Jump to content

Help exe not vaild win32


Noway
 Share

Recommended Posts

hello please i need help

 

after i ran antivirus it deleted some files that was injected now everything in system32 .exe is not a valid win 32 application i done all the steps mentioned and hope i can get help some of the scan required couldn't be done like DDS scan reason is cscript.exe / findstr.exe / sort.exe is not valid win32 application can't even run sfc.exe for same reason msconfig.exe and cmd was infected too it win32.virut.CF and win32.sality.AE and SONAR.heuristic.110 virus and was cleaned by Norton

couldn't run security check 

sc.exe /  netsh.exe / WMIC.exe is not  valid win 32 application

 

Rkill 2.6.2 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/17/2013 10:24:16 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\System32\rundll32.exe (PID: 2320) [WD-HEUR]
 * C:\Windows\system32\AUDIODG.EXE (PID: 3260) [WD-HEUR]
 
2 proccesses terminated!
 
Possibly Patched Files.
 
 * C:\Windows\System32\spoolsv.exe
 * C:\Windows\Explorer.EXE
 * C:\Windows\system32\conhost.exe
 * C:\Windows\system32\conhost.exe
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
 * WMPNetworkSvc [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * C:\Windows\System32\conhost.exe : 299,008 : 10/10/2013 08:36 AM : e8e613eab80fa5fd470c991ff95be8d0 [NoSig]
 +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17514_none_7663313c605bdebe\conhost.exe : 299,008 : 10/10/2013 09:27 AM : 046a25f38e1597faa0cc8e89f1a8b7a2 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17641_none_763fc2806076e3b3\conhost.exe : 299,008 : 10/10/2013 09:27 AM : 310f9e430ec45eed3e7682fc2ae5e726 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17932_none_764b9868606dd88e\conhost.exe : 299,008 : 10/10/2013 09:27 AM : 9f45cbc77f14107ad3fa6e77c94dee57 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17965_none_762e298260837866\conhost.exe : 299,008 : 10/10/2013 09:27 AM : 5d8e60ae46b9ec4b0f1612c37b748156 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18015_none_76641140605b1ff3\conhost.exe : 299,008 : 10/10/2013 09:27 AM : 9a27b2dbf93e3f23df5a7b8e642c92c5 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18229_none_765d4648605f9b8e\conhost.exe : 299,008 : 10/10/2013 08:36 AM : e8e613eab80fa5fd470c991ff95be8d0 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.21756_none_76c390d179981e21\conhost.exe : 299,008 : 11/13/2011 05:46 PM : f8bca1b240c189dba1d318327d61a5b5 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22091_none_76932b9d79bd3cc2\conhost.exe : 299,008 : 10/10/2013 09:27 AM : d122aed585d159498bb8050c9b22864a [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22125_none_76e2de1f7980dbae\conhost.exe : 299,008 : 10/10/2013 09:33 AM : 87cb4a868dd765c674a6c6f18159bc3e [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22177_none_76aecf1779a79a11\conhost.exe : 299,008 : 10/10/2013 09:33 AM : db9c34bf71123cf62473ff3de052f75c [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22411_none_76e9b295797c51d6\conhost.exe : 299,008 : 08/02/2013 07:01 AM : 100ca4855cad2e86fb916b0005b9bd53 [Pos Repl]
 
 * C:\Windows\System32\ctfmon.exe : 36,352 : 10/10/2013 09:20 AM : 10ced38f8fc8ff53519dd655145c1a79 [NoSig]
 +-> C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe : 36,352 : 10/10/2013 09:20 AM : 10ced38f8fc8ff53519dd655145c1a79 [Pos Repl]
 
 * C:\Windows\System32\dllhost.exe : 34,816 : 10/10/2013 08:41 AM : 5b98d225a23a479e0224de33bf9275ee [NoSig]
 +-> C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7\dllhost.exe : 34,816 : 10/10/2013 08:41 AM : 5b98d225a23a479e0224de33bf9275ee [Pos Repl]
 
 * C:\Windows\System32\spoolsv.exe : 345,088 : 10/10/2013 08:36 AM : 886561cec8730478cb54417047a131cd [NoSig]
 +-> C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe : 345,088 : 11/20/2010 11:29 PM : d25cb3fdff9306a8715afd6e9f94711c [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_d815322f1ff8cc1a\spoolsv.exe : 345,088 : 10/10/2013 08:36 AM : 886561cec8730478cb54417047a131cd [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_d8cedec038f3454c\spoolsv.exe : 345,600 : 10/10/2013 09:33 AM : a52f6270253f473fd10c85e42e8bdc71 [Pos Repl]
 
 * C:\Windows\System32\userinit.exe : 54,272 : 10/10/2013 08:45 AM : 9fa92407317b6468a29353e4873d7ec4 [NoSig]
 +-> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe : 54,272 : 10/10/2013 08:45 AM : 9fa92407317b6468a29353e4873d7ec4 [Pos Repl]
 
 * C:\Windows\System32\wbem\wmiprvse.exe : 285,184 : 10/10/2013 08:37 AM : bfab276188c7ef2cf4eb991e787f2fd4 [NoSig]
 +-> C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_126a2876e9a722d2\WmiPrvSE.exe : 285,184 : 10/10/2013 08:37 AM : bfab276188c7ef2cf4eb991e787f2fd4 [Pos Repl]
 
 * C:\Windows\explorer.exe : 2,643,968 : 10/10/2013 08:37 AM : a32d4a4c06908bdf639946dc8dad3308 [NoSig]
 +-> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe : 2,643,968 : 11/20/2010 11:29 PM : 530f5b245776aeb3db9a69cb3fcb6313 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe : 2,643,968 : 10/10/2013 08:37 AM : a32d4a4c06908bdf639946dc8dad3308 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe : 2,643,968 : 10/10/2013 09:28 AM : b500167cba94f0c226511203381da671 [Pos Repl]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1 genuine.microsoft.com
  127.0.0.1 mpa.one.microsoft.com
  127.0.0.1 sls.microsoft.com
 
Program finished at: 10/17/2013 10:25:05 PM
Execution time: 0 hours(s), 0 minute(s), and 48 seconds(s)
 
 
 
-------------------------------------------------
 
 
 
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-17 22:55:33
-----------------------------
22:55:33.231    OS Version: Windows 6.1.7601 Service Pack 1
22:55:33.231    Number of processors: 2 586 0x170A
22:55:33.232    ComputerName: BODY-PC  UserName: 
22:55:34.173    Initialize success
22:56:05.379    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
22:56:05.388    Disk 0 Vendor: WDC_WD5000AAKX-00ERMA0 15.01H15 Size: 476940MB BusType: 3
22:56:05.472    Disk 0 MBR read successfully
22:56:05.475    Disk 0 MBR scan
22:56:05.477    Disk 0 Windows 7 default MBR code
22:56:05.480    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:56:05.487    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        49899 MB offset 206848
22:56:05.504    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       200000 MB offset 102400000
22:56:05.521    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       226939 MB offset 512000000
22:56:05.526    Disk 0 scanning sectors +976771072
22:56:05.590    Disk 0 scanning C:\Windows\system32\drivers
22:56:09.520    Service scanning
22:56:18.571    Modules scanning
22:56:22.330    Disk 0 trace - called modules:
22:56:22.346    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 
22:56:22.353    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86208920]
22:56:22.362    3 CLASSPNP.SYS[8ca7959e] -> nt!IofCallDriver -> [0x85cfd918]
22:56:22.368    5 ACPI.sys[8c23d3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x8613d030]
22:56:22.375    Scan finished successfully
22:56:30.823    Disk 0 MBR has been saved successfully to "C:\Users\2B COMPUTER\Desktop\MBR.dat"
22:56:30.828    The log file has been saved successfully to "C:\Users\2B COMPUTER\Desktop\aswMBR.txt"
 

 

post-146948-0-57292000-1382044775_thumb.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.