MyCity » Ambulanta -> Arhiva Ambulante » Virus me ubijaaa

Virus me ubijaaa

Napisano na dan: 27.1.2012
1

Virus me ubijaaa
Sledeća strana Pagination

Idi na vrh

Poslao: 27 Jan 2012 09:50
Idi na vrh
offline
  • Pridružio: 07 Nov 2011
  • Poruke: 78

pozdrav svima sa mycity foruma
opet ja nikad kraja mojim problemima sa kompjuterom
Da pocnem imam problem sa nekim virusom koji mi bukvalno unistava kompjuter.
Pre neki dan sam skidao jedan fajl nmg da se setim za cega je ali otvorio mi je cmd
nije to nista ja uvek imam takve neke programe
ali ovaj mi je bio nesto jako sumnjiv stvarno nmg da se setim sta je pisalo ali mislim da sam pokrenuo server za "RAT" program [Remote Administrator Tool]
virus je neverovatan
Imam Avast antivirus i Malware byte's antimalware
Non stop mi ubacuje registry kljuc da iskljuci Taskmenager i registry i windows firewall
pre ovog virusa imao sam neke probleme npr:[bio mi je spor kompjuter,sporo otvarao programe,imao sam probleme sa "FP11.msi"Front page 2003 Mso cache nema ga Pa sam odlucio da uradim
System restore.Sad kad sam to uradio jos uvek imam problem sa "FP11.msi"I Realtech hd audio mi neradi RTHDCPL.exe mi neradi ubicu seeeee
Sad Mi neradi avast antivirus mislim radi ali nemoze da pokrene avastui.exe neznam sad koji su procesi za avast server skenirao sam sa malware bytes i izbacio je nekoliko virusa ali nije to to
i izbacuje mi mbam C:\Documents and settings\pc\local settings\temp\winmuno.exe i slicne takve
Trojan.Downloader Molim vas pomagajte ko boga vas molim nemogu ni da udjem u safe mod izbaci me odma dok loaduje sys fajlove i restartuje opet KO BOGA VAS MOLIMMMMM nemam jos dugo
vremena a mozda i budem reinstalirao ako nebudem nasao drugo resenje imam win xp sp3

AMD sempron le-1250 2.2ghz 2.0gb ram
ati radeon hd 4350
molim vas pomagajte mozda da instaliram windows vistu ako mogu na moj kompjuter da ga neuspori jako

Poslao: 27 Jan 2012 09:53
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Isprati upu stvo u temi http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html i postavi potrebne izvještaje.

Poslao: 27 Jan 2012 16:34
Idi na vrh
offline
  • Pridružio: 07 Nov 2011
  • Poruke: 78

Napisano: 27 Jan 2012 13:32

evo samo ovaj gmer mi jako dugo skenira i cpu mi je 90% sacekacu da zavrsi sve

Dopuna: 27 Jan 2012 15:18


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by PC at 13:05:40 on 2012-01-27
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = local
mSearchAssistant = hxxp://start.facemoods.com/?a=desktop&s={searchTerms}&f=4
mWinlogon: Userinit=c:\windows\system32\userinit.exe,userinit.exe,
mWinlogon: UIHost=c:\windows\system32\logonuicpt.exe
mWinlogon: SFCDisable=4 (0x4)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {3ba34663-845a-4931-a6f3-1e033ec342a7} - No File
TB: {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
TB: {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - No File
uRun: [ViGlance] c:\program files\viglance\ViGlance.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [RocketDock] "c:\program files\custopacktools\utils\rocketdock\RocketDock.exe"
uRun: [Advanced SystemCare 5] "d:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Facebook Update] "c:\documents and settings\pc\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TransBar] "c:\documents and settings\all users\custopacktools\softwares\transbar\TransBar.exe" /s
mRun: [IMMON] "d:\program files\im magician\Vicamon.exe"
mRun: [Malwarebytes' Anti-Malware] "d:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ExpressFiles] "c:\program files\expressfiles\ExpressFiles.exe" -tray
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\pc\startm~1\programs\startup\shortc~1.lnk - c:\program files\custopacktools\utils\rocketdock\RocketDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &NeoTrace It! - d:\progra~2\neotra~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: Interfaces\{0AB5C94F-0AD6-4F92-8A04-F428E32E0A22} : DhcpNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-01-26 20:42:35 -------- d-----w- c:\documents and settings\pc\application data\ExpressFiles
2012-01-26 20:42:34 -------- d-----w- c:\program files\ExpressFiles
2012-01-26 19:21:30 -------- d-----w- c:\program files\RegUtility
2012-01-26 10:44:59 -------- d-----w- c:\documents and settings\pc\local settings\application data\MediaGet2
2012-01-26 10:44:59 -------- d-----w- c:\documents and settings\pc\local settings\application data\Media Get LLC
2012-01-25 09:35:01 -------- d--h--w- c:\documents and settings\all users\application data\{24BB9DC5-F8E5-4DCD-BA81-7E1B5E9C72F4}
2012-01-20 21:15:36 -------- d-----w- c:\documents and settings\pc\application data\Autodesk
2012-01-19 18:47:07 -------- d-----w- c:\program files\IObit
2012-01-15 15:36:58 -------- d-----w- c:\documents and settings\pc\local settings\application data\LogMeIn Hamachi
2012-01-09 18:59:05 2484592 ----a-w- c:\windows\system32\pbsvc_p4f.exe
2012-01-08 17:00:44 -------- d-----w- C:\vcs5BGEffects
2012-01-08 14:09:28 -------- d-----w- c:\documents and settings\pc\application data\Screaming Bee
2012-01-08 14:08:49 -------- d-----w- c:\documents and settings\all users\application data\Screaming Bee
2012-01-07 19:24:05 -------- d-----w- c:\documents and settings\pc\application data\ts3overlay
2012-01-07 19:21:37 -------- d-----w- c:\documents and settings\pc\application data\TS3Client
2012-01-05 17:23:56 -------- d-----w- c:\program files\MSXML 4.0
2012-01-01 17:07:23 -------- d-----w- c:\documents and settings\pc\application data\tazti
2012-01-01 00:19:01 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-31 19:48:53 57458 ----a-w- c:\documents and settings\pc\application data\SQLite3.dll
2011-12-31 19:07:40 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-31 19:07:36 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-12-31 19:07:35 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2011-12-31 14:50:40 -------- d-----w- c:\documents and settings\pc\application data\DriverFinder
2011-12-31 13:41:48 -------- d-----w- c:\documents and settings\pc\application data\Vimisoft Studio
2011-12-31 13:41:41 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2011-12-31 13:41:41 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2011-12-31 13:41:41 241664 ----a-w- c:\windows\system32\mp4sds32.ax
2011-12-31 13:41:30 73728 ----a-r- c:\windows\system32\exvmuvc.ax
2011-12-31 13:41:29 77824 ----a-w- c:\windows\system32\vgf.dll
2011-12-31 13:41:29 450560 ----a-w- c:\windows\system32\newlistview2.dll
2011-12-31 13:41:27 -------- d-----w- c:\program files\common files\Vimisoft Studio
2011-12-31 13:41:08 -------- d-----w- c:\program files\Vimicro Corporation
2011-12-31 13:33:23 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-12-31 13:33:23 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-12-31 13:33:22 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-12-31 13:33:22 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-12-31 13:33:22 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-12-31 13:33:21 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2011-12-31 13:33:21 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-12-31 13:33:20 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-12-31 13:33:20 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-12-29 19:06:11 -------- d-----w- c:\documents and settings\pc\local settings\application data\ArmA 2 Free
2011-12-29 12:10:10 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
==================== Find3M ====================
.
2012-01-10 12:34:58 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-01-09 18:59:36 138056 ----a-w- c:\documents and settings\pc\application data\PnkBstrK.sys
2011-12-23 21:34:09 2332416 ----a-w- c:\windows\system32\TUKernel.exe
2011-12-23 17:13:03 64512 ---ha-w- c:\documents and settings\pc\application data\dach100.dll
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-13 22:28:04 55664 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-11-13 22:27:52 783472 ----a-w- c:\windows\system32\vnetlib.dll
2011-11-13 22:27:20 354416 ----a-w- c:\windows\system32\vmnetdhcp.exe
2011-11-13 22:27:18 433264 ----a-w- c:\windows\system32\vmnat.exe
2011-11-13 22:27:12 23792 ----a-w- c:\windows\system32\drivers\vmparport.sys
2011-11-13 22:27:02 25584 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2011-11-13 22:26:34 55408 ----a-w- c:\windows\system32\vmnetbridge.dll
2011-11-13 22:26:32 33776 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2011-11-13 22:26:24 25712 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-11-13 20:59:58 252016 ----a-w- c:\windows\system32\vmnc.dll
2011-11-13 20:33:56 49776 ----a-w- c:\windows\system32\vnetinst.dll
2011-11-13 20:33:56 19568 ----a-w- c:\windows\system32\drivers\vmnet.sys
2011-11-13 20:33:56 16624 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2011-11-12 19:14:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-12 19:14:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-11 20:18:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-11 20:11:28 221184 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-11 20:11:23 884736 ----a-w- c:\windows\system32\ati2cqag.dll
2011-11-11 20:11:17 7206400 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-11-11 20:11:15 18874368 ----a-w- c:\windows\system32\atioglxx.dll
2011-11-11 20:11:08 3278848 ----a-w- c:\windows\system32\ativvaxx.dll
2011-11-11 20:11:07 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-11-11 20:11:02 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-11-11 20:10:53 3953664 ----a-w- c:\windows\system32\ati3duag.dll
2011-11-11 20:10:47 65024 ----a-w- c:\windows\system32\atimpc32.dll
2011-11-11 20:10:47 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2011-11-11 20:10:42 294912 ----a-w- c:\windows\system32\ATIODE.exe
2011-11-11 20:10:06 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-11-11 20:10:04 304128 ----a-w- c:\windows\system32\ati2dvag.dll
2011-11-11 20:09:39 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-11-11 20:09:25 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-11 20:09:18 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-11-11 20:08:55 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-11-11 20:08:43 5828608 ----a-w- c:\windows\system32\aticaldd.dll
2011-11-11 20:08:33 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-11-11 20:08:04 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-11-11 20:07:58 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-11-11 20:07:48 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-11 20:07:47 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-11-11 20:07:46 118784 ----a-w- c:\windows\system32\atibtmon.exe
2011-11-11 20:07:38 806912 ----a-w- c:\windows\system32\atikvmag.dll
2011-11-11 20:07:35 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2011-11-11 20:07:32 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-11-11 20:07:18 24064 ----a-w- c:\windows\system32\ativcoxx.dll
2011-11-11 20:07:17 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-11-11 20:06:56 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-11-11 20:06:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
.
============= FINISH: 13:06:23.28 ===============




mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 27 Jan 2012 16:34

pomoc ignorisite ovaj zadnji report mislim da nije od mog kompjutera "bio je pored download programa"

Poslao: 27 Jan 2012 17:28
Idi na vrh
offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3898
  • Gde živiš: Novi Sad,Klisa

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Poslao: 27 Jan 2012 18:42
Idi na vrh
offline
  • Pridružio: 07 Nov 2011
  • Poruke: 78

ComboFix 12-01-27.01 - PC 01/27/2012 18:20:44.1.1 - x86
Running from: d:\my documents-downloads\Downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Administrator3SQLite3.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\PC\Application Data\.#
c:\documents and settings\PC\Application Data\chrtmp
c:\documents and settings\PC\Application Data\dach100.dll
c:\documents and settings\PC\Application Data\Microsoft\Windows\!nyatiGX.cfg
c:\documents and settings\PC\Application Data\Microsoft\Windows\!nyatiGX.dat
c:\documents and settings\PC\Application Data\PC3SQLite3.dll
c:\documents and settings\PC\Application Data\PClog.dat
c:\documents and settings\PC\Application Data\SQLite3.dll
c:\documents and settings\PC\Application Data\Toolbar4
c:\documents and settings\PC\Local Settings\Application Data\assembly\tmp
c:\program files\WinConfig
c:\program files\WinConfig\npf_mgm.exe
c:\windows\InstallDir
c:\windows\sassr.dat
c:\windows\SNMPAPI.DLL
c:\windows\sysk32.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\sinvfct.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\windir
c:\windows\system32\wpcap.dll
c:\windows\w32dasm8.ini
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))
.
.
2012-01-26 20:42 . 2012-01-27 17:04 -------- d-----w- c:\documents and settings\PC\Application Data\ExpressFiles
2012-01-26 20:42 . 2012-01-26 20:42 -------- d-----w- c:\program files\ExpressFiles
2012-01-26 19:21 . 2012-01-26 20:48 -------- d-----w- c:\program files\RegUtility
2012-01-26 10:44 . 2012-01-26 10:44 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\MediaGet2
2012-01-26 10:44 . 2012-01-26 10:44 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Media Get LLC
2012-01-25 09:35 . 2012-01-25 09:35 -------- d--h--w- c:\documents and settings\All Users\Application Data\{24BB9DC5-F8E5-4DCD-BA81-7E1B5E9C72F4}
2012-01-20 21:15 . 2012-01-21 16:28 -------- d-----w- c:\documents and settings\PC\Application Data\Autodesk
2012-01-19 18:47 . 2012-01-19 18:48 -------- d-----w- c:\program files\IObit
2012-01-15 15:36 . 2012-01-25 09:33 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\LogMeIn Hamachi
2012-01-14 13:54 . 2012-01-25 09:34 -------- d-----w- c:\documents and settings\PC\Application Data\Skype
2012-01-14 13:54 . 2012-01-25 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2012-01-09 18:59 . 2012-01-09 18:51 2484592 ----a-w- c:\windows\system32\pbsvc_p4f.exe
2012-01-08 17:00 . 2012-01-08 17:00 -------- d-----w- C:\vcs5BGEffects
2012-01-08 14:09 . 2012-01-08 14:11 -------- d-----w- c:\documents and settings\PC\Application Data\Screaming Bee
2012-01-08 14:08 . 2012-01-08 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Screaming Bee
2012-01-07 19:24 . 2012-01-07 19:24 -------- d-----w- c:\documents and settings\PC\Application Data\ts3overlay
2012-01-07 19:21 . 2012-01-07 19:25 -------- d-----w- c:\documents and settings\PC\Application Data\TS3Client
2012-01-05 17:23 . 2012-01-05 17:23 -------- d-----w- c:\program files\MSXML 4.0
2012-01-01 17:07 . 2012-01-01 17:11 -------- d-----w- c:\documents and settings\PC\Application Data\tazti
2012-01-01 00:19 . 2012-01-10 12:34 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-31 19:07 . 2012-01-10 12:34 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-31 19:07 . 2012-01-09 18:59 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-12-31 19:07 . 2011-12-31 19:07 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2011-12-31 14:50 . 2012-01-05 16:54 -------- d-----w- c:\documents and settings\PC\Application Data\DriverFinder
2011-12-31 13:41 . 2011-12-31 13:41 -------- d-----w- c:\documents and settings\PC\Application Data\Vimisoft Studio
2011-12-31 13:41 . 2010-04-05 12:31 241664 ----a-w- c:\windows\system32\mp4sds32.ax
2011-12-31 13:41 . 2001-05-16 16:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2011-12-31 13:41 . 2001-05-11 12:18 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2011-12-31 13:41 . 2009-06-17 08:55 73728 ----a-r- c:\windows\system32\exvmuvc.ax
2011-12-31 13:41 . 2009-03-03 10:55 450560 ----a-w- c:\windows\system32\newlistview2.dll
2011-12-31 13:41 . 2009-02-09 10:13 77824 ----a-w- c:\windows\system32\vgf.dll
2011-12-31 13:41 . 2011-12-31 13:41 -------- d-----w- c:\program files\Common Files\Vimisoft Studio
2011-12-31 13:41 . 2011-12-31 13:41 -------- d-----w- c:\program files\Vimicro Corporation
2011-12-31 13:33 . 2008-04-14 04:42 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-12-31 13:33 . 2008-04-14 04:42 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-12-31 13:33 . 2008-04-14 04:42 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-12-31 13:33 . 2008-04-14 04:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-12-31 13:33 . 2008-04-14 04:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-12-31 13:33 . 2008-04-13 23:16 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2011-12-31 13:33 . 2008-04-13 23:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-12-31 13:33 . 2008-04-14 04:42 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-12-31 13:33 . 2008-04-14 04:42 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-12-29 19:06 . 2011-12-29 19:19 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\ArmA 2 Free
2011-12-29 12:10 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 14:54 . 2005-03-01 13:34 57344 ----a-w- c:\windows\system32\aticalrt.dll
2012-01-27 14:54 . 2005-03-01 13:34 53248 ----a-w- c:\windows\system32\aticalcl.dll
2012-01-27 14:54 . 2005-03-01 13:34 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2012-01-27 14:54 . 2005-03-01 13:34 3307776 ----a-w- c:\windows\system32\ativvaxx.dll
2012-01-27 14:54 . 2005-03-01 13:34 19357696 ----a-w- c:\windows\system32\atioglxx.dll
2012-01-27 14:54 . 2005-03-01 13:34 294912 ----a-w- c:\windows\system32\ATIODE.exe
2012-01-27 14:53 . 2005-03-01 13:34 108032 ----a-w- c:\windows\system32\Ati2mdxx.exe
2012-01-27 14:53 . 2005-03-01 13:34 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2012-01-27 14:52 . 2005-03-01 13:34 304640 ----a-w- c:\windows\system32\ati2dvag.dll
2012-01-27 14:52 . 2005-03-01 13:34 7490560 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2012-01-27 14:52 . 2005-03-01 13:34 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2012-01-27 14:52 . 2005-03-01 13:34 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2012-01-27 14:51 . 2005-03-01 13:34 806912 ----a-w- c:\windows\system32\atikvmag.dll
2012-01-27 14:51 . 2005-03-01 13:34 17408 ----a-w- c:\windows\system32\atitvo32.dll
2012-01-27 14:51 . 2005-03-01 13:34 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-01-27 14:51 . 2005-03-01 13:34 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2012-01-27 14:51 . 2005-03-01 13:34 65024 ----a-w- c:\windows\system32\atimpc32.dll
2012-01-27 14:51 . 2005-03-01 13:34 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2012-01-27 14:51 . 2005-03-01 13:34 5334656 ----a-w- c:\windows\system32\ati3duag.dll
2012-01-27 14:51 . 2005-03-01 13:34 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-01-27 14:51 . 2011-09-11 09:56 100368 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2012-01-27 14:51 . 2005-03-01 13:34 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2012-01-27 14:50 . 2005-03-01 13:34 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2012-01-27 14:50 . 2005-03-01 13:34 602112 ----a-w- c:\windows\system32\atiok3x2.dll
2012-01-27 14:50 . 2005-03-01 13:34 118784 ----a-w- c:\windows\system32\atibtmon.exe
2012-01-27 14:50 . 2005-03-01 13:34 956160 ----a-w- c:\windows\system32\ativvamv.dll
2012-01-27 14:50 . 2005-03-01 13:34 7376896 ----a-w- c:\windows\system32\aticaldd.dll
2012-01-27 14:50 . 2005-03-01 13:34 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-01-27 14:50 . 2005-03-01 13:34 24064 ----a-w- c:\windows\system32\ativcoxx.dll
2012-01-27 14:50 . 2005-03-01 13:34 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-01-27 14:50 . 2005-03-01 13:34 884736 ----a-w- c:\windows\system32\ati2cqag.dll
2012-01-27 14:50 . 2005-03-01 13:34 233472 ----a-w- c:\windows\system32\atiadlxx.dll
2012-01-10 12:34 . 2011-09-27 16:22 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-01-09 18:59 . 2011-09-27 16:22 138056 ----a-w- c:\documents and settings\PC\Application Data\PnkBstrK.sys
2011-12-23 21:34 . 2011-12-23 21:34 2332416 ----a-w- c:\windows\system32\TUKernel.exe
2011-12-03 15:54 . 2011-11-21 14:28 165232 ---ha-w- c:\documents and settings\PC\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2011-11-28 18:01 . 2005-03-01 12:34 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2005-03-01 12:34 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2005-03-01 12:34 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2005-03-01 12:34 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2005-03-01 12:34 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2005-03-01 12:34 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2005-03-01 12:34 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2005-03-01 12:34 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2005-03-01 12:34 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2005-03-01 12:34 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-25 21:57 . 2008-04-14 04:42 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-14 00:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 04:42 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 04:42 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 04:42 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-13 22:28 . 2011-11-13 22:28 55664 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-11-13 22:27 . 2011-12-05 18:36 783472 ----a-w- c:\windows\system32\vnetlib.dll
2011-11-13 22:27 . 2011-12-05 18:37 354416 ----a-w- c:\windows\system32\vmnetdhcp.exe
2011-11-13 22:27 . 2011-12-05 18:36 433264 ----a-w- c:\windows\system32\vmnat.exe
2011-11-13 22:27 . 2011-11-13 22:27 23792 ----a-w- c:\windows\system32\drivers\vmparport.sys
2011-11-13 22:27 . 2011-12-05 18:36 25584 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2011-11-13 22:26 . 2011-11-13 22:26 55408 ----a-w- c:\windows\system32\vmnetbridge.dll
2011-11-13 22:26 . 2011-11-13 22:26 33776 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2011-11-13 22:26 . 2011-12-05 18:36 25712 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-11-13 20:59 . 2011-11-13 20:59 252016 ----a-w- c:\windows\system32\vmnc.dll
2011-11-13 20:33 . 2011-11-13 20:33 49776 ----a-w- c:\windows\system32\vnetinst.dll
2011-11-13 20:33 . 2011-11-13 20:33 19568 ----a-w- c:\windows\system32\drivers\vmnet.sys
2011-11-13 20:33 . 2011-11-13 20:33 16624 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2011-11-12 19:14 . 2011-11-12 19:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-12 19:14 . 2011-11-12 19:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-11 20:18 . 2011-04-29 11:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2008-04-14 04:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2008-04-14 04:42 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 04:41 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2008-04-13 23:07 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2008-04-14 04:42 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-14 04:42 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-14 04:42 1288704 ----a-w- c:\windows\system32\ole32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViGlance"="c:\program files\ViGlance\ViGlance.exe" [2011-10-02 487424]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-10-20 641400]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"RocketDock"="c:\program files\CustoPackTools\utils\RocketDock\RocketDock.exe" [2010-06-22 577536]
"Advanced SystemCare 5"="d:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"Facebook Update"="c:\documents and settings\PC\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-12-22 219456]
"(zabranjeno)ed Steam Service"="c:\program files\(zabranjeno)ed Steam\(zabranjeno)ed Steam.exe" [2011-09-16 337506]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 389120]
"RTHDCPL"="RTHDCPL.EXE" [2011-01-21 20026472]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2002-09-11 229376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 172032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TransBar"="c:\documents and settings\All Users\CustoPackTools\Softwares\TransBar\TransBar.exe" [2005-06-01 135168]
"IMMON"="d:\program files\IM Magician\Vicamon.exe" [2009-05-07 143360]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 531528]
"ExpressFiles"="c:\program files\ExpressFiles\ExpressFiles.exe" [2012-01-26 497784]
.
c:\documents and settings\PC\Start Menu\Programs\Startup\
Shortcut to RocketDock.lnk - c:\program files\CustoPackTools\utils\RocketDock\RocketDock.exe [2010-6-22 577536]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-10-7 183296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\System32\logonuicpt.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Rainmeter.lnk]
backup=c:\windows\pss\Rainmeter.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- d:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
2008-04-13 12:39 126976 ----a-w- d:\program files\Vista Drive Icon\DrvIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2005-03-01 13:45 209904 ----atw- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Winzip Program"=winzip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\Program Files\\Activision\\Call Of Duty 6 Modern Warfare 2 Online Test Working\\iw4mp.dat"=
"d:\\Program Files\\CS 1.6 v44 FULL p48\\games\\CS1.6v44\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\CS 1.6 Clean no lags\\hl.exe"=
"d:\\Program Files\\Activision\\Call Of Duty 6 Modern Warfare 2 Online Test Working\\iw4mp.exe"=
"d:\\Program Files\\BATTLEFIELD P4F\\BFP4f.exe"=
"c:\\Program Files\\ExpressFiles\\ExpressDL.exe"=
"c:\\Documents and Settings\\PC\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"d:\\Program Files\\IObit\\Advanced SystemCare 5\\Sus12_ProcessManager.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\Program Files\\ExpressFiles\\ExpressFiles.exe"=
"c:\\Program Files\\CustoPackTools\\utils\\RocketDock\\RocketDock.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\ATI\\ATICustomerCare\\ATICustomerCare.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
"c:\\Documents and Settings\\PC\\Local Settings\\Application Data\\Facebook\\Update\\FacebookUpdate.exe"=
"c:\\Program Files\\(zabranjeno)ed Steam\\steam.exe"=
"c:\\Program Files\\(zabranjeno)ed Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=
"c:\\Program Files\\(zabranjeno)ed Steam\\steamapps\\scripterbacktrack946142\\garrysmod\\hl2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 saftgei;saftgei;c:\windows\System32\drivers\couijko.sys [x]
R0 SmartDefragDriver;SmartDefragDriver; [x]
R0 xiixfrxv;xiixfrxv;c:\windows\System32\drivers\wpotcae.sys [x]
R1 aswSnx;aswSnx; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;?????? Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-23 205808]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-23 205808]
R3 PBDOWNFORCE_SERVICE;PBDOWNFORCE_SERVICE; [x]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 a347bus;a347bus;c:\windows\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
S0 a347scsi;a347scsi;c:\windows\System32\Drivers\a347scsi.sys [2004-04-30 5248]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 98928]
S1 aswSP;aswSP; [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-19 232512]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-29 497496]
S2 aswFsBlk;aswFsBlk; [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-01-19 22504]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\Drivers\ousbehci.sys [2011-09-11 45312]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-08-29 665200]
S2 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [2011-11-13 11839488]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-07-08 22768]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-01-27 100368]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2006-03-24 30728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-09-11 57248]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\DRIVERS\ousb2hub.sys [2011-09-11 55936]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ABP470N5
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-26 c:\windows\Tasks\ASC5_AutoClean.job
- d:\program files\IObit\Advanced SystemCare 5\AutoSweep.exe [2011-11-23 09:58]
.
2012-01-27 c:\windows\Tasks\ASC5_AutoUpdate.job
- d:\program files\IObit\Advanced SystemCare 5\AutoUpdate.exe [2011-11-23 17:19]
.
2012-01-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-117609710-562591055-1801674531-1003Core.job
- c:\documents and settings\PC\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-12-22 19:03]
.
2012-01-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-117609710-562591055-1801674531-1003UA.job
- c:\documents and settings\PC\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-12-22 19:03]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-23 13:07]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-23 13:07]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-562591055-1801674531-1003Core.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2005-03-01 13:45]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-562591055-1801674531-1003UA.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2005-03-01 13:45]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: &NeoTrace It! - d:\progra~2\NEOTRA~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 192.168.152.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{3ba34663-845a-4931-a6f3-1e033ec342a7} - (no file)
Toolbar-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Toolbar-10 - (no file)
WebBrowser-{3BA34663-845A-4931-A6F3-1E033EC342A7} - (no file)
WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file)
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
SafeBoot-IMFservice
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2012-01-27 18:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TransBar = "c:\documents and settings\All Users\CustoPackTools\Softwares\TransBar\TransBar.exe" /s?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-562591055-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:9e,b6,f2,ad,70,ba,23,7d,01,86,66,89,fd,e9,4e,09,5e,c7,11,b6,db,
c8,61,92,89,eb,24,f3,6b,84,64,e8,e3,20,f0,d4,de,aa,e3,6d,8f,38,be,98,a0,c0,\
"rkeysecu"=hex:c8,98,f2,b7,5b,44,fb,b3,64,73,cb,65,24,f4,49,2b
.
[HKEY_LOCAL_MACHINE\software\Microsoft\ESENT\Process\S* Ë*å*M* *h*Ä*¢*k* *v*ë*r*s*i*Ø*ñ* *3*.*0* *b*y* *h*P*3*2*1*h*e*l*d*e*r*\DEBUG]
"Trace Level"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1184)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3048-)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\program files\CustoPackTools\utils\RocketDock\RocketDock.dll
c:\windows\system32\msi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2012-01-27 18:34:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-27 17:34
.
Pre-Run: 4,307,304,448 bytes free
Post-Run: 4,614,574,080 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=NIPWER
.
- - End Of File - - A6E762FFD2B255510A9398555E0F9D10

Poslao: 27 Jan 2012 21:29
Idi na vrh
offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3898
  • Gde živiš: Novi Sad,Klisa

Ovo nije moguće očistiti iz aktivnog Windows-a (tj. nije moguće uspešno dezinfikovati file-ove inficirane Sality-jem).

Teoretski, postoje dve mogućnosti.

1. Da skineš neki LiveCD za AV skener-om koji je sposoban da ovo dezinfikuje.

No, tvoj Windows i programi su u toliko lošem stanju da se to prosto ne isplati. Morao bi ponovo da instaliraš sve što je već obrisano i da radiš repair Windows-a, a to što na kraju dobiješ teško da će da radi kako treba.

2. Da izvršiš backup svega što ti je bitno, formatiraš particiju na kojoj je Windows, instaliraš Windows nanovo i zatim dezinfikuješ to što si backup-ovao.



Preporučujem opciju 2 jer će uzeti manje vremena i nakon toga ćeš imati funkcionalan Windows.


Pitanje: imaš li više particija na hard disku i za koju opciju se odlučuješ (da znam na šta da te uputim)?



NIx Car (AMF Tim)

Poslao: 28 Jan 2012 10:52
Idi na vrh
offline
  • Pridružio: 07 Nov 2011
  • Poruke: 78

Napisano: 28 Jan 2012 9:54

C:\
D:\

Dopuna: 28 Jan 2012 9:56

rado bih reinstalirao windows ali neznam tacno kako mislim imam cd pre sam pokusavao
ubacim cd kod boot-a i onda mi lepo sve otvori i kad dodjem da biram repair i install nemogu nista da uradim

Dopuna: 28 Jan 2012 9:59

mozete mi reci kako da to uradim za windows xp tacne instrukcije ?

Dopuna: 28 Jan 2012 10:08

a da skinem doctor web cd rescue disk i da ga bootujem i da izbrisem a da onda probam da sam sve manuelno da brisem programe i da ih ponovo instaliram jeste mozda teze ali strpljiv sam
"imam cd za windows" ali neznam da li mi treba serial i kako da nadjem
npr formatiram c:\ D:\
i onda se zeznem da mi trazi serial za windows da li cu moci da instaliram
PLASIM SE DA RADIM TO PA ZATO
Nemam serial

Dopuna: 28 Jan 2012 10:28

POMOZITE MIII

Dopuna: 28 Jan 2012 10:52

Da li mogu da koristim od mog windows-a serial nasao sam ga u windows\system32\.....
nasao sam serial ali da li ce raditi sa drugim cd-om ili kako da nadjem serial ?

Poslao: 28 Jan 2012 11:27
Idi na vrh
offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3898
  • Gde živiš: Novi Sad,Klisa

Kao sto sam ti napisao,ukoliko se odlucis za varijantu sa DrWebom,proces ce trajati dugo,a ishod je neizvestan.


Formatiranje je brza i sigurnija opcija od DrWeba.



Diskusiju oko seriala za windows necemo imati,zato sto je to protiv pravilnika foruma.

Poslao: 28 Jan 2012 11:37
Idi na vrh
offline
  • Pridružio: 07 Nov 2011
  • Poruke: 78

dobro samo mi recite kako da formatiram windows preko cd-a na boot-u ili na mycomputer da selektujem |
C:\ desni klik na njega i format samo me to zanima?

Poslao: 28 Jan 2012 11:41
Idi na vrh
offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3898
  • Gde živiš: Novi Sad,Klisa

Preko CDa ga formatiraj,iz aktivnog windowsa je nemoguce formatirati sistemsku particiju.

MyCity » Ambulanta -> Arhiva Ambulante » Virus me ubijaaa

Ko je trenutno na forumu
 

Ukupno su 1154 korisnika na forumu :: 41 registrovanih, 7 sakrivenih i 1106 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: airsuba, amaterSRB, babaroga, cavatina, draganl, flash12, HrcAk47, Karla, kikisp, krkalon, Kubovac, ladro, laganini123, Lieutenant, milenko crazy north, Milos ZA, milutin134, MiroslavD, mnn2, nemkea71, nenad81, pein, Pohovani_00, procesor, Ripanjac, Romibrat, S1Mk3, saputnik plavetnila, Shinobi, Simon simonović, slonic_tonic, suton, tomigun, Trpe Grozni, tubular, vaso1, vladetije, vladulns, Webb, YU-UKI, šumar bk2