...Направете следните настройки и натиснете "Стартиране на почистването".

 

http://img36.imageshack.us/img36/7985/57277338.png

 

http://img265.imageshack.us/img265/8720/59787524.png

[Danielle Dion Knowles]

Имам 3,45 ГБ в С: , а преди беше 3, 31 ГБ ...

[B-boy/StyLe/]

Можете да изключите Hibernate Опцията ако не я използвате.

 

Start => напишете CMD.exe => десен бутон на мишката => Run as administrator => веведете командата => powercfg -h off и натиснете Enter.

 

За повече трябва ръчно да проверите съдържанието на папките C:\Users и C:\Program Files (x86), защото повечето място е изразходвано в тях. (но там по-добре внимавайте какво триете). Ако не сте сигурна попитайте.

 

За дял D:\ то се вижда къда са изразходваните GB...

 

В следните 4-тири папки - Ina's Video, ik, omv и install1 + 6 GB от System Rerstore опцията (Used Shadow Copy Storage space: 6.746 GB (4%)).

 

Моя съвет е да оставите System Restore само за дял C:\ Няма нужда да е включена и за дял D:\

 

Десен бутон на мишката върху My Computer => Properties => вляво намерете System Protection => натискате дял D:\ => Configure => Turn off System Protection.

 

Все пак като погледнах пак снимките от FolderSize останах леко озадачен...

 

 

 

 

 

1. Изтеглете ComboFix от BleepingComputer

и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

http://i46.tinypic.com/2exprgh.jpg

След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

http://i46.tinypic.com/29eqjuq.jpg

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива. За целта може да прегледате информацията от този линк: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs.

 

3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

 

 

4. ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на Combofix, моля да прочетете това: Manually restoring the Internet connection section.

 

Забележка: При проблеми с ComboFix копирайте с (Copy) и поставете с (Paste) съдържанието на C:\BUG.txt в следващия си коментар.

 

5. Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

http://i49.tinypic.com/157m978.jpg

 

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

 

Успех !

[Danielle Dion Knowles]

ComboFix 11-10-06.03 - Danielle Gore 10.2011 г. 19:16:17.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1026.18.3639.2259 [GMT 3:00]

Running from: c:\users\Danielle Gore\Desktop\ComboFix.exe

AV: ESET Smart Security 5.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: Лична защитна стена на ESET *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 5.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Danielle Gore\AppData\Roaming\Microsoft\Windows\Recent\energy.sys

c:\users\Danielle Gore\AppData\Roaming\Microsoft\Windows\Recent\PE.dll

c:\users\Danielle Gore\AppData\Roaming\Microsoft\Windows\Recent\std.drv

c:\users\Danielle Gore\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe

c:\users\Danielle Gore\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys

.

.

((((((((((((((((((((((((( Files Created from 2011-09-06 to 2011-10-06 )))))))))))))))))))))))))))))))

.

.

2011-10-06 16:24 . 2011-10-06 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-05 19:07 . 2011-10-05 19:07 -------- d-----w- c:\program files\CCleaner

2011-10-05 09:05 . 2011-10-05 09:05 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23C97387-1EA9-478D-8A7D-2B61AAE71385}\offreg.dll

2011-10-04 12:17 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23C97387-1EA9-478D-8A7D-2B61AAE71385}\mpengine.dll

2011-10-04 11:02 . 2011-10-04 11:02 -------- d-----w- c:\users\Danielle Gore\AppData\Local\MindGems

2011-10-04 11:02 . 2011-10-04 11:02 -------- d-----w- c:\program files (x86)\Folder Size

2011-10-03 16:38 . 2011-10-03 16:38 -------- d-----w- C:\_OTL

2011-10-03 16:35 . 2011-10-03 16:35 -------- d-----w- c:\program files (x86)\ERUNT

2011-09-25 18:32 . 2011-09-25 18:32 -------- d-----w- c:\users\Ina\AppData\Local\ESET

2011-09-25 11:21 . 2011-09-25 11:21 -------- d-----w- c:\users\Danielle Gore\AppData\Roaming\Malwarebytes

2011-09-25 11:21 . 2011-09-25 11:21 -------- d-----w- c:\programdata\Malwarebytes

2011-09-25 11:21 . 2011-08-31 14:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-25 11:21 . 2011-09-25 11:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-09-25 10:43 . 2011-09-25 10:43 -------- d-----w- c:\users\Danielle Gore\AppData\Local\ESET

2011-09-25 10:40 . 2011-09-25 10:40 -------- d-----w- c:\program files\ESET

2011-09-24 11:25 . 2011-09-24 11:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-09-16 06:28 . 2011-09-16 06:28 -------- d-----w- c:\users\Danielle Gore\AppData\Local\Google

2011-09-12 20:56 . 2011-09-12 20:56 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-09-07 12:36 . 2011-09-07 12:36 -------- d-----w- c:\program files (x86)\ESET

2011-09-07 08:59 . 2011-09-07 09:00 -------- d-----w- c:\program files (x86)\Google

2011-09-06 18:57 . 2011-09-06 18:57 -------- d-----w- c:\users\Ina\AppData\Roaming\TigerPlayer

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-17 06:59 . 2011-06-30 15:59 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-06 20:45 . 2011-05-24 17:08 254400 ----a-w- c:\windows\system32\aswBoot.exe

2011-08-09 10:57 . 2011-08-09 10:57 202576 ----a-w- c:\windows\system32\drivers\eamonm.sys

2011-08-04 06:20 . 2011-08-04 06:20 62496 ----a-w- c:\windows\system32\drivers\epfwwfp.sys

2011-08-04 06:20 . 2011-08-04 06:20 38288 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys

2011-08-04 06:20 . 2011-08-04 06:20 187632 ----a-w- c:\windows\system32\drivers\epfw.sys

2011-08-04 06:20 . 2011-08-04 06:20 146432 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2011-07-22 05:45 . 2011-08-10 15:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-22 04:51 . 2011-08-10 15:53 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-07-16 05:26 . 2011-08-10 15:53 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-07-16 05:26 . 2011-08-10 15:53 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-16 05:26 . 2011-08-10 15:53 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2011-07-16 05:23 . 2011-08-10 15:53 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2011-07-16 05:21 . 2011-08-10 15:53 421888 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 05:06 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 05:06 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 04:27 . 2011-08-10 15:53 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2011-07-16 04:23 . 2011-08-10 15:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-16 04:23 . 2011-08-10 15:53 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2011-07-16 04:21 . 2011-08-10 15:53 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2011-07-16 04:21 . 2011-08-10 15:53 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll

2011-07-16 04:12 . 2011-08-10 15:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:12 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:19 . 2011-08-10 15:53 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2011-07-16 02:19 . 2011-08-10 15:53 2048 ----a-w- c:\windows\SysWow64\user.exe

2011-07-16 02:15 . 2011-08-10 15:53 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:15 . 2011-08-10 15:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:15 . 2011-08-10 15:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:15 . 2011-08-10 15:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 05:14 . 2011-08-24 07:57 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 04:30 . 2011-08-24 07:57 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-07-09 02:44 . 2011-08-10 15:54 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"BitComet"="c:\program files (x86)\BitComet\BitComet.exe" [2011-04-22 12401968]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-08-26 17361032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-05-25 37888]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\Ina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\users\Danielle Gore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 2 (0x2)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Услуга на Google Актуализация (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 136176]

R3 cpudrv64;cpudrv64;c:\program files (x86)\ASRock Utility\Intel Graphics Driver Sync Service\cpudrv64.sys [2009-12-15 17864]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]

R3 gupdatem;Услуга на Google Актуализация (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 136176]

R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]

R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]

R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]

R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]

R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]

R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]

R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]

R3 WatAdminSvc;Услуга на технологиите за активиране на Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-08 974944]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 08:59]

.

2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 08:59]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 413720]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-17 10134560]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-08 4030008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.atcomet.com/b/

mStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=google

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &С&валяне &с BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm

IE: &С&валяне на всички с BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm

TCP: Interfaces\{F98112CA-67C0-4633-8084-C37586AD7CD6}: NameServer = 95.87.194.4,95.87.255.190

FF - ProfilePath - c:\users\Danielle Gore\AppData\Roaming\Mozilla\Firefox\Profiles\edmzzuov.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll

WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\B20@O=5 *=0 *C*C*l*e*a*n*e*r*& \command]

@="c:\\Program Files\\CCleaner\\ccleaner.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]

@Denied: (A 2) (Everyone)

@="FlashProp Class"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-10-06 19:36:46

ComboFix-quarantined-files.txt 2011-10-06 16:36

.

Pre-Run: 6 158 381 056 bytes free

Post-Run: 6 047 223 808 bytes free

.

- - End Of File - - 98439902ABB14C76CA530054D1B83CE3

[B-boy/StyLe/]

Лог файла изглежда чист. Не мисля, че проблема се дължи на зловреден софтуер.

Направете една проверка с Xinorbis и направете снимка на резултатите.

[Danielle Dion Knowles]

Значи няма проблеми, просто компютъра е пълен с глупости?

[B-boy/StyLe/]

Зарази не виждам, но има нещо гнило...

 

На дял C:\ уж заетото място е 36 GB, свободното е 5 GB, а дяла е голям 48 GB - т.е. губят се едни близо 7 GB

На дял D:\ уж заетото е 55 GB, свободното е 5 GB, а дяла е голям 137 GB - т.е. губят се близо 70 GB

 

Не съм сигурен дали тези програми проверяват и за скрити файлове и папки, но би трябвало.

Надявах се Combofix да намери File Replicators, но няма такива. Направо съм без идеи.

Я направете една снимка на Десен бутон на My Computer => Manage => Disk Management.

Ще се допитам и до колеги за съвети.

[Danielle Dion Knowles]

Олеле...

[B-boy/StyLe/]

Направо съм пас.

Няма лоши сектори, няма unallocated space.

Пробвай да направиш скритите файлове видими...

Десен бутон на taskbar-a => properties => start menu => customize => намери и сложи отметка пред run command.

След това от Start => run => въведи следната команда: rundll32.exe shell32.dll,Options_RunDLL 0

 

От Folder Options => отиди до View => и сложи отметка пред Show hidden files, folders, and drives и махни отметката пред Hide protected operating system files (Recommended).

Сега почни да търсиш къде какво има и какво заема мястото. По-добре почни от дял D:\ => там е по-безопасно да изтриеш нещо по невнимание.

 

Друго което ми идва наум е да се провери хардиска с инструмента на производителя на самия диск, друг скенер за гадинки и т.н.

Питал съм и колегите за мнение.

[Danielle Dion Knowles]

Направих настройките, но нямам представа папките в D: коя каква е и за какво е. Вариант ли е да ми влезнете в компютъра чрез програма, за да видите как стоят нещата? Не мога да се оправя сама... ? Ако ви затруднявам, ще търсим други варианти естествено, просто реших, че така ще Ви е по-лесно.

[tanganika]

Пробвахте ли с този инструмент ? http://www.geekstogo...er-by-oldtimer/

[Danielle Dion Knowles]

Официално Ви ОБИЧАМ !!!!

 

Но сметките май пак не се получават точни... нали се губеха 70 GB от D:/ и 7 GB от С:/ ... Ето снимки преди и след.