Problem Zbot.gen

[Arturoos1990]

Witam

Mam dość spory problem, wirus zablokował mi możliwośc uruchomienia aktywnych osłon windows defender, i innych zabezpieczeń windows, po wstepnym skanie Security Essentials wykrzyczał mi PWS:Win32/zbot.gen!AF i win32/opachki.H

 

dla windows security zbot jest jako 2-02-29 12:44:57 | 000,000,000 | ---D | M] -- C:\Users\Trahus\AppData\Roaming\Qosi

 

 

Załączam skany z OTL

 

Proszę o pilną pomoc, nie moge pozwolić sobie na unieruchomienie komputera i utratę danych

 

Pozdrawiam Artur

 

OTL.Txt

Extras.Txt

[picasso]

Cytowane wykrycie MSSE to akurat najmniejszy problem. Znaki w OTL wskazują na obecność rootkita Necurs, który nokautuje oprogramowanie zabezpieczające. Świadczy o tym ten oto numeryczny delikwent oraz brak poboru informacji o większości normalnych sterowników (rootkit egzekwuje blokadę dostępową):

 

SRV - [2012-03-02 09:03:22 | 000,043,352 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\c9f966b2245a3d13.sys -- (c9f966b2245a3d13)

[2012-03-02 09:03:22 | 000,043,352 | ---- | M] () -- C:\Windows\System32\drivers\c9f966b2245a3d13.sys

 

Spoiler

DRV - [2011-06-16 08:50:07 | 000,218,688 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011-05-25 08:43:04 | 000,224,824 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\CLFS.sys -- (CLFS) Common Log (CLFS)
DRV - [2011-05-25 08:42:57 | 000,495,160 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2011-05-25 08:42:56 | 000,034,360 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\mouclass.sys -- (mouclass)
DRV - [2011-05-25 08:42:56 | 000,019,968 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sermouse.sys -- (sermouse)
DRV - [2011-05-25 08:42:56 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mouhid.sys -- (mouhid)
DRV - [2011-05-25 08:42:55 | 000,054,784 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\i8042prt.sys -- (i8042prt)
DRV - [2011-05-25 08:42:55 | 000,035,384 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\kbdclass.sys -- (kbdclass)
DRV - [2011-05-25 08:37:32 | 000,025,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tunnel.sys -- (tunnel)
DRV - [2011-05-25 08:37:31 | 000,815,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\tcpip.sys -- (Tcpip6)
DRV - [2011-05-25 08:37:31 | 000,815,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2011-05-25 08:37:31 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tunmp.sys -- (tunmp)
DRV - [2011-05-25 08:36:57 | 000,082,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\sdbus.sys -- (sdbus)
DRV - [2011-05-20 15:22:53 | 000,020,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndistapi.sys -- (NdisTapi)
DRV - [2011-05-20 15:22:52 | 000,061,952 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (Wanarpv6)
DRV - [2011-05-20 15:22:52 | 000,061,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (Wanarp)
DRV - [2011-05-20 15:22:52 | 000,048,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2011-05-20 15:22:50 | 000,619,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2011-05-20 15:22:50 | 000,070,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\pacer.sys -- (PSched)
DRV - [2011-05-20 15:21:50 | 000,306,688 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srv.sys -- (srv)
DRV - [2011-05-20 15:21:50 | 000,084,992 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srvnet.sys -- (srvnet)
DRV - [2011-05-20 15:18:43 | 000,020,920 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\compbatt.sys -- (Compbatt)
DRV - [2011-05-20 15:18:42 | 000,014,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\CmBatt.sys -- (CmBatt)
DRV - [2011-05-20 15:18:42 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\wmiacpi.sys -- (WmiAcpi)
DRV - [2011-05-20 15:17:44 | 000,110,080 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2011-05-20 15:13:26 | 000,211,968 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb10.sys -- (mrxsmb10)
DRV - [2011-05-20 15:13:26 | 000,102,400 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb.sys -- (mrxsmb)
DRV - [2011-05-20 15:13:26 | 000,058,368 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb20.sys -- (mrxsmb20)
DRV - [2011-05-20 15:04:49 | 000,055,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\USBSTOR.SYS -- (USBSTOR)
DRV - [2011-05-20 15:02:59 | 001,060,920 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2011-05-20 15:02:58 | 000,041,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\monitor.sys -- (monitor)
DRV - [2011-05-20 14:45:54 | 000,063,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2011-05-20 14:33:34 | 000,021,560 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\atapi.sys -- (atapi)
DRV - [2011-05-20 14:33:33 | 000,017,464 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\intelide.sys -- (intelide)
DRV - [2011-05-20 14:33:32 | 000,211,000 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\volsnap.sys -- (volsnap)
DRV - [2011-05-20 14:33:32 | 000,154,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\nwifi.sys -- (NativeWifiP)
DRV - [2011-05-20 14:28:36 | 000,408,136 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecdd.sys -- (KSecDD)
DRV - [2011-05-20 14:20:42 | 000,220,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BTHport.sys -- (BthPort)
DRV - [2011-05-20 14:20:42 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BTHUSB.sys -- (BTHUSB)
DRV - [2011-05-20 14:20:42 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\BthEnum.sys -- (BthEnum)
DRV - [2011-05-20 13:42:19 | 000,012,800 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2011-05-20 13:41:05 | 000,396,800 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HTTP.sys -- (HTTP)
DRV - [2011-05-20 13:38:53 | 000,130,048 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srv2.sys -- (srv2)
DRV - [2011-05-20 09:40:35 | 003,155,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (atikmdag)
DRV - [2011-05-20 09:29:23 | 000,156,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2011-04-18 12:18:50 | 000,043,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\MpNWMon.sys -- (MpNWMon)
DRV - [2008-11-17 06:40:22 | 003,668,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008-10-09 14:42:42 | 000,017,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2007-03-21 21:02:04 | 000,037,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rixdptsk.sys -- (rismxdp)
DRV - [2007-02-24 13:42:22 | 000,039,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rimmptsk.sys -- (rimmptsk)
DRV - [2007-01-23 15:40:20 | 000,042,496 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rimsptsk.sys -- (rimsptsk)
DRV - [2006-12-22 04:44:19 | 000,191,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbhub.sys -- (usbhub)
DRV - [2006-12-22 04:44:04 | 000,073,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbccgp.sys -- (usbccgp)
DRV - [2006-11-02 13:34:35 | 000,132,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache)
DRV - [2006-11-02 13:34:31 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2006-11-02 10:51:42 | 000,500,840 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ndis.sys -- (NDIS)
DRV - [2006-11-02 10:51:30 | 000,290,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2006-11-02 10:51:14 | 000,183,912 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2006-11-02 10:51:12 | 000,168,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\msiscsi.sys -- (iScsiPrt)
DRV - [2006-11-02 10:51:12 | 000,167,528 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006-11-02 10:51:09 | 000,160,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2006-11-02 10:50:57 | 000,140,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pci.sys -- (pci)
DRV - [2006-11-02 10:50:40 | 000,106,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - [2006-11-02 10:50:28 | 000,050,792 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\termdd.sys -- (TermDD)
DRV - [2006-11-02 10:50:24 | 000,050,280 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\volmgr.sys -- (volmgr)
DRV - [2006-11-02 10:50:24 | 000,047,208 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2006-11-02 10:50:24 | 000,046,696 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\Drivers\mup.sys -- (Mup)
DRV - [2006-11-02 10:50:23 | 000,049,256 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2006-11-02 10:50:17 | 000,080,488 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\msdsm.sys -- (msdsm)
DRV - [2006-11-02 10:50:16 | 000,078,952 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mpio.sys -- (mpio)
DRV - [2006-11-02 10:50:16 | 000,076,392 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006-11-02 10:50:04 | 000,058,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2006-11-02 10:50:04 | 000,058,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - [2006-11-02 10:49:59 | 000,056,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - [2006-11-02 10:49:58 | 000,056,424 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2006-11-02 10:49:57 | 000,054,888 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2006-11-02 10:49:54 | 000,028,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mssmbios.sys -- (mssmbios)
DRV - [2006-11-02 10:49:52 | 000,054,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2006-11-02 10:49:52 | 000,053,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\agp440.sys -- (agp440)
DRV - [2006-11-02 10:49:51 | 000,052,840 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\disk.sys -- (disk)
DRV - [2006-11-02 10:49:49 | 000,027,752 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2006-11-02 10:49:44 | 000,023,144 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\msahci.sys -- (msahci)
DRV - [2006-11-02 10:49:43 | 000,022,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2006-11-02 10:49:38 | 000,019,560 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\wd.sys -- (Wd)
DRV - [2006-11-02 10:49:35 | 000,018,536 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2006-11-02 10:49:26 | 000,015,464 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\amdide.sys -- (amdide)
DRV - [2006-11-02 10:49:20 | 000,013,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2006-11-02 10:49:20 | 000,013,416 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\pciide.sys -- (pciide)
DRV - [2006-11-02 10:49:20 | 000,012,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\swenum.sys -- (swenum)
DRV - [2006-11-02 10:14:58 | 000,018,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbprint.sys -- (usbprint)
DRV - [2006-11-02 10:14:19 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\serscan.sys -- (StillCam)
DRV - [2006-11-02 10:14:17 | 000,035,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbscan.sys -- (usbscan)
DRV - [2006-11-02 10:04:35 | 000,878,080 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\peauth.sys -- (PEAUTH)
DRV - [2006-11-02 10:04:23 | 000,039,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV - [2006-11-02 10:03:00 | 000,242,688 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006-11-02 10:02:15 | 000,160,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2006-11-02 10:02:07 | 000,023,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\tssecsrv.sys -- (tssecsrv)
DRV - [2006-11-02 10:02:01 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2006-11-02 10:02:01 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2006-11-02 10:02:01 | 000,006,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\rdpencdd.sys -- (RDPENCDD)
DRV - [2006-11-02 10:02:01 | 000,006,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\RDPCDD.sys -- (RDPCDD)
DRV - [2006-11-02 09:58:52 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2006-11-02 09:58:43 | 000,270,336 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2006-11-02 09:58:26 | 000,015,872 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2006-11-02 09:58:14 | 000,118,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndiswan.sys -- (NdisWan)
DRV - [2006-11-02 09:58:14 | 000,061,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\raspptp.sys -- (PptpMiniport) Miniport WAN (PPTP)
DRV - [2006-11-02 09:58:13 | 000,075,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\rasl2tp.sys -- (Rasl2tp) Miniport WAN (L2TP)
DRV - [2006-11-02 09:58:13 | 000,011,776 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\rasacd.sys -- (RasAcd)
DRV - [2006-11-02 09:58:12 | 000,041,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\raspppoe.sys -- (RasPppoe)
DRV - [2006-11-02 09:58:10 | 000,017,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\asyncmac.sys -- (AsyncMac)
DRV - [2006-11-02 09:58:09 | 000,099,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipnat.sys -- (IPNAT)
DRV - [2006-11-02 09:58:04 | 000,047,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2006-11-02 09:57:47 | 000,027,648 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2006-11-02 09:57:35 | 000,068,096 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\tdx.sys -- (tdx)
DRV - [2006-11-02 09:57:30 | 000,016,384 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2006-11-02 09:57:26 | 000,035,840 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\DRIVERS\netbios.sys -- (NetBIOS)
DRV - [2006-11-02 09:57:22 | 000,016,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndisuio.sys -- (Ndisuio)
DRV - [2006-11-02 09:57:20 | 000,184,320 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\netbt.sys -- (netbt)
DRV - [2006-11-02 09:57:10 | 000,066,048 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\smb.sys -- (Smb)
DRV - [2006-11-02 09:57:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2006-11-02 09:56:49 | 000,060,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rspndr.sys -- (rspndr)
DRV - [2006-11-02 09:56:49 | 000,047,104 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\lltdio.sys -- (lltdio)
DRV - [2006-11-02 09:55:27 | 000,092,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\bthpan.sys -- (BthPan) Urządzenie Bluetooth (sieć osobista)
DRV - [2006-11-02 09:55:24 | 000,034,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\umbus.sys -- (umbus)
DRV - [2006-11-02 09:55:23 | 000,049,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\rfcomm.sys -- (RFCOMM) Urządzenie Bluetooth (Protokół TDI RFCOMM)
DRV - [2006-11-02 09:55:23 | 000,039,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\bthmodem.sys -- (BTHMODEM)
DRV - [2006-11-02 09:55:22 | 000,029,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hidbth.sys -- (HidBth)
DRV - [2006-11-02 09:55:20 | 000,132,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\usbvideo.sys -- (usbvideo) Urządzenie wideo USB (WDM)
DRV - [2006-11-02 09:55:16 | 000,062,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2006-11-02 09:55:09 | 000,068,608 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006-11-02 09:55:08 | 000,035,328 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\circlass.sys -- (circlass)
DRV - [2006-11-02 09:55:05 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbuhci.sys -- (usbuhci)
DRV - [2006-11-02 09:55:05 | 000,019,456 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2006-11-02 09:55:04 | 000,038,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbehci.sys -- (usbehci)
DRV - [2006-11-02 09:55:01 | 000,021,504 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hidir.sys -- (HidIr)
DRV - [2006-11-02 09:55:01 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\hidusb.sys -- (HidUsb)
DRV - [2006-11-02 09:54:59 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2006-11-02 09:54:52 | 000,082,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\WUDFRd.sys -- (WUDFRd)
DRV - [2006-11-02 09:53:56 | 000,026,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vgapnp.sys -- (vga)
DRV - [2006-11-02 09:53:56 | 000,025,088 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2006-11-02 09:52:52 | 000,020,608 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006-11-02 09:51:44 | 000,067,072 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\cdrom.sys -- (cdrom)
DRV - [2006-11-02 09:51:40 | 000,013,312 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006-11-02 09:51:40 | 000,012,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2006-11-02 09:51:40 | 000,012,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2006-11-02 09:51:38 | 000,013,312 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006-11-02 09:51:33 | 000,025,088 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\fdc.sys -- (fdc)
DRV - [2006-11-02 09:51:32 | 000,020,480 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\flpydisk.sys -- (flpydisk)
DRV - [2006-11-02 09:51:30 | 000,083,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - [2006-11-02 09:51:30 | 000,079,360 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\parport.sys -- (Parport)
DRV - [2006-11-02 09:51:25 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - [2006-11-02 09:51:23 | 000,008,704 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - [2006-11-02 09:51:15 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2006-11-02 09:51:14 | 000,005,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2006-11-02 09:51:13 | 000,006,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSTEE.sys -- (MSTEE)
DRV - [2006-11-02 09:51:13 | 000,005,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2006-11-02 09:51:12 | 000,015,872 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2006-11-02 09:51:05 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2006-11-02 09:51:03 | 000,006,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2006-11-02 09:42:03 | 000,065,536 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ipmidrv.sys -- (IPMIDRV)
DRV - [2006-11-02 09:33:07 | 000,083,456 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\system32\drivers\luafv.sys -- (luafv)
DRV - [2006-11-02 09:32:55 | 000,027,648 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2006-11-02 09:31:26 | 000,222,208 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\DRIVERS\rdbss.sys -- (rdbss)
DRV - [2006-11-02 09:31:12 | 000,069,632 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\bowser.sys -- (bowser)
DRV - [2006-11-02 09:31:04 | 000,074,752 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\Drivers\dfsc.sys -- (DfsC)
DRV - [2006-11-02 09:30:57 | 000,225,280 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\udfs.sys -- (udfs)
DRV - [2006-11-02 09:30:57 | 000,034,816 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2006-11-02 09:30:56 | 000,022,528 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2006-11-02 09:30:50 | 000,070,144 | ---- | M] () [File_System | Disabled | Running] -- C:\Windows\System32\DRIVERS\cdfs.sys -- (cdfs)
DRV - [2006-11-02 09:30:49 | 000,142,336 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2006-11-02 09:30:19 | 000,039,424 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viac7.sys -- (ViaC7)
DRV - [2006-11-02 09:30:18 | 000,040,960 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006-11-02 09:30:18 | 000,039,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\intelppm.sys -- (intelppm)
DRV - [2006-11-02 09:30:18 | 000,038,912 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006-11-02 09:30:18 | 000,038,912 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006-11-02 09:30:18 | 000,038,400 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\processr.sys -- (Processor)
DRV - [2006-11-02 08:36:49 | 000,235,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2006-11-02 08:30:54 | 001,781,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\NETw3v32.sys -- (NETw3v32) Sterownik karty Intel®

 

 

 

1. Rozpocznij od użycia narzędzia ESET Necurs Remover. Uważnie obserwuj co się dzieje podczas uruchamiania aplikacji. Sfinalizuj restartem komputera.

 

2. Wygeneruj nowy log z OTL z opcji Skanuj oraz GMER (o ile się uda, czynny Necurs blokuje start GMER).

 

[Arturoos1990]

Gmer podczas skanu restartuje Komputer.

Kolejny skan z OTL w załączniku

 

OTL.Txt

Extras.Txt

[picasso]

Cytat

Gmer podczas skanu restartuje Komputer.

 

Nie dostosowałeś się do wytycznych, czyli nie odinstalowałeś programów emulujących wirtualne napędy, działa ofensywny sterownik DAEMON Tools:

 

DRV - [2011-06-16 08:50:07 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

 

Ale GMER chyba możemy sobie darować. Narzędzie ESET do usuwania rootkita Necurs przejechało jak żyleta. Wszystkie sterowniki zostały odblokowane, a cyfrowy sterownik rootkita jest wybrakowany i ma status "Stopped", bo ESET go przesunął do kopii z końcówką *.vir:

 

DRV - File not found [Kernel | Boot | Stopped] -- -- (c9f966b2245a3d13)
[2012-03-02 09:03:22 | 000,043,352 | ---- | M] () -- C:\Windows\System32\drivers\c9f966b2245a3d13.sys.vir

 

Przechodzimy do kolejnej fazy czyszczenia:

 

1. Wyłącz osłonę MSSE, by nie przeszkadzał. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:OTL
DRV - File not found [Kernel | System | Stopped] --  -- (zbzssitl)
DRV - File not found [Kernel | System | Stopped] --  -- (qcsxiurz)
DRV - File not found [Kernel | System | Stopped] --  -- (jcmhjuya)
DRV - File not found [Kernel | Boot | Stopped] --  -- (c9f966b2245a3d13)
[2012-03-02 09:03:22 | 000,043,352 | ---- | C] () -- C:\Windows\System32\drivers\c9f966b2245a3d13.sys.vir
[2012-03-01 16:05:26 | 000,020,928 | ---- | C] () -- C:\Users\Trahus\1rxzhicpme.exe
[2012-02-29 12:44:56 | 000,000,000 | ---D | C] -- C:\Users\Trahus\AppData\Roaming\Qosi
[2012-02-29 12:44:56 | 000,000,000 | ---D | C] -- C:\Users\Trahus\AppData\Roaming\Oqidu
[2011-11-17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Trahus\AppData\Roaming\Mozilla\Firefox\Profiles\t4ovjizk.default\searchplugins\askcom.xml
 
:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]
 
:Commands
[emptytemp]

 

Rozpocznij usuwanie przyciskiem Wykonaj skrypt. System zostanie zrestartowany i otrzymasz log z wynikami usuwania.

 

2. Wykonaj nowy log z OTL opcją Skanuj (już bez Extras) + AdwCleaner z opcji Search. Dołącz log otrzymany w punkcie 1.

 

[Arturoos1990]

Wrzucam Logi ! Udalo się również wykonać log z GMERA

 

gmerr.txt

33.txt

OTL.Txt

AdwCleanerR1.txt

[picasso]

Wszystko wykonane, nic więcej nie widzę. Wykonaj następujące kroki:

 

1. AdwCleaner widzi drobnostkę, spożyj w nim Delete a po tym Uninstall.

 

2. W OTL uruchom Sprzątanie, co zlikwiduje z dysku OTL wraz z kwarantanną.

 

3. Wykonaj jeszcze na wszelki wypadek pełne skanowanie programem antywirusowym. Zgłoś się tu z wynikami, czy coś zostało wykryte.

 

[Arturoos1990]

Jest czyściutko, ładnie i pachnąco

 

Jak zwykle od kilku już lat, bardzo dziękuje.

Temat do zamknięcia !

[picasso]

Nie tak szybko. Teraz możemy przejść do:

 

1. Czyszczenie folderów Przywracania systemu: KLIK.

 

2. Niezbędne aktualizacje: KLIK. Twój system ma krytyczny status aktualizacji (ani jednego SP!), ogólnie co wymaga aktualizacji:

 

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)

 

Wszystko uzupełnij i zgłoś się do raportu.

 

[Arturoos1990]

Racja racja, nadrabiam już braki !