MyCity » Ambulanta -> Arhiva Ambulante » Win32 Heur, provera

Win32 Heur, provera

Napisano na dan: 27.12.2011

Win32 Heur, provera
Sledeća strana Pagination

Idi na vrh

Poslao: 27 Dec 2011 19:41
Idi na vrh
offline
  • Pridružio: 14 Feb 2008
  • Poruke: 12405

Poz ambulanto Smile, situacija je sledeća, pustio sam win32/heur koga je AVG detektovao no verovalo se da je isti false/positive, nalazi se u dll-u, ako niste pretrpani poslom zamolio bih vas da odradite malu proveru simptoma heur-a. Takođe pre jedno nedelju dana sam obrisao Malwarebytes-om infekciju u msn dll fajlu, koja je bila na foru smajlića nešto iako nisam ikada skidao iste te nisam mogao da sredim taj dll reinstalaciom, skinuo sam dll sa neta i proverio ga, bio je čist mada nisam baš nešto siguran ali Norton na drugom OS-u me više ne prijavljuje kao zaraženu osobu. Dakle ako imate vremena, jedna provera za simptome heur-a i čisto provera sistema jer često imam neke "false/positive" zaraze. Takođe ne mogu da instaliram poslednji Flash iz nekog razloga, uvek dobijem grešku prilikom instalacije doduše nisam pokušao iz safe moda.

Imam MCShield, AVG 2012 Free i do skoro OA no obrisah ga jer nije zadovoljavao moje uslove (koji su banalni ali eto, smetalo mi je par stvarčica)

Mogu da prikačim i "false/positive" fajl, oko 860 kb je preko specijalnog linka ukoliko to zatražite.
Inače već postoje testiranja jer je popularan fajl u pitanju tako da jedan od online skenera kaže :
[Link mogu videti samo ulogovani korisnici] da je 100% virus a detekcija je 9/32
Takođe još jedan od online skenera kaže :
[Link mogu videti samo ulogovani korisnici]

Neki AV softveri ga prepoznaju kao trojan.gen neki kao win32.heur

Evo i mog skena sa virus totala, 18/43
[Link mogu videti samo ulogovani korisnici]

OS Win 7 Ultimate
Internet : 4mb/s Kablovski K::CN
Browser : Chrome

Sretni Novogodišnji i Božićni praznici i izvinite sada za smor Ziveli

DDS :


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Srki94 at 15:33:41 on 2011-12-27
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3067.1027 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Predator2\PredatorACE.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\sppsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\srpskey.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\Multimedia Keyboard Driver\M-KbdDrv.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Program Files\MCShield\MCShieldTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Users\Srki94\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Adobe\Adobe InDesign CS5\InDesign.exe
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Users\Srki94\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Srki94\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Srki94\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Srki94\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Srki94\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Srki94\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Srki94\AppData\Local\Google\Chrome\Application\chrome.exe
F:\xampp\mysql\bin\mysqld.exe
F:\xampp\FileZillaFTP\FileZillaServer.exe
F:\xampp\xampp-control.exe
F:\xampp\apache\bin\httpd.exe
F:\xampp\apache\bin\httpd.exe
C:\Users\Srki94\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uSearch Bar = Preserve
uInternet Settings,ProxyServer = http=127.0.0.1:8888; https=127.0.0.1:8888
mSearchAssistant = [Link mogu videti samo ulogovani korisnici]{searchTerms}&f=4
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: CBZurlmon Object: {311ba51f-64f2-439d-9a4a-772373d77312} - c:\program files\bufferzone\BZbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hypercam toolbar\tbcore3.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hypercam toolbar\tbcore3.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Google Update] "c:\users\srki94\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AdobeBridge]
uRun: [MCShield] c:\program files\mcshield\MCShieldRTM.exe
uRun: [MCShieldTray] c:\program files\mcshield\MCShieldTray.exe
uRun: [Secure Folder] "c:\program files\secure folder\SecureFolder.exe" /AUTO
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [srpskey] c:\windows\system32\SRPSKEY.EXE
mRun: [AdobeAAMUpdater-1.0] -"c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Acrobat Assistant 7.0] "d:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [MutlimediaKbdDriver] c:\program files\multimedia keyboard driver\M-KbdDrv.exe
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
StartupFolder: c:\users\srki94\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\srki94\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\srki94\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
uPolicies-explorer: HideSCABattery = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Convert link target to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [Link mogu videti samo ulogovani korisnici]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [Link mogu videti samo ulogovani korisnici]
TCP: DhcpNameServer = 178.79.22.6 178.79.0.3
TCP: Interfaces\{00AB3EFB-E7FB-473F-B225-DF68A459C164} : DhcpNameServer = 178.79.22.6 178.79.0.3
TCP: Interfaces\{6A022846-D308-4849-8137-C63FAA3F7B9B} : DhcpNameServer = 178.79.22.6 178.79.0.3
TCP: Interfaces\{80AE467F-3339-4B92-BA17-23F9EFDC8987} : DhcpNameServer = 10.96.72.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
STS: CThemeResourceChangerObject Class: {f791a188-699d-4fd4-955a-eb59e89b1907} - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-1-21 21512]
R0 REDLIGHT;REDLIGHT;c:\windows\system32\drivers\redlight.sys [2010-11-29 378144]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files\iz3d driver\win32\S3DInjectionDriver.sys [2011-9-12 34968]
R1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\drivers\TsLwWfF.sys [2010-4-22 22632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-15 1361288]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-8 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-10-2 2255464]
R2 PredatorACE;Predator ACE;c:\program files\predator2\PredatorACE.exe [2010-3-15 88064]
R2 S3DSvc32;S3D Service (Win32);c:\program files\iz3d driver\win32\S3DCService.exe [2011-9-12 360960]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2009-11-28 4096]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-1-21 26248]
R3 KuirKbdFltr;KuirKbdFltr overlay support subsystem;c:\windows\system32\drivers\KuirKbdFltr.sys [2010-4-8 21792]
R3 KuirMouFltr;KuirMouFltr overlay support subsystem;c:\windows\system32\drivers\KuirMouFltr.sys [2010-4-8 38176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-8 22216]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-6-17 139368]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-7-4 119016]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2008-6-4 143467]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-30 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2009-9-24 22528]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-12-19 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-30 135664]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-6-20 100736]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-8-21 4639136]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-12-16 38976]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064]
S3 SIVDriver;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2011-11-14 93464]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-11-6 12984]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2011-10-3 82736]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2011-9-22 252928]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2011-9-22 398720]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
.
=============== File Associations ===============
.
.txt=Notepad++_file
.
=============== Created Last 30 ================
.
2011-12-27 14:32:36 -------- d-----w- c:\users\srki94\appdata\local\{0EFFB472-8243-4E75-8A69-AEC535845CE2}
2011-12-27 14:31:47 -------- d-----w- c:\users\srki94\appdata\local\{16EDAF5B-E250-4EA3-8DF4-B6E77E28413C}
2011-12-27 03:35:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-12-27 03:35:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-12-27 03:35:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-12-27 03:35:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-12-27 03:35:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-12-27 03:35:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-12-27 03:35:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-12-27 02:31:32 -------- d-----w- c:\users\srki94\appdata\local\{89271ECE-8B36-4AFE-ADFF-19209401F5AA}
2011-12-26 14:30:25 -------- d-----w- c:\users\srki94\appdata\local\{14A1F15A-A4CA-4BE0-AC63-9D37F3748A38}
2011-12-26 14:29:35 -------- d-----w- c:\users\srki94\appdata\local\{524FC52E-EC3F-4EB7-81A2-1FB6F569629D}
2011-12-26 02:29:04 -------- d-----w- c:\users\srki94\appdata\local\{28DEF4D5-2494-4318-9F76-3FE16DBBB180}
2011-12-26 02:28:17 -------- d-----w- c:\users\srki94\appdata\local\{D8F1B044-79F1-4342-A844-1D641556D2CD}
2011-12-25 14:27:41 -------- d-----w- c:\users\srki94\appdata\local\{C4EC8043-EF64-4CD2-A978-6CC7104403D2}
2011-12-25 02:26:33 -------- d-----w- c:\users\srki94\appdata\local\{8C5AB7F1-84C4-45CB-8475-DCEF276D873B}
2011-12-25 02:25:44 -------- d-----w- c:\users\srki94\appdata\local\{94A1CE03-0445-4F8F-A934-F512AD719BE2}
2011-12-24 19:23:08 -------- d-----w- C:\Program Files (x86)
2011-12-24 13:50:02 -------- d-----w- c:\users\srki94\appdata\local\{7A4C9A7F-193F-498E-8973-943CB40EA408}
2011-12-24 01:48:53 -------- d-----w- c:\users\srki94\appdata\local\{30FBEF30-9B10-4E63-A7ED-37B636AFFBBA}
2011-12-24 01:48:03 -------- d-----w- c:\users\srki94\appdata\local\{FA42E4A0-2F31-4B93-A0D3-703C4820F3F4}
2011-12-23 13:47:30 -------- d-----w- c:\users\srki94\appdata\local\{5B39ED6A-3352-4367-9A69-31E2E134292C}
2011-12-23 01:46:26 -------- d-----w- c:\users\srki94\appdata\local\{291F33B7-2E9E-4D3F-90BA-5778AAB915F1}
2011-12-22 13:45:20 -------- d-----w- c:\users\srki94\appdata\local\{D5AB4034-7297-41AE-9495-9D334541E2DB}
2011-12-22 13:44:44 -------- d-----w- c:\users\srki94\appdata\local\{2AB54C7F-F142-4553-A122-44F25655E3C8}
2011-12-22 00:39:52 -------- d-----w- c:\users\srki94\appdata\local\{3CE9C5AF-E490-4025-9EDB-E8E944AC0974}
2011-12-21 12:38:56 -------- d-----w- c:\users\srki94\appdata\local\{45895000-4806-4D5D-89FC-6BD839EDC161}
2011-12-21 00:38:00 -------- d-----w- c:\users\srki94\appdata\local\{0BC162EC-2805-4E35-AB09-405D884147C2}
2011-12-20 16:52:33 -------- d-----w- c:\users\srki94\appdata\local\ElevatedDiagnostics
2011-12-20 14:08:48 -------- d-----w- c:\users\srki94\appdata\roaming\Windows Live Writer
2011-12-20 14:08:48 -------- d-----w- c:\users\srki94\appdata\local\Windows Live Writer
2011-12-20 12:36:57 -------- d-----w- c:\users\srki94\appdata\local\{E1A63262-DB9A-4961-96DD-00061511806A}
2011-12-20 12:36:19 -------- d-----w- c:\users\srki94\appdata\local\{2DA7E845-5959-45EE-A425-FFEB85F486D4}
2011-12-20 02:56:07 -------- d-----w- c:\users\srki94\appdata\local\{3E579399-6B2F-4B81-AAA5-78FF8725AC8F}
2011-12-19 14:54:41 -------- d-----w- c:\users\srki94\appdata\local\{62EB9942-F98C-48A2-91CA-DFC50CB1A12F}
2011-12-19 14:54:05 -------- d-----w- c:\users\srki94\appdata\local\{74EC516B-5E50-4336-8D66-A14829F76A01}
2011-12-19 14:37:17 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-12-19 14:17:39 -------- d-----w- c:\program files\Microsoft
2011-12-19 14:14:16 7450888 ----a-w- c:\program files\common files\windows live\.cache\74a9764f1ccbe5804\bingbarsetup.exe
2011-12-19 14:13:11 15712 ----a-w- c:\program files\common files\windows live\.cache\567e8c1a1ccbe5803\MeshBetaRemover.exe
2011-12-19 07:04:00 -------- d-----w- c:\users\srki94\appdata\local\{0A15AB5B-20DF-4E2D-9FC4-926C8D18B9DB}
2011-12-18 21:16:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-18 19:03:10 -------- d-----w- c:\users\srki94\appdata\local\{3509CE3D-3BD5-4120-9C9C-6964E812FCF8}
2011-12-18 19:02:35 -------- d-----w- c:\users\srki94\appdata\local\{984C2CC7-D029-453B-AD17-FF89FB4FF546}
2011-12-18 06:21:22 -------- d-----w- c:\users\srki94\appdata\local\{C8AB9941-14A8-4771-B4B6-3270730FFA20}
2011-12-18 06:20:46 -------- d-----w- c:\users\srki94\appdata\local\{B94F1CC5-463B-48A5-B103-F1678F430F5F}
2011-12-17 18:20:30 -------- d-----w- c:\users\srki94\appdata\local\{86F5F74E-9309-4BB9-9242-EA0E41212CFF}
2011-12-17 18:19:54 -------- d-----w- c:\users\srki94\appdata\local\{0FA20823-F008-4003-9CEE-E00CB39B847C}
2011-12-17 06:19:39 -------- d-----w- c:\users\srki94\appdata\local\{25B307BC-FB46-4857-9B52-CA5B0843926B}
2011-12-17 06:19:02 -------- d-----w- c:\users\srki94\appdata\local\{8141D6E2-A802-4DFB-8554-540E98389B95}
2011-12-16 18:18:44 -------- d-----w- c:\users\srki94\appdata\local\{C713B545-DB70-4D76-92AF-EE50B4ED6488}
2011-12-16 18:18:06 -------- d-----w- c:\users\srki94\appdata\local\{5FDB2375-0BB0-4DF7-908B-5E43B8ACDCC1}
2011-12-16 06:17:43 -------- d-----w- c:\users\srki94\appdata\local\{11A62770-6A8B-4599-8C93-B9CA7499E877}
2011-12-16 06:16:57 -------- d-----w- c:\users\srki94\appdata\local\{AC4C582A-AB10-45C2-8FBC-5AE78F3939A1}
2011-12-15 18:16:37 -------- d-----w- c:\users\srki94\appdata\local\{B27847A7-4DDA-4FFE-8988-8518F8A93DDA}
2011-12-15 18:15:59 -------- d-----w- c:\users\srki94\appdata\local\{D16E18D2-92C4-48B6-B462-2DAC13DFF29F}
2011-12-15 06:15:29 -------- d-----w- c:\users\srki94\appdata\local\{FF37DDE6-2FEC-4D84-BC85-AD0D443A9D54}
2011-12-15 06:14:47 -------- d-----w- c:\users\srki94\appdata\local\{142F37C0-19BA-4569-95DF-09926899D0DD}
2011-12-14 18:05:31 -------- d-----w- c:\users\srki94\appdata\local\{A230E1AC-C13B-488D-B949-129412097E3D}
2011-12-14 18:04:54 -------- d-----w- c:\users\srki94\appdata\local\{8B9ADDEE-E9B5-406D-A8A0-13990CD071C0}
2011-12-14 12:14:13 -------- d-sh--w- C:\found.000
2011-12-14 06:04:15 -------- d-----w- c:\users\srki94\appdata\local\{0CD4A3D4-36B9-4E69-AE3F-4912199A193E}
2011-12-14 06:03:24 -------- d-----w- c:\users\srki94\appdata\local\{3E84DD48-1B05-45C5-990F-DA609CE61DE7}
2011-12-13 18:02:40 -------- d-----w- c:\users\srki94\appdata\local\{F80D057A-3AA5-4853-855F-51653036D613}
2011-12-13 06:01:32 -------- d-----w- c:\users\srki94\appdata\local\{B1FE7EFB-CF95-417E-9DD2-6DEFC052BD4B}
2011-12-13 01:18:50 -------- d-----w- c:\program files\VentSrv
2011-12-12 18:00:25 -------- d-----w- c:\users\srki94\appdata\local\{B3F0B374-B77F-485F-9EF8-E06CA52DFC5C}
2011-12-12 05:59:21 -------- d-----w- c:\users\srki94\appdata\local\{888F3943-E0A1-4C85-A10F-369A0BCE8661}
2011-12-11 17:58:17 -------- d-----w- c:\users\srki94\appdata\local\{A89797B8-1225-4635-9745-665205959E23}
2011-12-11 05:57:07 -------- d-----w- c:\users\srki94\appdata\local\{0A98E2EC-9235-4349-AB3E-44970C999AE4}
2011-12-10 17:55:56 -------- d-----w- c:\users\srki94\appdata\local\{CCDF6D6D-6680-40B8-812A-6FCE4B1B6EF6}
2011-12-10 05:54:45 -------- d-----w- c:\users\srki94\appdata\local\{12C8261E-13F4-4895-903E-3CEF38987A88}
2011-12-10 04:15:25 -------- d-----w- c:\program files\MSECache
2011-12-09 21:28:45 -------- d-----w- c:\users\srki94\appdata\local\Deployment
2011-12-09 17:53:33 -------- d-----w- c:\users\srki94\appdata\local\{5D0BE88B-E5E3-45AD-990F-4DAFF6E158A0}
2011-12-09 17:52:44 -------- d-----w- c:\users\srki94\appdata\local\{BB11DF57-6B6C-4ACF-A8B5-11AF49DDEB47}
2011-12-09 03:52:32 -------- d-----w- c:\users\srki94\appdata\local\{C0025450-1969-4FCD-80A6-C0370E342F07}
2011-12-08 15:51:27 -------- d-----w- c:\users\srki94\appdata\local\{E477F199-9885-4FAE-9C53-5819CE2A2E47}
2011-12-08 15:50:41 -------- d-----w- c:\users\srki94\appdata\local\{AEAF0FEF-6A51-43D5-974E-CA44AEABAAC2}
2011-12-08 03:50:09 -------- d-----w- c:\users\srki94\appdata\local\{24C3DF15-6435-4F86-AEEA-4C163284817E}
2011-12-08 03:49:18 -------- d-----w- c:\users\srki94\appdata\local\{BFE312A9-7C07-46BA-A7E1-0A9549778F3E}
2011-12-07 15:48:44 -------- d-----w- c:\users\srki94\appdata\local\{623D855D-A63D-4A4D-B0E6-DAF7E87238FD}
2011-12-07 03:47:47 -------- d-----w- c:\users\srki94\appdata\local\{C9589C9D-DFF8-405E-8108-F8A013450946}
2011-12-07 03:47:07 -------- d-----w- c:\users\srki94\appdata\local\{5C572F1E-2EDE-4E44-B878-8DAFD9DDA6C2}
2011-12-06 15:46:34 -------- d-----w- c:\users\srki94\appdata\local\{65AA7F47-014E-4C60-A2E5-0C5E63B11516}
2011-12-06 15:45:58 -------- d-----w- c:\users\srki94\appdata\local\{86C13A16-AD19-4DD3-ACAF-7551BA5F615E}
2011-12-05 17:40:07 -------- d-----w- c:\users\srki94\appdata\local\{E10AD691-E3B5-4080-AE81-913EC5682A73}
2011-12-05 17:39:28 -------- d-----w- c:\users\srki94\appdata\local\{C160E81C-1173-47FA-AC30-3069BE179510}
2011-12-05 05:24:45 -------- d-----w- c:\users\srki94\appdata\local\{D6988C25-B262-458A-AFA4-FA324B907DFA}
2011-12-05 05:24:09 -------- d-----w- c:\users\srki94\appdata\local\{08C4D44F-997D-4265-8B98-CCACD0701F93}
2011-12-04 17:23:15 -------- d-----w- c:\users\srki94\appdata\local\{AE50C45F-52BF-4C56-B7B3-2110A053D903}
2011-12-04 05:21:48 -------- d-----w- c:\users\srki94\appdata\local\{D5EC0735-72AF-42E5-A52E-2652BB88AA0B}
2011-12-04 05:20:51 -------- d-----w- c:\users\srki94\appdata\local\{E1B840E2-D46F-4F90-8B47-31AEF6721A66}
2011-12-02 19:35:26 -------- d-----w- c:\users\srki94\appdata\local\{BC35E0EF-F464-4474-A3A7-801E9C024661}
2011-12-01 13:32:53 -------- d-----w- c:\users\srki94\appdata\local\{2897F0AC-C30E-4BD1-8B15-FC1457158ECB}
2011-12-01 13:32:17 -------- d-----w- c:\users\srki94\appdata\local\{0A5E216E-13F9-4EFD-8589-9D2847FE7B29}
2011-11-30 02:45:14 -------- d-----w- c:\users\srki94\appdata\local\{E52454D6-11AD-4801-A8D6-CA74F6469D8C}
2011-11-30 02:44:18 -------- d-----w- c:\users\srki94\appdata\local\{BB319889-7F70-43C0-8E9B-DE33BBB4B6C2}
2011-11-29 12:45:43 -------- d-----w- c:\users\srki94\appdata\local\{62AB691D-DA20-4EBD-82B5-F32BF5A530FC}
2011-11-29 12:45:00 -------- d-----w- c:\users\srki94\appdata\local\{C9DD69C3-1B13-4C24-9F7B-B4B54DE5135E}
2011-11-29 03:32:51 -------- d-----w- c:\users\srki94\appdata\roaming\To the Moon - Freebird Games
2011-11-27 23:42:05 -------- d-----w- c:\users\srki94\appdata\local\realtech_VR
2011-11-27 23:34:38 -------- d-----w- c:\programdata\realtech VR
2011-11-27 23:33:56 -------- d-----w- c:\program files\realtech VR
.
==================== Find3M ====================
.
2011-12-26 02:19:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-06 02:10:42 36864 ----a-w- c:\windows\system32\srpskey.exe
2011-11-14 08:26:54 93464 ----a-w- c:\windows\system32\drivers\SIVX32.sys
2011-11-13 18:30:07 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-10-24 13:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-09 20:55:51 73 ----a-w- c:\windows\system32\ssprs.dll
2011-10-09 20:55:51 205 ----a-w- c:\windows\system32\lsprst7.dll
2011-10-07 05:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21:28 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-04 01:18:12 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-10-04 01:18:12 1025 ----a-w- c:\windows\system32\clauth2.dll
2011-10-04 01:18:12 1025 ----a-w- c:\windows\system32\clauth1.dll
2011-10-03 14:49:32 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-10-03 14:49:32 82736 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2011-10-03 14:49:32 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-10-03 14:49:32 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-10-03 14:49:32 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-10-03 14:49:32 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-29 15:43:37 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:20:25 2339840 ----a-w- c:\windows\system32\win32k.sys
2011-09-28 21:54:48 947472 ----a-w- c:\windows\system32\msjava.dll
.
============= FINISH: 153548.54 ===============

DDS Attachment

[Link mogu videti samo ulogovani korisnici]

E sada, Gmer je skenirao 5h i ubagovao je na jednom fajlu pri prvom skeniranju :


I tako stoji već 30 minuta nisam uspeo ništa da uradim, jednostavno ne nastavlja, pritom ne zauzima procesor 100% međutim laptop laguje kao i zvuk. Ja sam sačuvao taj log dokle je on stigao i prikačio ga kao Gmer1.log Rootapeal ne radi uopšte dobijam sledeću grešku :



Zaustavio sam skeniranje Gmer-a posle tog baga i nastavio prema uputstvu, dakle Gmer1 log nije potpun jer nisam uspeo da odradim skeniranje do kraja.

Gmer 1
[Link mogu videti samo ulogovani korisnici]

Gmer 2
[Link mogu videti samo ulogovani korisnici]

Gmer 3
[Link mogu videti samo ulogovani korisnici]

P.S. Nemam pojma odakle gore onaj link za facemoods, možda sam imao ranije taj krš ali sam ga očistio, ne koristim IE Mozillu i maxthon tako da zaista nemam pojma odakle to, takođe prilikom MWBytes skeniranja nisam našao ostatke Facemoods-a sem eto tog linka koji je iskočio sada Confused
Evo upravo sam proverio nije to početna u IE već Xfire , tako da zaista nemam pojma odakle taj link gore, nema ga kao default startup stranice ni u jednom browseru. Jedino što mi dolazi kao ideja jeste da je neko od porodice naknadno instalirao jer koriste laptop nekada.



Poslao: 27 Dec 2011 21:35
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Pozdrav,

U sistemu nemaš tragove aktivnog malwarea i sporni fajl ne moraš da nam šalješ.



Poslao: 27 Dec 2011 22:07
Idi na vrh
offline
  • Pridružio: 14 Feb 2008
  • Poruke: 12405

Zahvaljujem na brzom odgovoru, sretni Novogodišnji praznici AMF-ovci Smile Hvala! Ziveli

MyCity » Ambulanta -> Arhiva Ambulante » Win32 Heur, provera

Ko je trenutno na forumu
 

Ukupno su 1168 korisnika na forumu :: 140 registrovanih, 10 sakrivenih i 1018 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, 4. Ozrenska, A.R.Chafee.Jr., Abebe Bikila, AK - 230, Alexa77, Andrija357, Apok, Armadillo, arsa, avijacija, awathorn, bestguarder, Betty25, Bickoooo, Bivan, Bojan198527, bojan313, bojcistv, Boris BM, Bubimir, ccoogg123, cezar67, Cicumile, cole77, CrazyNorth, cyprus, d.arsenal321, Dare, dearg, Denaya, DJUNTA, Dorcolac, dozorni, dragan_mig31, drimer, Drugsparrow, dukajov, dulleo, esx66, FOX, Frunze, gasazem, goranjovic, goxin, gregorxix, GUARIN, h8propaganda, HrcAk47, Insan, ivan979, JankoS, JOntra, Jozo74, Kibice, Kubovac, ljubo70, Lucije Kvint, M74AB3, Marko Marković, Marko1238, markolopin, markoni.slo, MB120mm, Metanoja, mica6335, Miki01, mikrimaus, milanovic, mile.ilic75, milenko crazy north, Milometer, Milos1389, mir, MiroslavD, misaru, Mldo, mrav pesadinac, mux, Nadla, Natuzzi, nebidrag, nemkea71, neutrino, nisamBot, padamacki, Pantelejmon, pein, Pekman, Pilence, Pinchroller, ping15, Plavi Jadran, Povratak1912, precan, prikolica, prle122, promajauglavi, Pururin, radovanstojkov023, raf87, robertino, ruma, s0ne, samo opusteno, samsung, saputnik plavetnila, Saša1989, sekretar, stegonosa, strn, Tas011, Token, troki1971, tubular, tuja, Tumansky, Tvrtko I, vasa.93, vathra, vensla, vidra1, virked, vjetar, Vladko, Vlado82, vlahale, volimpivuvolimrakiju, Vrač, Vzor50, wexy, x9, XRF_d, zg, zhuki8, zil10, Zoca, Zoran Rapajić, Zoran1959, Žoržo