MyCity » Ambulanta -> Arhiva Ambulante » Blue screen pri pokretanju sistema

Blue screen pri pokretanju sistema

Napisano na dan: 10.8.2009
1

Blue screen pri pokretanju sistema
Sledeća strana Pagination

Idi na vrh

Poslao: 10 Avg 2009 15:36
Idi na vrh
offline
  • Pridružio: 14 Sep 2008
  • Poruke: 424
  • Gde živiš: Podgorica

Napisano: 10 Avg 2009 15:34

Imam veliki problem, prilikom pokretanja sistema pojavljuje mi se plavi ekran na kojeme piše sledeće :

Techical information :
STOP : 0X0000007E (OXC0000005, 0X5052A125, 0XF79F7070, 0XF79F6D6C)

Ovo mi smeta da podignem sistem pa nekoliko puta moram da ga restartujem da bih uspio.
Nakon toga kad podignem Mozillu non stop mi javlja Crash report i pojavi se blue screen.

Nisam mogao ni da instaliram antivirus uvijek mi javlja da je to nemoguće.
U safe boot nisam uspio da skeniram ni sa jednim programom zato što javlja da ne može da se pokrene.

Evo sada mi ne funkcioniše skoro ni jedan tab u Mozilli, kada kliknem na neki tab ne reaguje i samo se ugasi sama od sebe.
Takođe prilikom reinstalacije antivirusa pojavi se blue screen.

Ovo mi se dešava kad pkrenem Spybot a slično je i sa drugim programima...



Molim za pomoć.


Log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:29, on 10.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Memturbo 4\MemTurbo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: MemTurbo.lnk = C:\Program Files\Memturbo 4\MemTurbo.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MemTurbo.lnk = C:\Program Files\Memturbo 4\MemTurbo.exe (User 'Default user')
O4 - Startup: MemTurbo.lnk = C:\Program Files\Memturbo 4\MemTurbo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{25C65EA4-5DEC-467C-9414-7FC17653EF49}: NameServer = 195.66.160.1,195.66.160.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 5574 bytes

Dopuna: 10 Avg 2009 15:36

Ja se izvinjavam ako sam na nepravilan način pokrenuo temu ali imam veliku muku da ovo postujem to radim iz nekoliko puta.

Poslao: 10 Avg 2009 16:26
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8518
  • Gde živiš: Novi Beograd

Pozz,

u HJT logu nema nista sumnjivo.

Probaj sa ovim da skeniras:

Preuzmi program DDS sa ovog, ovog ili ovog linka na Desktop.


Dvoklikom pokreni DDS;

nakon par minuta će se pojaviti poruka o završetku procesa i otvoriće se dva izveštaja;

snimi oba izveštaja na Desktop (izborom File > Save As);

dvoklikom otvori DDS.txt i iskopiraj sadržaj u temu;

file Attach.txt priloži uz poruku korišćenjem opcije Prikači fajl.

Napomena: u slučaju da zaštitni softver omete DDS u radu, privremeno deaktiviraj isti (uputstvo) i ponovo pokreni DDS.

Poslao: 10 Avg 2009 16:34
Idi na vrh
offline
  • Pridružio: 14 Sep 2008
  • Poruke: 424
  • Gde živiš: Podgorica

Helen nadam se da sam dobro odradio...


DDS (Ver_09-07-30.01) - NTFSx86
Run by JIB at 16:30:44,15 on pon 10.08.2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.1023.596 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Memturbo 4\MemTurbo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\JIB\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mWindow Title =
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CoTGT_BHO Class: {c333cf63-767f-4831-94ac-e683d962c63c} - c:\program files\tgtsoft\stylexp\TGT_BHO.dll
TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\jib\startm~1\programs\startup\memturbo.lnk - c:\program files\memturbo 4\MemTurbo.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: {25C65EA4-5DEC-467C-9414-7FC17653EF49} = 195.66.160.1,195.66.160.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jib\applic~1\mozilla\firefox\profiles\99ppwuix.default\
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-10 114768]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-1-30 34312]
R1 HMFAxCore55688327e8f59cf41f6f99d9c88a251d;HMFAxCore55688327e8f59cf41f6f99d9c88a251d;c:\windows\system32\drivers\HMFAxCore55688327e8f59cf41f6f99d9c88a251d.sys [2008-12-23 22304]
R1 HMFAxCoreac1538dd22fa7acfd433f47c679ad9da;HMFAxCoreac1538dd22fa7acfd433f47c679ad9da;c:\windows\system32\drivers\HMFAxCoreac1538dd22fa7acfd433f47c679ad9da.sys [2009-1-9 22304]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-10 20560]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-1-31 603904]
S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\c:\program files\cyberlink\powerdvd\000.fcl --> c:\program files\cyberlink\powerdvd\000.fcl [?]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\anti trojan elite\atepmon.sys --> c:\program files\anti trojan elite\ATEPMon.sys [?]
S3 gel90xne;gel90xne;\??\c:\docume~1\jib\locals~1\temp\gel90xne.sys --> c:\docume~1\jib\locals~1\temp\gel90xne.sys [?]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-08-10 16:14 <DIR> --d----- C:\VundoFix Backups
2009-08-09 14:44 93,696 a------- c:\windows\system32\vsmon
2009-07-31 23:38 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-07-26 12:45 <DIR> --d----- c:\program files\Rockstar Games
2009-07-19 15:19 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-19 15:19 1,409 a------- c:\windows\QTFont.for
2009-07-16 20:26 0 a------- c:\windows\b-flac-mp3-converter.INI
2009-07-16 20:19 <DIR> --d----- c:\docume~1\jib\applic~1\GetRightToGo
2009-07-16 20:13 515,760 a------- c:\windows\system32\SpoonUninstall.exe

==================== Find3M ====================

2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-31 23:39 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-07-31 23:39 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-07-31 15:59 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2009-07-25 19:23 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-02-20 01:25 87,608 a------- c:\docume~1\jib\applic~1\inst.exe
2009-02-20 01:25 47,360 a------- c:\docume~1\jib\applic~1\pcouffin.sys
2009-01-12 00:27 22,328 a------- c:\docume~1\jib\applic~1\PnkBstrK.sys

============= FINISH: 16:31:41,21 ===============

https://www.mycity.rs/must-login.png

Poslao: 10 Avg 2009 17:16
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8518
  • Gde živiš: Novi Beograd

Ajmo jos nesto da pokusamo, pa cemo videti sta se desava.

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Poslao: 10 Avg 2009 18:33
Idi na vrh
offline
  • Pridružio: 14 Sep 2008
  • Poruke: 424
  • Gde živiš: Podgorica

Helen evo me izvini što kasnim ...

ComboFix 09-08-09.04 - JIB 10.08.2009 18:08.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.1023.530 [GMT 2:00]
Running from: c:\documents and settings\JIB\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090810-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JIB\Application Data\inst.exe
c:\documents and settings\JIB\Desktop\[Torrentsworld.net]
c:\documents and settings\JIB\Desktop\[Torrentsworld.net]
c:\windows\Installer\10677d0.msi
c:\windows\Installer\14e1e9.msi
c:\windows\Installer\2c90586.msi
c:\windows\Installer\51afbf.msp
c:\windows\Installer\51afc0.msp
c:\windows\system32\mfc45.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 15:08 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-10 15:08 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-10 15:08 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-10 15:08 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-10 15:08 . 2009-08-10 15:08 -------- d-----w- c:\program files\Alwil Software
2009-08-10 14:52 . 2009-08-10 14:53 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-10 14:51 . 2009-08-10 14:53 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-10 14:51 . 2009-08-10 14:51 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-10 13:10 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-10 13:10 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-10 13:10 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-10 13:10 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-10 13:10 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-09 12:43 . 2009-08-09 12:55 -------- d-----w- c:\documents and settings\JIB\Local Settings\Application Data\Google
2009-07-31 21:38 . 2009-08-08 11:23 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-26 10:45 . 2009-07-26 10:45 -------- d-----w- c:\program files\Rockstar Games
2009-07-16 18:19 . 2009-07-16 18:25 -------- d-----w- c:\documents and settings\JIB\Application Data\GetRightToGo
2009-07-16 18:13 . 2009-07-16 18:10 515760 ----a-w- c:\windows\system32\SpoonUninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 14:53 . 2009-01-11 22:27 22328 ----a-w- c:\documents and settings\JIB\Application Data\PnkBstrK.sys
2009-08-10 14:53 . 2009-01-11 22:27 22328 ----a-w- c:\documents and settings\JIB\Application Data\PnkBstrK.sys
2009-08-10 14:52 . 2009-02-09 20:01 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-10 14:41 . 2007-03-03 14:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-08-09 17:55 . 2007-03-24 13:25 -------- d-----w- c:\program files\Winamp
2009-08-09 17:55 . 2009-03-07 12:14 -------- d-----w- c:\documents and settings\JIB\Application Data\BitTorrent
2009-08-06 23:54 . 2009-01-31 19:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 23:54 . 2009-01-31 19:51 3942048 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-06 11:30 . 2007-11-06 20:46 -------- d-----w- c:\documents and settings\JIB\Application Data\Skype
2009-08-03 15:33 . 2008-10-07 13:18 -------- d-----w- c:\documents and settings\JIB\Application Data\Vso
2009-08-03 11:36 . 2009-01-31 19:51 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-01-31 19:50 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 11:05 . 2007-02-27 12:51 -------- d-----w- c:\program files\Di recnik
2009-08-02 20:40 . 2008-07-12 19:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-31 21:54 . 2009-07-06 10:50 -------- d-----w- c:\program files\Xicat
2009-07-31 21:39 . 2009-01-31 19:29 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-31 21:39 . 2009-01-31 19:29 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-31 21:38 . 2008-12-21 16:42 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-31 20:21 . 2007-12-04 00:19 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-07-31 13:59 . 2008-12-21 00:30 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-07-26 10:45 . 2007-02-07 13:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-25 17:23 . 2009-02-19 23:52 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-21 20:34 . 2007-11-06 20:46 -------- d-----r- c:\program files\Skype
2009-07-12 19:08 . 2009-06-24 08:09 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-07-10 14:34 . 2009-07-10 14:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\3DWA_L
2009-07-08 17:42 . 2009-07-08 17:42 -------- d-----w- c:\documents and settings\JIB\Application Data\Aleo Software
2009-07-06 19:54 . 2009-07-06 19:54 -------- d-----w- c:\program files\SimBin
2009-07-02 17:54 . 2008-08-16 12:30 74320 ----a-w- c:\documents and settings\JIB\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 23:51 . 2009-06-29 23:51 -------- d-----w- c:\program files\Styler
2009-06-25 21:07 . 2007-12-27 20:04 -------- d-----w- c:\program files\IObit
2009-06-23 19:44 . 2008-11-30 22:32 -------- d-----w- c:\documents and settings\JIB\Application Data\IObit
2009-06-23 19:42 . 2008-11-09 18:18 -------- d-----w- c:\documents and settings\JIB\Application Data\DNA
.

------- Sigcheck -------

[-] 2004-08-03 22:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe
[-] 2004-08-03 22:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\dllcache\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll

[-] 2004-08-03 22:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll
[-] 2004-08-03 22:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\ws2_32.dll

[-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[-] 2007-08-22 13:12 658944 1901AD51DA8BE9F8B38D5D526E5D1788 c:\windows\SoftwareDistribution\Download\730e45fefcdf343b61704b89c95d7cca\sp2gdr\wininet.dll
[-] 2007-08-22 12:55 665600 A1BC17EB3758D73C3938B2318820F5B4 c:\windows\SoftwareDistribution\Download\730e45fefcdf343b61704b89c95d7cca\sp2qfe\wininet.dll
[-] 2007-10-11 06:13 659456 2005AD86A22AEE68E21EE59F9CCB77F2 c:\windows\SoftwareDistribution\Download\fa58243222bcfe35e5467668df396003\sp2gdr\wininet.dll
[-] 2007-10-11 05:57 666112 80D660A49E0D118144423099B2A9F5DA c:\windows\SoftwareDistribution\Download\fa58243222bcfe35e5467668df396003\sp2qfe\wininet.dll
[-] 2007-01-04 13:37 658944 8C393DF5234CBCBFF1EE31902D6B40AE c:\windows\system32\wininet.dll
[-] 2007-01-04 13:37 658944 8C393DF5234CBCBFF1EE31902D6B40AE c:\windows\system32\dllcache\wininet.dll

[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2gdr\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2qfe\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-03 22:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe
[-] 2004-08-03 22:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\dllcache\winlogon.exe

[-] 2004-08-03 21:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-03 21:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2004-08-03 21:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-03 21:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 12:55 2057600 1D659BFB788ED2BA45075624B748D249 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntkrnlpa.exe
[-] 2006-12-19 12:55 2057600 1D659BFB788ED2BA45075624B748D249 c:\windows\system32\ntkrnlpa.exe
[-] 2006-12-19 12:55 2057600 1D659BFB788ED2BA45075624B748D249 c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 14:17 2180352 8F0DEAB1F81FB83F9C5995853CE48B9F c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe
[-] 2006-12-19 14:17 2180352 8F0DEAB1F81FB83F9C5995853CE48B9F c:\windows\system32\ntoskrnl.exe
[-] 2006-12-19 14:17 2180352 8F0DEAB1F81FB83F9C5995853CE48B9F c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2004-08-03 22:56 1032192 A0732187050030AE399B241436565E64 c:\windows\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
[-] 2004-08-03 22:56 1032192 A0732187050030AE399B241436565E64 c:\windows\system32\dllcache\explorer.exe

[-] 2004-08-03 22:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\services.exe
[-] 2004-08-03 22:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\dllcache\services.exe

[-] 2004-08-03 22:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe
[-] 2004-08-03 22:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\dllcache\lsass.exe

[-] 2004-08-03 22:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe
[-] 2004-08-03 22:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\dllcache\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\dllcache\spoolsv.exe

[-] 2004-08-03 22:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe
[-] 2004-08-03 22:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\userinit.exe

[-] 2004-08-03 22:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll
[-] 2004-08-03 22:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\dllcache\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\sp2gdr\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\sp2qfe\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\system32\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\system32\dllcache\kernel32.dll

[-] 2004-08-03 22:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll
[-] 2004-08-03 22:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\dllcache\powrprof.dll

[-] 2004-08-03 22:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll
[-] 2004-08-03 22:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\imm32.dll

[-] 2004-08-03 22:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\appmgmts.dll
[-] 2004-08-03 22:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\dllcache\appmgmts.dll

[-] 2007-01-04 14:05 3062272 1C45525574EF206346FBAFCAAC7CC4A5 c:\windows\$hf_mig$\KB928090\SP2QFE\mshtml.dll
[-] 2007-08-22 13:12 3058176 591449BD8F2C8090B9259E88C78AE61D c:\windows\SoftwareDistribution\Download\730e45fefcdf343b61704b89c95d7cca\sp2gdr\mshtml.dll
[-] 2007-08-22 12:55 3064832 885E3BF99EA4B2213901EBC35B34CF12 c:\windows\SoftwareDistribution\Download\730e45fefcdf343b61704b89c95d7cca\sp2qfe\mshtml.dll
[-] 2007-10-30 10:16 3058688 DA077E334961230C12E3E4D62626286E c:\windows\SoftwareDistribution\Download\fa58243222bcfe35e5467668df396003\sp2gdr\mshtml.dll
[-] 2007-10-30 09:55 3065856 79314A0A6B0DA78AFE491FF2D8B117BA c:\windows\SoftwareDistribution\Download\fa58243222bcfe35e5467668df396003\sp2qfe\mshtml.dll
[-] 2007-01-04 13:36 3056640 F31274D7667D83E73C6EE16D2206B76C c:\windows\system32\mshtml.dll
[-] 2007-01-04 13:36 3056640 F31274D7667D83E73C6EE16D2206B76C c:\windows\system32\dllcache\mshtml.dll

[-] 2004-08-03 20:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys

[-] 2004-08-03 22:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\comres.dll
[-] 2004-08-03 22:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\dllcache\comres.dll

[-] 2004-08-03 22:56 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\lpk.dll
[-] 2004-08-03 22:56 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\dllcache\lpk.dll

[-] 2001-08-23 10:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2001-08-23 10:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

[-] 2001-08-23 10:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys
[-] 2001-08-23 10:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\system32\drivers\aec.sys

[-] 2006-11-01 19:17 927504 925F8B61ED301A317BA850EBEECBDAA0 c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 927504 925F8B61ED301A317BA850EBEECBDAA0 c:\windows\system32\dllcache\mfc40u.dll

[-] 2005-04-28 19:35 396288 DA383FB39A6F1C445F3AFC94B3EB1248 c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-07-26 04:20 398336 C369DF215D352B6F3A0B8C3469AA34F8 c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-07-26 04:39 397824 CE94A2BD25E3E9F4D46A7373FF455C6D c:\windows\system32\rpcss.dll
[-] 2005-07-26 04:39 397824 CE94A2BD25E3E9F4D46A7373FF455C6D c:\windows\system32\dllcache\rpcss.dll

[-] 2004-08-03 22:56 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\msgsvc.dll
[-] 2004-08-03 22:56 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\dllcache\msgsvc.dll

[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\system32\comctl32.dll
[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\system32\dllcache\comctl32.dll
[-] 2001-08-23 10:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-03 22:57 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[-] 2001-08-23 10:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys

[-] 2004-08-03 22:56 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\sfc.dll
[-] 2004-08-03 22:56 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\dllcache\sfc.dll

[-] 2004-08-03 22:56 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\netlogon.dll
[-] 2004-08-03 22:56 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\dllcache\netlogon.dll

[-] 2004-08-03 22:56 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\qmgr.dll
[-] 2004-08-03 22:56 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\dllcache\qmgr.dll

[-] 2004-08-03 22:56 180224 0F78E27F563F2AAF74B91A49E2ABF19A c:\windows\system32\scecli.dll
[-] 2004-08-03 22:56 180224 0F78E27F563F2AAF74B91A49E2ABF19A c:\windows\system32\dllcache\scecli.dll

[-] 2004-08-03 21:05 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-08-03 21:05 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\drivers\asyncmac.sys

[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\sp2gdr\ntfs.sys
[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\sp2qfe\ntfs.sys
[-] 2004-08-03 21:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\system32\dllcache\ntfs.sys
[-] 2004-08-03 21:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\system32\drivers\ntfs.sys

[-] 2004-08-03 22:56 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\system32\srsvc.dll
[-] 2004-08-03 22:56 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\system32\dllcache\srsvc.dll

[-] 2004-08-03 22:56 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\wscntfy.exe
[-] 2004-08-03 22:56 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\dllcache\wscntfy.exe

[-] 2004-08-03 22:56 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\system32\ntmssvc.dll
[-] 2004-08-03 22:56 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\system32\dllcache\ntmssvc.dll

[-] 2004-08-03 22:56 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\system32\rasauto.dll
[-] 2004-08-03 22:56 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\system32\dllcache\rasauto.dll

[-] 2004-08-03 22:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
[-] 2004-08-03 22:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\dllcache\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-07-20 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\JIB\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\Memturbo 4\MemTurbo.exe [2008-12-11 2314752]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\c:\0autocheck autochk /p \??\C:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.8.2009 15:10 114768]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [30.1.2008 13:38 34312]
R1 HMFAxCore55688327e8f59cf41f6f99d9c88a251d;HMFAxCore55688327e8f59cf41f6f99d9c88a251d;c:\windows\system32\drivers\HMFAxCore55688327e8f59cf41f6f99d9c88a251d.sys [23.12.2008 0:05 22304]
R1 HMFAxCoreac1538dd22fa7acfd433f47c679ad9da;HMFAxCoreac1538dd22fa7acfd433f47c679ad9da;c:\windows\system32\drivers\HMFAxCoreac1538dd22fa7acfd433f47c679ad9da.sys [9.1.2009 22:43 22304]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.8.2009 15:10 20560]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 gel90xne;gel90xne;\??\c:\docume~1\JIB\LOCALS~1\Temp\gel90xne.sys --> c:\docume~1\JIB\LOCALS~1\Temp\gel90xne.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-08-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2008-07-14 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-14 14:31]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mWindow Title =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {25C65EA4-5DEC-467C-9414-7FC17653EF49} = 195.66.160.1,195.66.160.2
FF - ProfilePath - c:\documents and settings\JIB\Application Data\Mozilla\Firefox\Profiles\99ppwuix.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 18:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-1303643608-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3260)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\WINZIP\WZSHLSTB.DLL
c:\program files\WinRAR\rarext.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\windows\system32\nvcpl.dll
c:\windows\system32\nvshell.dll
c:\windows\system32\browselc.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\shdoclc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\program files\Executive Software\Diskeeper\DkService.exe
c:\program files\Common Files\MicroWorld\Agent\MWASER.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\TUProgSt.exe
c:\windows\system32\wscntfy.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-08-10 18:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-10 16:29

Pre-Run: 36.612.112.384 bytes free
Post-Run: 36.547.129.344 bytes free

332

Poslao: 10 Avg 2009 18:38
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8518
  • Gde živiš: Novi Beograd

Preuzmi SysProt AntiRootkit sa sledeće stranice:

SysProt downlaod

Na strani koja se otvori treba kliknuti "here" link.



Raspakuj arhivu u neki folder (uputstvo), a zatim:
dvoklikom pokreni program i pređi na Log karticu;

štikliraj svih osam stavki i klikni Create log;

nakon određenog vremena će se pojaviti upit u kome treba obeležiti
Scan root drive only i kliknuti Start;

po završetku skeniranja pojaviće se obaveštenje koje treba zatvoriti klikom na OK;

izveštaj (log) će biti sačuvan u istom folderu u kome se nalazi i sam program.


Priloži kreirani izveštaj uz poruku korišćenjem opcije Prikači fajl.

Poslao: 10 Avg 2009 19:12
Idi na vrh
offline
  • Pridružio: 14 Sep 2008
  • Poruke: 424
  • Gde živiš: Podgorica

Evo nadam se da sam dobro odradio
Helen hvala na pomoći ...


https://www.mycity.rs/must-login.png

Poslao: 10 Avg 2009 20:46
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8518
  • Gde živiš: Novi Beograd

Uploaduj mi:

c:\windows\system32\drivers\HMFAxCoreac1538dd22fa7acfd433f47c679ad9da.sys

preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

Poslao: 10 Avg 2009 21:07
Idi na vrh
offline
  • Pridružio: 14 Sep 2008
  • Poruke: 424
  • Gde živiš: Podgorica

Evo zavrsio sam, usporio mi je rad pa malo kasnim izvini ...

Poslao: 10 Avg 2009 21:13
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8518
  • Gde živiš: Novi Beograd

Sta da ti kazem, sistem ti je u raspadu. Nema ovde neke pomoci. Ja nista ne mogu da ucinim.

MyCity » Ambulanta -> Arhiva Ambulante » Blue screen pri pokretanju sistema

Ko je trenutno na forumu
 

Ukupno su 929 korisnika na forumu :: 69 registrovanih, 8 sakrivenih i 852 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, aboris, Apok, aramis s, arzak, bbogdan, Ben Roj, bigfoot, bojcistv, BSD, Bubimir, croato, dane007, dankisha, darionis, darios, Dejan84, Djokislav, Don, dragan_mig31, Drug pukovnik, FOX, Georgius, gmlale, goxin, jovanjov90, Kaplar2, laurusri, Marko Marković, mercedesamg, Milan A. Nikolic, milimoj, Miskohd, mnn2, nebojsag, nedeljkovici, nenad_l, ofbeyond, opt1, pein, Regrut Boskica, rikirubio, robertino, RobinHood12, Rocker, saxone, Skakac7, slonic_tonic, Smiljke, solic, SOVO515, stagezin, Steeeefan, Tas011, teodorica, tmanda323, Username1000, Van, vathra, virked, wexy, wizzardone, YU-UKI, zdrebac, zhuki8, zixmix, Zmaj001, znaisha, zxstole