system file infected/corrupt

[XXN]

hi,
few days ago my PC was infected with jeefo. I used "jeefogui" and I cured most part of the infected files (.exe). But, some system files it can't cure. Dr. web so can't do it.
Infected files (@ jeefogui):

C:\Windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_2d4ce84c4a0b8470\fsquirt.exe
C:\Windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_92c343c9dc681a74\fsquirt.exe
C:\Windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_a6bf6d613b46f6a5\fsquirt.exe
C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_x86_neutral_a651bb730e78eedd\dpinst.exe
C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_x86_neutral_a651bb730e78eedd\nvudisp.exe
C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.17514_none_744c2e2719d350a0\fsquirt.exe
C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.17607_none_745a00d719c87ddb\fsquirt.exe
C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.17889_none_740585d71a078a5f\fsquirt.exe
C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.21716_none_74d7cd6c32ef203f\fsquirt.exe
C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.1.7601.22046_none_74b739963307a1a2\fsquirt.exe

​

I runned sfc /scannow. Either that hasn't helped.
sfc Scan log: View attachment CBS.zip

what can i do to solve this issue?

 

[TrainableMan]

Download TDSSKiller and RKill from our Freeware DB. If you do not have an anti-virus then download, install, and allow to update Malwarebytes Anti-Malware (MBAM). Then reboot your system into safe mode without networking (Reboot and, when it says "Starting Windows," Press F8; If you get a message asking continue in safe mode or perform a system restore, choose continue in safe mode). Now run TDSSKiller and after that run RKill and after that run a full virus scan. The first two will take maybe 5 minutes each but a full virus scan can take anywhere from 30 minutes to several hours depending on your hard drive size and number of files.

TDSSKiller is designed specifically to look for rootkits. RKill is designed to stop the stealthing programs that hide/protect/regenerate some nasty viruses. Running these first will help ensure your A/V has the best chance of cleaning up the infected files.

 

[Digerati]

If you do not have an anti-virus then download, install, and allow to update Malwarebytes Anti-Malware (MBAM).

That's a great product but note MBAM (Free) does not run full time, but "on-demand" only. Therefore, it is good as a supplemental anti-malware solution - great to verify your real-time anti-malware solution did not miss anything and I use and highly recommend MBAM for that purpose.

So if you don't have an anti-virus program, you need to download and install a "full-time" solution now. If you want to pay for MBAM Pro, fine. It's a great product. But there are many capable free anti-malware solutions. I use and recommend Microsoft Security Essentials (MSE).

 

[TrainableMan]

My information was merely to rid your computer of the infected files. I agree with Digerati that once you have your system cleaned you want to avoid these situations in the future by running active anti-virus protection such as MSE.

 

[XXN]

@ TrainableMan,
no threats detected (both programs)

Rkill:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/27/2012 06:18:03 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Update (wuauserv) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 12/27/2012 06:18:27 PM
Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)

TDSSKiller: http://pastebin.com/6VfVa8Fb

 

[TrainableMan]

And you ran them in safemode, correct?

Then what happened when you ran a complete anti-virus scan in safe mode? Was it able to delete the offending files?

 

[XXN]

first time, i ranned them in normal windows boot mode

but now i did it in safe mode
results attached

 

[TrainableMan]

The results look fine, but while still in safe mode you must then run a complete anti-virus scan.

Does everything seem to be working alright?

Did you install Malwarebytes and run it in safe mode?

 

[XXN]

MBAM can't detect it.
Only jeefogui and Windows sfc scan

yes, everything work properly.

 

[TrainableMan]

Have you tried booting up to the W7 Ult DVD and running "system repair" (On the install menu system repair is in the bottom left corner).

 

[XXN]

i haven't more the install disc

 

[TrainableMan]

Download & burn it to DVD ... preferably on a computer you don't suspect is infected. W7 SP1

If we do not have links to "Ultimate" in your language then you will need to download "Professional" and then delete ei.cfg before you burn it to DVD. See this thread: "Get four versions from one".

 

[XXN]

thanks, i will try

 

[TrainableMan]

If you cannot get that to work then quite honestly I would probably reinstall rather than take a chance on being infected.