ПРИКЛЮЧЕН Упорита зараза на системата

Matt_Ragan · Септември 14, 2013

Изчистих това което е останало от Roxio/още преди месеци го бях махнал/.Също и Diskeeper отдавна нямам на системата.Бях я деинсталирал и заменил с О&О Defrag Professional.Още преди чрез търсещата машина на Windows бях проверил за остатъци от Diskeeper,но няма нищо.Проверих и сега за всеки случай и положението е същото.Ако има някакъв друг начин за откриване освен с търсещата машина,аз не го знам.Скрипта сработи само от Safe Mode.Ако има някакво подобрение сред рестарта,поне аз не го забелязвам.Единствено може би с незначително подобряване на времето на зареждане на Windows-a.Случи се нещо странно когато се опитах да прикрепя лога.Изписа ми съобщение че не ми е позволено да качвам такъв тип файлове.Затова го копирам.

опс...грешка...това не е логът...ето този който ви трябва...

All processes killed

========== OTL ==========

Error: No service named SessionLauncher was found to stop!

Service\Driver key SessionLauncher not found.

File C:\DOCUME~1\ZDRAVE~1.CHA\LOCALS~1\Temp\DX9\SessionLauncher.exe not found.

Error: No service named Roxio Upnp Server 10 was found to stop!

Service\Driver key Roxio Upnp Server 10 not found.

File C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe not found.

Error: No service named Roxio UPnP Renderer 10 was found to stop!

Service\Driver key Roxio UPnP Renderer 10 not found.

File C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe not found.

Error: No service named Ati HotKey Poller was found to stop!

Service\Driver key Ati HotKey Poller not found.

File C:\WINDOWS.0\system32\Ati2evxx.exe not found.

Error: No service named AdvancedSystemCareService5 was found to stop!

Service\Driver key AdvancedSystemCareService5 not found.

File C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe not found.

Error: No service named VClone was found to stop!

Service\Driver key VClone not found.

File system32\DRIVERS\VClone.sys not found.

Error: No service named TrufosAlt was found to stop!

Service\Driver key TrufosAlt not found.

File system32\DRIVERS\TrufosAlt.sys not found.

Error: No service named TrueSight was found to stop!

Service\Driver key TrueSight not found.

File C:\WINDOWS.0\system32\TrueSight.sys not found.

Error: No service named hitmanpro37duringboot was found to stop!

Service\Driver key hitmanpro37duringboot not found.

File system32\drivers\hitmanpro37.sys not found.

Error: No service named esgiguard was found to stop!

Service\Driver key esgiguard not found.

File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.

Error: No service named dgderdrv was found to stop!

Service\Driver key dgderdrv not found.

File System32\drivers\dgderdrv.sys not found.

Error: No service named CrystalSysInfo was found to stop!

Service\Driver key CrystalSysInfo not found.

File C:\Program Files\MediaCoder\SysInfo.sys not found.

Error: No service named cpuz136 was found to stop!

Service\Driver key cpuz136 not found.

File C:\WINDOWS.0\TEMP\cpuz136\cpuz136_x32.sys not found.

Error: No service named catchme was found to stop!

Service\Driver key catchme not found.

File C:\DOCUME~1\ZDRAVE~1.CHA\LOCALS~1\Temp\catchme.sys not found.

Error: No service named avgtp was found to stop!

Service\Driver key avgtp not found.

File C:\WINDOWS.0\system32\drivers\avgtpx86.sys not found.

Error: No service named DKRtWrt was found to stop!

Service\Driver key DKRtWrt not found.

File C:\WINDOWS.0\system32\drivers\DKRtWrt.sys not found.

Error: No service named RxFilter was found to stop!

Service\Driver key RxFilter not found.

File C:\WINDOWS.0\system32\drivers\RxFilter.sys not found.

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to change the HomePage.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VolumeTray not found.

File not found.

Registry value HKEY_USERS\S-1-5-21-299502267-854245398-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent not found.

File not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix not found.

File not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix not found.

File not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.

File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll File not found not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:io Shared\DLLShared\ecurity Pac deleted successfully.

File C:\Documents and Settings\zdrave.CHANGEME1\Desktop\JRT.exe not found.

Folder C:\AdwCleaner\ not found.

File C:\Documents and Settings\zdrave.CHANGEME1\Desktop\dds.com not found.

Folder C:\WINDOWS.0\ERUNT\ not found.

Folder C:\SP3\ not found.

File C:\Documents and Settings\zdrave.CHANGEME1\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe not found.

File C:\WINDOWS.0\NIRCMD.exe not found.

File C:\WINDOWS.0\SWREG.exe not found.

File C:\WINDOWS.0\SWSC.exe not found.

File C:\WINDOWS.0\SWXCACLS.exe not found.

Folder C:\Qoobox\ not found.

C:\WINDOWS.0\erdnt\cache folder moved successfully.

C:\WINDOWS.0\erdnt folder moved successfully.

File C:\Documents and Settings\zdrave.CHANGEME1\Desktop\ComboFix.exe not found.

C:\WINDOWS.0\PSEXESVC.EXE moved successfully.

C:\PsExec.exe moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Desktop\PSTools folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Desktop\swreg.exe moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo\Installer folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis\download\installs\xml_binaries\yandex_bsm folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis\download\installs\xml_binaries\cis folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis\download\installs\xml_binaries folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis\download\installs folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis\download folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader folder moved successfully.

C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\HitmanPro\Quarantine folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\HitmanPro\Logs folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\HitmanPro folder moved successfully.

C:\TDSSKiller_Quarantine\01.08.2013_08.27.02\susp0006\svc0000 folder moved successfully.

C:\TDSSKiller_Quarantine\01.08.2013_08.27.02\susp0006 folder moved successfully.

C:\TDSSKiller_Quarantine\01.08.2013_08.27.02\susp0005\svc0000 folder moved successfully.

C:\TDSSKiller_Quarantine\01.08.2013_08.27.02\susp0005 folder moved successfully.

C:\TDSSKiller_Quarantine\01.08.2013_08.27.02\susp0004\svc0000 folder moved successfully.

C:\TDSSKiller_Quarantine\01.08.2013_08.27.02\susp0004 folder moved successfully.

C:\TDSSKiller_Quarantine\01.08.2013_08.27.02\susp0003\svc0000 folder moved successfully.

C:\TDSSKiller_Quarantine\01.08.2013_08.27.02\susp0003 folder moved successfully.

C:\TDSSKiller_Quarantine\01.08.2013_08.27.02\susp0002\svc0000 folder moved successfully.

C:\TDSSKiller_Quarantine\01.08.2013_08.27.02\susp0002 folder moved successfully.

C:\TDSSKiller_Quarantine\01.08.2013_08.27.02\susp0001\svc0000 folder moved successfully.

C:\TDSSKiller_Quarantine\01.08.2013_08.27.02\susp0001 folder moved successfully.

C:\TDSSKiller_Quarantine\01.08.2013_08.27.02\susp0000\svc0000 folder moved successfully.

C:\TDSSKiller_Quarantine\01.08.2013_08.27.02\susp0000 folder moved successfully.

C:\TDSSKiller_Quarantine\01.08.2013_08.27.02 folder moved successfully.

C:\TDSSKiller_Quarantine folder moved successfully.

C:\Program Files\Mozilla Maintenance Service folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\MCShield\Quarantine folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\MCShield folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Desktop\322756.exe moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\Process Hacker 2 folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue.lnk moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Desktop\AdwCleaner.exe moved successfully.

File C:\Documents and Settings\zdrave.CHANGEME1\Desktop\dds.com not found.

File C:\Documents and Settings\zdrave.CHANGEME1\Desktop\ComboFix.exe not found.

C:\Documents and Settings\zdrave.CHANGEME1\Desktop\expand.bat moved successfully.

File C:\Documents and Settings\zdrave.CHANGEME1\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe not found.

C:\MBR_HardDisk0.dat moved successfully.

File C:\WINDOWS.0\PSEXESVC.EXE not found.

File C:\Documents and Settings\zdrave.CHANGEME1\Desktop\swreg.exe not found.

C:\Documents and Settings\zdrave.CHANGEME1\My Documents\90DF1000 moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\My Documents\08752300 moved successfully.

C:\WINDOWS.0\DCEBOOT.RST moved successfully.

C:\WINDOWS.0\RegBootClean.exe moved successfully.

C:\WINDOWS.0\DCEBoot.exe moved successfully.

File C:\WINDOWS.0\MBR.exe not found.

File C:\WINDOWS.0\PEV.exe not found.

File C:\WINDOWS.0\sed.exe not found.

File C:\WINDOWS.0\grep.exe not found.

File C:\WINDOWS.0\zip.exe not found.

C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages folder moved successfully.

Folder move failed. C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar scheduled to be moved on reboot.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Anvisoft\Anvi Smart Defender folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Anvisoft folder moved successfully.

Folder C:\Documents and Settings\All Users.WINDOWS.0\Application Data\HitmanPro\ not found.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\IObit\Advanced SystemCare V6 folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\IObit\Advanced SystemCare V5 folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\IObit folder moved successfully.

Folder C:\Documents and Settings\All Users.WINDOWS.0\Application Data\MCShield\ not found.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\MFAData\pack\bins folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\MFAData\pack folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\MFAData\mkt\us folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\MFAData\mkt\res folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\MFAData\mkt\hi folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\MFAData\mkt folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\MFAData\logs folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\MFAData folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SecTaskMan folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936} folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46} folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} folder moved successfully.

C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR folder moved successfully.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\TuneUp Software\TU2012\Backups folder moved successfully.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\TuneUp Software\TU2012 folder moved successfully.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\TuneUp Software folder moved successfully.

C:\Documents and Settings\zdrave\Application Data\AVGTOOLBAR\NewCfg folder moved successfully.

C:\Documents and Settings\zdrave\Application Data\AVGTOOLBAR folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\Anvisoft folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\AVG Secure Search folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\ExpressFiles folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\IObit\SmartRAM folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\IObit\IObit Uninstaller folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\IObit\InternetBooster folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\IObit\Advanced SystemCare V6\Log folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\IObit\Advanced SystemCare V6\Boottime folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\IObit\Advanced SystemCare V6\Backup folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\IObit\Advanced SystemCare V6 folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\IObit\Advanced SystemCare V5\Log folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\IObit\Advanced SystemCare V5\Boottime folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\IObit\Advanced SystemCare V5\Backup folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\IObit\Advanced SystemCare V5 folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\IObit\Advanced SystemCare\Backup\Registry folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\IObit\Advanced SystemCare\Backup folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\IObit\Advanced SystemCare folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\IObit folder moved successfully.

Folder C:\Documents and Settings\zdrave.CHANGEME1\Application Data\Process Hacker 2\ not found.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\Uniblue\Registry Booster2 folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\Uniblue folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\UpdateTemp1175821254 folder moved successfully.

C:\AdwCleaner[R1].txt moved successfully.

C:\AdwCleaner[R2].txt moved successfully.

C:\AdwCleaner[R3].txt moved successfully.

C:\AdwCleaner[R4].txt moved successfully.

C:\AdwCleaner[R5].txt moved successfully.

C:\AdwCleaner[R6].txt moved successfully.

C:\AdwCleaner[R7].txt moved successfully.

C:\AdwCleaner[R8].txt moved successfully.

C:\AdwCleaner[R9].txt moved successfully.

C:\AdwCleaner[s1].txt moved successfully.

C:\AdwCleaner[s3].txt moved successfully.

C:\AdwCleaner[s4].txt moved successfully.

C:\AdwCleaner[s5].txt moved successfully.

C:\AdwCleaner[s6].txt moved successfully.

C:\ComboFix.txt moved successfully.

C:\GMER-01.08.2013.log moved successfully.

C:\GMER-09.08.2013.log moved successfully.

C:\GMER-16.07.2013.log moved successfully.

C:\GMER-17.07.2013.log moved successfully.

C:\GMER-20.07.2013.log moved successfully.

C:\GMER-23.07.2013.log moved successfully.

C:\GMER-31.07.2013.log moved successfully.

C:\GMER-бърз скан-25.07.2013.log moved successfully.

C:\TDSSKiller.2.8.15.0_04.07.2013_10.45.20_log.txt moved successfully.

C:\TDSSKiller.2.8.15.0_06.01.2013_07.31.58_log.txt moved successfully.

C:\TDSSKiller.2.8.15.0_07.12.2012_11.28.54_log.txt moved successfully.

C:\TDSSKiller.2.8.18.0_01.08.2013_08.19.34_log.txt moved successfully.

C:\TDSSKiller.2.8.18.0_01.08.2013_08.27.02_log.txt moved successfully.

C:\TDSSKiller.2.8.18.0_01.08.2013_08.37.13_log.txt moved successfully.

C:\TDSSKiller.2.8.18.0_03.08.2013_17.26.13_log.txt moved successfully.

C:\TDSSKiller.2.8.18.0_03.08.2013_18.40.28_log.txt moved successfully.

C:\TDSSKiller.2.8.18.0_03.08.2013_18.47.26_log.txt moved successfully.

C:\TDSSKiller.2.8.18.0_08.08.2013_22.47.52_log.txt moved successfully.

C:\TDSSKiller.2.8.18.0_28.07.2013_06.04.44_log.txt moved successfully.

C:\TDSSKiller.2.8.18.0_28.07.2013_06.30.47_log.txt moved successfully.

C:\TDSSKiller.2.8.18.0_28.07.2013_06.37.22_log.txt moved successfully.

C:\TDSSKiller.2.8.18.0_30.07.2013_05.29.20_log.txt moved successfully.

C:\TDSSKiller.2.8.18.0_30.07.2013_05.36.27_log.txt moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\inst.exe moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\AVG8\cfgall folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\Application Data\AVG8 folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\update\prepare folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\update\backup folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\update folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\Temp folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\scanlogs folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\Log folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\emc\Queue\TEMP folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\emc\Queue\OUT folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\emc\Queue\ACTIVE folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\emc\Queue folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\emc\Log folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\emc folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\Dumps folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\CfgAll folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\Cfg folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\AvgApi folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\AvgAm folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8\admincli folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg8 folder moved successfully.

Folder C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo\ not found.

Folder C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\ not found.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\McAfee\MCLOGS\SecurityScanner\McUicnt folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\McAfee\MCLOGS\SecurityScanner folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\McAfee\MCLOGS\PartnerCustom\SSScheduler folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\McAfee\MCLOGS\PartnerCustom\SecurityScan_Release folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\McAfee\MCLOGS\PartnerCustom\McUicnt folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\McAfee\MCLOGS\PartnerCustom\McCHSvc folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\McAfee\MCLOGS\PartnerCustom folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\McAfee\MCLOGS\Common\McUicnt folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\McAfee\MCLOGS\Common folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\McAfee\MCLOGS folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\McAfee folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Symantec\LiveUpdate folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Symantec folder moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\My Documents\6E73E300 moved successfully.

C:\Documents and Settings\zdrave.CHANGEME1\My Documents\ApnStub.exe moved successfully.

C:\Program Files\Anvisoft\Anvi Smart Defender folder moved successfully.

C:\Program Files\Anvisoft folder moved successfully.

C:\Program Files\AVG folder moved successfully.

C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.

C:\Program Files\Enigma Software Group\SpyHunter\Data folder moved successfully.

C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.

C:\Program Files\Enigma Software Group folder moved successfully.

C:\Program Files\IObit\Advanced SystemCare 5\ASCServiceLog folder moved successfully.

C:\Program Files\IObit\Advanced SystemCare 5 folder moved successfully.

C:\Program Files\IObit\Advanced SystemCare 3\Update\Skin\White folder moved successfully.

C:\Program Files\IObit\Advanced SystemCare 3\Update\Skin\Black folder moved successfully.

C:\Program Files\IObit\Advanced SystemCare 3\Update\Skin folder moved successfully.

C:\Program Files\IObit\Advanced SystemCare 3\Update folder moved successfully.

C:\Program Files\IObit\Advanced SystemCare 3 folder moved successfully.

C:\Program Files\IObit folder moved successfully.

Folder C:\Program Files\Mozilla Maintenance Service\ not found.

C:\Program Files\RECYCLER\S-1-5-21-1801674531-682003330-725345543-1003 folder moved successfully.

C:\Program Files\RECYCLER folder moved successfully.

C:\Program Files\Spybot - Search & Destroy folder moved successfully.

C:\Program Files\Uniblue folder moved successfully.

C:\Program Files\Webroot\WebrootSecurity\wrstemp folder moved successfully.

C:\Program Files\Webroot\WebrootSecurity folder moved successfully.

C:\Program Files\Webroot folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS.0

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS.0

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: zdrave

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: zdrave.CHANGEME1

->Temp folder emptied: 3676067 bytes

->Temporary Internet Files folder emptied: 83722 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 145082639 bytes

->Flash cache emptied: 0 bytes

User: ZDRAVE~1~CHA

User: На Бузлуджа-22октомври2011г

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 255 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 142,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 09142013_162601

Files\Folders moved on Reboot...

Folder move failed. C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

B-boy/StyLe/ · Септември 14, 2013

Определено има още боклуци за изчистване. Колкото до забавянето за пореден път обяснявам, че не е заради зловреден софтуер. Просто сте качвали/махали доста програми и с времето, особено ако скоро не е преинсталиран и поддържан, както трябва системате се затлачва и ако положението е непоносимо лично аз препоръчвам или да се направи профилактика или да се преинсталира начисто.

Изпълнихте ли стъпките от двата линка за Google Chrome? Ако ли не, то ги изпълнете.

След това направете нова проверка с OTL и прикачете лог файла да видим има ли още нещо, което можем да изтрием.

Matt_Ragan · Септември 14, 2013

Да,стъпките от линковете са изпълнени.Още преди ми стана ясно че проблемите ми идват главно от затлачена система,но описах какво е положението тъй като вие поискахте в края на по-предишният си коментар да бъдете информирани за него.Мога да правя сканирвания докато се изчисти и последният грам боклук/стига на вас да не ви писне/.Това е поредният лог:OTL.Txt

B-boy/StyLe/ · Септември 21, 2013

Почти сме изчистили боклуците и остатъците:

Копирайте това в OTL и въведете Run Fix:

:OTL
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
CHR - homepage: http://search.babylon.com/?affID=119776&babsrc=HP_ss_bad2g&mntrId=48080015AFAE718F
O4 - HKU\S-1-5-21-299502267-854245398-1644491937-1003..\Run: []
O30 - LSA: Security Packages - (io Shared\DLLShared\ecurity Pac) - File not found
MsConfig - StartUpReg: DivXUpdate
[2013.07.13 10:05:44 | 000,001,220 | ---- | C] () -- C:\WINDOWS.0\System32\.crusader
[2013.09.14 16:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
:commands
[emptytemp]

След това публикувайте лог файла и вижте има ли промяна...ако няма е по-добре да преинсталирате начисто.

Matt_Ragan · Септември 21, 2013

Във връзка с коментар #34,предполагам че OTL изчисти ненужните драйвери,но как стои въпросът с пачнатият файл...All processes killed

Error: Unable to interpret < > in the current context!

========== OTL ==========

Service RoxWatch10 stopped successfully!

Service RoxWatch10 deleted successfully!

File C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe not found.

Service RoxMediaDB10 stopped successfully!

Service RoxMediaDB10 deleted successfully!

File C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe not found.

Service RoxLiveShare10 stopped successfully!

Service RoxLiveShare10 deleted successfully!

File C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe not found.

Service MozillaMaintenance stopped successfully!

Service MozillaMaintenance deleted successfully!

File C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe not found.

Service MBAMSwissArmy stopped successfully!

Service MBAMSwissArmy deleted successfully!

File C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys not found.

Use Chrome's Settings page to change the HomePage.

Registry value HKEY_USERS\S-1-5-21-299502267-854245398-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

File not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:io Shared\DLLShared\ecurity Pac deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ deleted successfully.

C:\WINDOWS.0\system32\.crusader moved successfully.

C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS.0

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS.0

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: zdrave

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: zdrave.CHANGEME1

->Temp folder emptied: 952 bytes

->Temporary Internet Files folder emptied: 53826 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 34501323 bytes

->Flash cache emptied: 0 bytes

User: ZDRAVE~1~CHA

User: На Бузлуджа-22октомври2011г

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 18070791 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 2447 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 50,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 09212013_182352

Files\Folders moved on Reboot...

C:\WINDOWS.0\temp\_avast_\Webshlock.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

B-boy/StyLe/ · Септември 21, 2013

Аз повече не съм се занимавал с него, защото не можахте да се справите с инструкциите. Можем да измислим нещо, но той едва ли е причина за забавянето.

Matt_Ragan · Септември 21, 2013

Напоследък това забавяне не се чувства толкова осезаемо...повече ме притеснява треперенето на звука.От какво може да е това.Ако оправим файла, дали няма да изчезне...

B-boy/StyLe/ · Септември 21, 2013

Е нали съм ви писал Л.С.!!!

Matt_Ragan · Септември 22, 2013

Получих някакви предупреждения за вирус от файла,включително и от avast,но предполагам че не трябва да им обръщам внимание...ето лога:Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File move operation "C:\sfcfiles.dll|c:\windows\system32\sfcfiles.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

B-boy/StyLe/ · Септември 22, 2013

Така вече и файла е заместен с чисто копие.

Да, avenger е чист, но вече можете да го изтриете (както и папката му) в C:\Avenger.

Колкото за трептенето на звука - вижте дали разполагате с актуалните версии на инсталираните драйвъри.

Къде се появява това трепнете - докато гледате клипове в Youtube или филми на компютъра? Ако да, имате ли инсталирани последните версии на Adobe Flash Player за браузъра? В какъв формат са филмите - HD? Възможно е да идват тежки за системата. Проверете дали проблема не е в кабелите към системат или в самата аудио система. Ако трептенето е при разговор в интернет през Скайп - вижте дали отговаряте на изискванията за скорост на интернета за провеждане на разговори. В Safe Mode има ли го трептенето? Може да проверите и с някоя Live Linux дистрибуця за да видите дали там ще го има - ако го няма - значе е от омазан Windows, ако го има може да е от звуковата карта. Варианти много.

Matt_Ragan · Септември 23, 2013

Стана интересно.Досега не бях забелязал.Под Safe Modе защо не излиза никакъв звук от компютъра.И още нещо да попитам.След като съм изключил възстановяване на системата,възможно ли е да се върна към точка преди Windows-a да ми се омаца.

B-boy/StyLe/ · Септември 23, 2013

Моя грешка - забравих че в Safe Mode звуковите устройства не работят. Исках да кажа пробвахте в режим на чисто стартиране дали проблема остава.

Start => Run => msconfig => General => Diagnostic startup => Apply => Restart

И не...ако е спряна опцията за създаване на Restore Points разбира се, че няма да можете да използвате тази функция - то е логично!

Досега да бяхте преинсталирали вече...

Matt_Ragan · Септември 24, 2013

Ok B-boy/StyLe/,изглежда ще трябва да преинсталирвам,колкото и да не ми се ще.Благодаря за всичко.Пожелавам всичко най-хубаво на вас и на вашите колеги от форумите на Softvisiа!

B-boy/StyLe/ · Септември 24, 2013

Благодаря за пожеланията от името на екипа.Да ви се връщат! След преинсталацията е добре да направите един IMAGE на системата например с Macrium - виж тук как.

Така при проблеми само връщаш Image-е и готово.

ПРИКЛЮЧЕН Упорита зараза на системата

Препоръчан пост

Link to comment

Сподели другаде

ТОП потребители в тази тема

Популярни дни

ТОП потребители в тази тема

Популярни дни

Публикувани изображения

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Join the conversation