Jump to content

Recommended Posts

Hi guys !

I'm new here and i'd be very very glad if you could've help me. Well everytime i enter the browser thingy "avast" always pops up a warning "superbackuptext.info , syncerjpi , unitiated.in" and more , it says it's malware type , and that they blocked it .

Anyways i really think that it's a T-rex type. It will just slow down my computer and destroy it , please help me...the malware anti-virus isn't doing anything , i scanned three times and it says i got no virus,  but ....

it says this

 

============== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Romanian (HKLM\...\{AC76BA86-7AD7-1048-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Catalyst Control Center (HKLM\...\{86EC42B5-346E-4BAB-948D-58E021EA4BD1}) (Version: 1.2.2044.226 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.162-050803a2-026336C-ATI - )
ATI HYDRAVISION (HKLM\...\{083F79E4-6FE9-46FB-A6C6-4F8862742947}) (Version: 3.25.9006 - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cisco Aironet Installation Wizard (HKLM\...\CiscoInstallWizard) (Version:  - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet for Wired Connections (HKLM\...\{16906D21-0656-4F8B-9A01-C3D24B5401FC}) (Version: 7.10.0000 - Intel)
Malwarebytes Anti-Malware versiunea 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Pachetul de interfaţă Windows pentru limba română (HKLM\...\{20C7B299-43C5-4A9C-84C7-4E29D1530B4D}) (Version: 3.0.2600.3 - Microsoft Corporation)
Prince of Persia Collection Limited Edition (HKLM\...\Prince of Persia Collection Limited Edition 1.0) (Version:  - )
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6201 - Realtek Semiconductor Corp.)
Sereby's Updatepack - IE8 Addon Version 1.0.7 (HKLM\...\IE8) (Version: Version 1.0.7 - Sereby)
Shark Tale (HKLM\...\InstallShield_{A2C21F60-523D-4FC7-90AF-AE2707E45AFE}) (Version: 1.00.0000 - Activision)
Shark Tale (Version: 1.00.0000 - Activision) Hidden
Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Tunngle version Tunngle (HKLM\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
uniseales (HKLM\...\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}) (Version:  - ) <==== ATTENTION
Warcraft Gaming Network (HKLM\...\Warcraft Gaming Network_is1) (Version:  - WarcraftGaming)
Warcraft III (HKU\S-1-5-21-2000478354-152049171-1644491937-1003\...\Warcraft III) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Support Tools (HKLM\...\{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}) (Version: 5.1.2600.5512 - Microsoft Corporation)
WinRAR 5.20 beta 3 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.3 - win.rar GmbH)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-01-2015 05:54:53 Punct de control sistem
20-01-2015 09:57:25 Punct de control sistem
21-01-2015 10:47:44 Punct de control sistem
22-01-2015 10:50:56 Punct de control sistem
24-01-2015 11:10:20 Punct de control sistem
26-01-2015 06:01:03 Punct de control sistem

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 03:00 - 2008-04-14 03:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-28 05:16 - 2015-01-28 05:16 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012800\algo.dll
2009-11-05 04:53 - 2013-01-01 22:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2008-04-14 03:00 - 2008-04-14 03:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 03:00 - 2008-04-14 03:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2005-04-19 19:02 - 2005-04-19 19:02 - 00069632 _____ () C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
2014-11-15 11:01 - 2014-11-15 11:01 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-27 07:54 - 2015-01-27 07:54 - 03925104 _____ () C:\Documents and Settings\internet\Local Settings\Application Data\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk => C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ATICCC => "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

========================= Accounts: ==========================

Administrator (S-1-5-21-2000478354-152049171-1644491937-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2000478354-152049171-1644491937-1004 - Limited - Enabled)
Guest (S-1-5-21-2000478354-152049171-1644491937-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2000478354-152049171-1644491937-1000 - Limited - Disabled)
internet (S-1-5-21-2000478354-152049171-1644491937-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\internet
SUPPORT_388945a0 (S-1-5-21-2000478354-152049171-1644491937-1002 - Limited - Disabled)
Tati (S-1-5-21-2000478354-152049171-1644491937-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Tati
victor (S-1-5-21-2000478354-152049171-1644491937-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\victor

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (01/28/2015 05:20:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the TeamViewer9 service.

Error: (01/28/2015 05:17:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (01/28/2015 05:17:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the TeamViewer9 service.

Error: (01/28/2015 05:16:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (01/28/2015 05:13:07 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (01/26/2015 11:06:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 9 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.

Error: (01/26/2015 11:05:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 9 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.

Error: (01/26/2015 11:05:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Yahoo! Updater service terminated unexpectedly.  It has done this 1 time(s).
 

At the "Addition folder" , i read that tutorial and it says i should paste it here or attach it.

I also used CCleaner , i always use it and it's pretty good , but now neither of these 3 will work in this situation , i need a helper ! Please.

I'll provide any informations you need.

Link to post
Share on other sites

also this

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\daemon.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe(Mozilla Corporation) C:\Documents and Settings\internet\Local Settings\Application Data\Mozilla Firefox\firefox.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM\...\Policies\Explorer: [NoComputersNearMe] 0HKU\S-1-5-19\...\RunOnce: [IE8] => rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStartHKU\S-1-5-19\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32HKU\S-1-5-20\...\RunOnce: [IE8] => rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStartHKU\S-1-5-20\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32HKU\S-1-5-21-2000478354-152049171-1644491937-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\daemon.exe [691656 2009-04-23] (DT Soft Ltd)HKU\S-1-5-21-2000478354-152049171-1644491937-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)HKU\S-1-5-18\...\RunOnce: [IE8] => rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStartHKU\S-1-5-18\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-2000478354-152049171-1644491937-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONProxyEnable: [S-1-5-21-2000478354-152049171-1644491937-1003] => Internet Explorer proxy is enabled.HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2000478354-152049171-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankSearchScopes: HKU\S-1-5-21-2000478354-152049171-1644491937-1003 -> DefaultScope {4CC4914A-ACF2-4578-BF3C-E1E8EC6BFE9A} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKU\S-1-5-21-2000478354-152049171-1644491937-1003 -> {4CC4914A-ACF2-4578-BF3C-E1E8EC6BFE9A} URL = https://www.google.com/search?q={searchTerms}Tcpip\Parameters: [DhcpNameServer] 192.168.0.1FireFox:========FF ProfilePath: C:\Documents and Settings\victor\Application Data\Mozilla\Firefox\Profiles\v9fikkiv.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Extension: unissales - C:\Documents and Settings\victor\Application Data\Mozilla\Firefox\Profiles\v9fikkiv.default\Extensions\x8th@S.net [2015-01-26]FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-15]StartMenuInternet: FIREFOX.EXE - C:\Documents and Settings\internet\Local Settings\Application Data\Mozilla Firefox\firefox.exeChrome: =======CHR dev: Chrome dev build detected! <======= ATTENTIONCHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-15]CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-15]========================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2005-08-05] () [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-07-16] (Intel(R) Corporation) [File not signed]S3 TunngleService; D:\LaPunct\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-15] ()R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-15] (AVAST Software)R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-15] (AVAST Software)R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-15] ()R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software)R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-20] (AVAST Software)R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-15] (AVAST Software)R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-15] ()R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54360 2014-11-21] (Malwarebytes Corporation)S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2014-11-14] () [File not signed]R3 tap0901t; C:\WINDOWS\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net) [File not signed]S3 teamviewervpn; C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)U3 acgm2smt; C:\WINDOWS\system32\Drivers\acgm2smt.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [X]S3 NTACCESS; \??\E:\NTACCESS.sys [X]S3 RTCTest; \??\C:\PROGRAM FILES\MSI\DOCTOR Y2K\RTCTest.sys [X]S3 SetupNTGLM7X; \??\E:\NTGLM7X.sys [X]U1 WS2IFSL; No ImagePath========================== Drivers MD5 =======================C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5C:\WINDOWS\System32\drivers\aeaudio.sys 3CB6AE5435987B1F8C83FD2730479878C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557C:\WINDOWS\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9C:\WINDOWS\System32\DRIVERS\agp440.sys 08FD04AA961BDC77FB983F328334E3D7C:\WINDOWS\system32\drivers\aswHwid.sys 9D23DE88C3B18BA87CD4587177CA6CEAC:\WINDOWS\system32\drivers\aswMonFlt.sys 73A9014A9C4B19AA093DA05ED4246E27C:\WINDOWS\system32\drivers\aswRdr.sys 0926775B8C3B32EE99921CCB0F85378EC:\WINDOWS\system32\Drivers\aswRvrt.sys 6544697080421E62E97AAFBD0A8AA391C:\WINDOWS\system32\drivers\aswSnx.sys E73CBE3420ECFA8FF7D0467E170E335DC:\WINDOWS\system32\drivers\aswSP.sys 1624D5AD126B8AFE2B2E85E5B8364EB6C:\WINDOWS\system32\drivers\aswTdi.sys 4C0ECF1AFA6992904814C74B99DD36F9C:\WINDOWS\system32\Drivers\aswVmm.sys 0EFBC2962B156E8AC267F96D4D93EF06C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BCC:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 03621F7F968FF63713943405DEB777F9C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873BC:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32C:\WINDOWS\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FEC:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6FC:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5FC:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8C:\WINDOWS\System32\DRIVERS\e100b325.sys 98B46B331404A951CABAD8B4877E1276C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343EC:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3C:\WINDOWS\system32\Drivers\Flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0C:\WINDOWS\System32\DRIVERS\fltMgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779AC:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259DC:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2C:\WINDOWS\System32\Drivers\HTTP.sys 937031C085718C1C04A9C0864625EC6BC:\WINDOWS\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8EC:\WINDOWS\System32\DRIVERS\intelide.sys B5466A9250342A7AA0CD1FBA13420678C:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66BC:\WINDOWS\System32\DRIVERS\Ip6Fw.sys 3BB22519A194418D5FEC05D800A19AD0C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BBC:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378C:\WINDOWS\system32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1C:\WINDOWS\system32\drivers\mbamchameleon.sys FFB32E70D735146F5630DC7A96B6E1A8C:\WINDOWS\system32\drivers\mbam.sys A3F4391DFDF2F9E9FE4EAD193265A5ADC:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FDC:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BDC:\WINDOWS\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027C:\WINDOWS\System32\drivers\MSKSSRV.sys 85736F804191CB420A31ACA2A7F0674FC:\WINDOWS\System32\drivers\MSPCLOCK.sys E943ADB93D83C5CBC0CA3F53F53B48CCC:\WINDOWS\System32\drivers\MSPQM.sys F6A726B8832DB1F88326B8BE98B11981C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136C:\WINDOWS\system32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130DC:\WINDOWS\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659ABC:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3DC:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034AC:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCAC:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3ADC:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9C:\WINDOWS\system32\Drivers\Parport.sys 5575FAF8F97CE5E713D108C2A58D7C7CC:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1C:\WINDOWS\system32\Drivers\PCIIde.sys CCF5F451BB1A5A2A522A76E670000FF0C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADDC:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9CC:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEEC:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780AC:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332C:\WINDOWS\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1C:\WINDOWS\system32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legitC:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CEC:\WINDOWS\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562C:\WINDOWS\System32\drivers\smwdm.sys 9B8AEED0DC8198EFB83D06BAF2FAB2E2C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9FC:\WINDOWS\System32\Drivers\sptd.sys D41D8CD98F00B204E9800998ECF8427EC:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5DC:\WINDOWS\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0FC:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290C:\WINDOWS\System32\DRIVERS\tap0901t.sys B7AEE68D2E867CBF69B649B18FCEDBBBC:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3DC:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys 9101FFFCFCCD1A30E870A5B8A9091B10C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9EC:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FCC:\WINDOWS\System32\DRIVERS\usbehci.sys 4BAC8DF07F1D8434FC640E677A62204EC:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285CC:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00FC:\WINDOWS\System32\DRIVERS\wpdusb.sys CF4DEF1BF66F06964DC0D91844239104C:\WINDOWS\System32\DRIVERS\WudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311C:\WINDOWS\System32\DRIVERS\wudfrd.sys 28B524262BCE6DE1F7EF9F510BA3985BC:\WINDOWS\system32\Drivers\acgm2smt.sys 
Link to post
Share on other sites

Hello and welcome!

I'm Radek and I'll try to help you with your issue.

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

  • First of all select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.

Aside of that, you have pasted only the snippets from the logfiles. I need them all.

Paste them without any code/quote tags.

Link to post
Share on other sites

EDIT: Well this is strange...

Listen , it's not done i think , i have 2 users

Internet: A normal user without administrative privileges , the virus isn't acting in here , just like it never happened.

Victor: This is the user with administrative privileges , here it seems that the viruses have the most activity.

 

Is this really that trex virus?I

I'll do what you said in your reply , Naathim.

Link to post
Share on other sites

I think i found out something new , i'm not expert in IT but , it seems that everytime i log on / run as / use the "power" of the administrator to do anything , from download to search or idk. It seems the virus is expanding each day ...it's like gettin' bigger and bigger , firstly i had problems only on the administrator account , now it seems it expanded here too.

There's anything i can do?

Link to post
Share on other sites

Sorry for double-posting but i was really busy this week and wasn't able to do this:

 

Save the file to your desktop and include its content in your next reply.


Aside of that, you have pasted only the snippets from the logfiles. I need them all.
Paste them without any code/quote tags.

Sorry naathim , could you wait until tomorow ? I have some unsettled things and many meditations and many others in the weekends , monday i'll give you a full report and attachments with the files.

Thanks alot for your understanding and i know i'm replying a lil' too slow :)

Regards, banned

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.