Problem sa TR/ATRAPS.Gen2" & TR/Sirefef.16896

1

Problem sa TR/ATRAPS.Gen2" & TR/Sirefef.16896

offline
  • Pridružio: 18 Okt 2012
  • Poruke: 57

Koristim Windows 7 ultimate 64 bit verziju, Avira free mi na nekih 5 minuta pokazuje kako imam ova dva TR/ATRAPS.Gen2" & TR/Sirefef.16896 virusa ali kad ih posaljem u quarantine i izbrisem oni se opet javljaju, pokusao sam sa avirom i rename i delete ali nista ne pomaze opet se javljaju, inace za sad komp mi radi normalno da kazem ali juce nikako nisam mogo na net. Sve se desilo mislim pre dve veceri dok sam gledao film zonealarm mi je prijavio dali da propusti dva neka objekta za koje je stajao znak pitanja a ja sam oba stiklirao i kliknuo na deny ali sutra dan nisam mogo da se povezem na net pa danas spustim zonealarm sa high na medium i povezem se ali sve vreme mi avira realtime protection izbacuje ova dva virusa koja nikako da obrisem. Inace koristim sbb net 6 m/bs preko vajerlesa. Inace pored Avire pokusao sam i TDSSKiller i Panda Cloud Cleaner ali nista nisu nasli.

OTL logfile created on: 18-Oct-12 14:30:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gile\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

4.00 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 61.82% Memory free
9.99 Gb Paging File | 8.15 Gb Available in Paging File | 81.53% Paging File free
Paging file location(s): c:\pagefile.sys 6141 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73.08 Gb Total Space | 40.50 Gb Free Space | 55.42% Space Free | Partition Type: NTFS
Drive D: | 392.58 Gb Total Space | 205.67 Gb Free Space | 52.39% Space Free | Partition Type: NTFS

Computer Name: GILE-PC | User Name: Gile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-10-18 14:27:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gile\Desktop\OTL.exe
PRC - [2012-10-08 22:20:56 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012-09-07 16:35:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\firefox.exe
PRC - [2012-09-07 16:35:37 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugin-container.exe
PRC - [2012-08-08 17:23:17 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012-05-08 23:45:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012-05-08 23:45:42 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
PRC - [2012-05-08 23:45:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010-11-16 18:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2010-11-16 18:46:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010-04-01 19:00:16 | 000,603,472 | ---- | M] (ACD Systems International Inc.) -- C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe
PRC - [2010-01-15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe


========== Modules (No Company Name) ==========

MOD - [2012-10-08 22:20:56 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012-09-07 16:35:37 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\mozjs.dll
MOD - [2009-07-14 03:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012-02-15 05:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-10-08 22:20:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-09-07 16:35:37 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-05-08 23:45:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012-05-08 23:45:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010-11-16 18:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-05-08 23:45:43 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012-05-08 23:45:43 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012-03-29 17:40:46 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-02-15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012-02-15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012-02-15 04:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011-12-05 21:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011-09-16 16:09:16 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011-03-11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-05-15 17:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009-10-05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-03-02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F B1 20 0D 1C AD CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = daemon-search.com/search/web?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\components [2012-09-07 16:35:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins [2012-09-07 16:35:35 | 000,000,000 | ---D | M]

[2011-02-23 22:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gile\AppData\Roaming\Mozilla\Extensions
[2012-09-12 01:06:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gile\AppData\Roaming\Mozilla\Firefox\Profiles\y6bqs35s.default\extensions
[2012-03-05 00:57:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Gile\AppData\Roaming\Mozilla\Firefox\Profiles\y6bqs35s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012-01-26 02:22:43 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Gile\AppData\Roaming\Mozilla\Firefox\Profiles\y6bqs35s.default\extensions\DivXWebPlayer@divx.com.xpi
[2012-09-12 01:06:58 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Gile\AppData\Roaming\Mozilla\Firefox\Profiles\y6bqs35s.default\extensions\testpilot@labs.mozilla.com.xpi
[2011-03-17 23:26:29 | 000,002,059 | ---- | M] () -- C:\Users\Gile\AppData\Roaming\Mozilla\Firefox\Profiles\y6bqs35s.default\searchplugins\daemon-search.xml

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKCU..\Run: [MaxDownloadMgr] "C:\Users\Gile\AppData\Local\Temp\StpACA5_TMP.EXE" File not found
O4 - HKCU..\Run: [MediaGet2] C:\Users\Gile\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Gile\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Gile\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} appldnld.apple.com.edgesuite.net/content.in.....plugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.216.1.40 89.216.1.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85DCBA9C-C131-4544-A764-D68EC2A77363}: DhcpNameServer = 89.216.1.40 89.216.1.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0CE508E-0E8F-426C-BE02-7FB9839A1B03}: DhcpNameServer = 89.216.1.40 89.216.1.50
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-10-18 14:29:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gile\Desktop\OTL.exe
[2012-10-18 14:13:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-10-18 14:08:35 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Users\Gile\Desktop\BlitzBlank.exe
[2012-10-18 13:48:05 | 004,984,103 | R--- | C] (Swearware) -- C:\Users\Gile\Desktop\ComboFix.exe
[2012-10-18 13:47:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-10-18 13:47:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-10-18 13:47:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-10-18 13:47:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-10-18 13:47:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-10-18 13:47:04 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012-10-18 13:44:36 | 000,000,000 | ---D | C] -- C:\Users\Gile\AppData\Local\Max Secure Software
[2012-10-18 13:10:35 | 000,000,000 | ---D | C] -- C:\Users\Gile\AppData\Roaming\GetRightToGo
[2012-10-18 12:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012-10-18 12:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012-10-12 17:32:32 | 000,000,000 | ---D | C] -- C:\Users\Gile\Documents\Sony Ericsson
[2012-10-12 17:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2012-10-12 17:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2012-10-12 16:47:38 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_wh.sys
[2012-10-12 16:47:38 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_cm.sys
[2012-10-12 16:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2012-10-12 16:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012-10-09 16:40:58 | 000,000,000 | ---D | C] -- C:\Users\Gile\AppData\Roaming\Samsung
[2012-10-09 16:40:58 | 000,000,000 | ---D | C] -- C:\Users\Gile\Documents\My Art
[2012-10-09 16:39:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Samsung_USB_Drivers
[2012-10-08 22:33:46 | 000,000,000 | ---D | C] -- C:\Users\Gile\AppData\Local\Macromedia
[2012-10-07 21:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-10-18 14:27:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gile\Desktop\OTL.exe
[2012-10-18 14:07:55 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Users\Gile\Desktop\BlitzBlank.exe
[2012-10-18 13:53:59 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-10-18 13:53:59 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-10-18 13:52:12 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-10-18 13:52:12 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-10-18 13:52:12 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-10-18 13:46:30 | 004,984,103 | R--- | M] (Swearware) -- C:\Users\Gile\Desktop\ComboFix.exe
[2012-10-18 13:45:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-10-18 12:38:22 | 000,001,306 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2012-10-18 11:58:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-10-18 11:58:04 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2012-10-17 16:39:43 | 000,006,608 | ---- | M] () -- C:\bootsqm.dat
[2012-10-15 17:19:04 | 000,096,768 | ---- | M] () -- C:\Users\Gile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-10-12 17:05:00 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2012-10-08 22:20:56 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-10-08 22:20:56 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-09-27 14:34:35 | 000,073,946 | ---- | M] () -- C:\Users\Gile\Desktop\Clip_4.jpg
[2012-09-27 14:34:11 | 000,113,077 | ---- | M] () -- C:\Users\Gile\Desktop\Clip_2.jpg
[2012-09-27 14:33:41 | 000,083,039 | ---- | M] () -- C:\Users\Gile\Desktop\Clip.jpg
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-10-18 13:47:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-10-18 13:47:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-10-18 13:47:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-10-18 13:47:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-10-18 13:47:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-10-18 12:38:22 | 000,001,306 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2012-10-17 16:39:43 | 000,006,608 | ---- | C] () -- C:\bootsqm.dat
[2012-10-09 16:39:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012-10-09 16:38:42 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2012-09-27 14:30:43 | 000,073,946 | ---- | C] () -- C:\Users\Gile\Desktop\Clip_4.jpg
[2012-09-27 14:26:35 | 000,113,077 | ---- | C] () -- C:\Users\Gile\Desktop\Clip_2.jpg
[2012-09-27 14:26:15 | 000,083,039 | ---- | C] () -- C:\Users\Gile\Desktop\Clip.jpg
[2012-06-20 14:56:09 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2012-02-15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-02-15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-02-14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012-01-31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012-01-28 17:16:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012-01-13 15:59:56 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-02-24 18:21:24 | 000,096,768 | ---- | C] () -- C:\Users\Gile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-02-24 16:39:28 | 000,000,079 | ---- | C] () -- C:\Users\Gile\AppData\Local\CrystalDiskMark30.ini
[2011-02-24 07:12:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-02-23 23:30:19 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== ZeroAccess Check ==========

[2010-10-27 07:16:01 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{f4788b42-496a-dc46-0196-9468ffe7ff13}\L
[2012-08-01 17:56:23 | 000,002,048 | -HS- | M] () -- C:\Users\Gile\AppData\Local\{f4788b42-496a-dc46-0196-9468ffe7ff13}\@
[2010-10-27 07:16:01 | 000,000,000 | -HSD | M] -- C:\Users\Gile\AppData\Local\{f4788b42-496a-dc46-0196-9468ffe7ff13}\L
[2010-10-27 07:16:01 | 000,000,000 | -HSD | M] -- C:\Users\Gile\AppData\Local\{f4788b42-496a-dc46-0196-9468ffe7ff13}\U
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012-10-18 11:58:22 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2012-10-18 11:58:22 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010-07-27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-07-27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >
mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

@Manojlo



Dobrodosao u Ambulantu MyCity foruma. Wink
----------------------------

U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;

Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------



Arrow Po logovima vidim da si pokretao Combofix. Proveri da li imas log Combofix-a.
C:\ComboFix.txt

Ako je tamo, okaci ga uz poruku.

offline
  • Pridružio: 18 Okt 2012
  • Poruke: 57

Napisano: 18 Okt 2012 15:39

Da greskom sam ga porkenuo, mislio sam da treba da se instalira i dva put kliknuo i on je poceo da radi a ja ga odmah ugasio ali nemam ComboFix.txt u

Dopuna: 18 Okt 2012 15:41

Da greskom sam ga porkenuo, mislio sam da treba da se instalira i dva put kliknuo i on je poceo da radi a ja ga odmah ugasio ali nemam ComboFix.txt u C:\

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

U redu. Isprati sledece:

Arrow Obrisi trenutnu kopiju ComboFix-a. Koristicemo novu, svezu kopiju.
C:\Users\Gile\Desktop\ComboFix.exe



Arrow Korak #1

Ponovo pokreni program OTL dvoklikom na ikonicu;

U beli okvir prozora gde piše Custom Scans/Fixes iskopirati sledeći tekst:


:files
C:\Windows\Installer\{f4788b42-496a-dc46-0196-9468ffe7ff13}
C:\Windows\Installer\{f4788b42-496a-dc46-0196-9468ffe7ff13}\L
C:\Users\Gile\AppData\Local\{f4788b42-496a-dc46-0196-9468ffe7ff13}
C:\Users\Gile\AppData\Local\{f4788b42-496a-dc46-0196-9468ffe7ff13}\@
C:\Users\Gile\AppData\Local\{f4788b42-496a-dc46-0196-9468ffe7ff13}\L
C:\Users\Gile\AppData\Local\{f4788b42-496a-dc46-0196-9468ffe7ff13}\U
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c

:commands
[CREATERESTOREPOINT]
[emptytemp]



Klikni taster Run Fix;
Napomena: Kompjuter ce se restartovati

Log koji dobiješ iskopiraj ovde u poruci.



**********************************



Arrow Korak #2



Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

offline
  • Pridružio: 18 Okt 2012
  • Poruke: 57

Napisano: 18 Okt 2012 16:18

Evo ga ComboFix text, iso sam korak po korak kao sto si mi reko ali me nije pitao da apdejtujem ni za recovery console.

ComboFix 12-10-18.03 - Gile 18-Oct-12 16:08:09.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2843 [GMT 2:00]
Running from: c:\users\Gile\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\FlashPlayerInstaller.exe
D:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))
.
.
2012-10-18 14:10 . 2012-10-18 14:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-18 13:50 . 2012-10-18 13:50 -------- d-----w- C:\_OTL
2012-10-18 11:44 . 2012-10-18 11:44 -------- d-----w- c:\users\Gile\AppData\Local\Max Secure Software
2012-10-18 11:10 . 2012-10-18 11:45 -------- d-----w- c:\users\Gile\AppData\Roaming\GetRightToGo
2012-10-18 10:38 . 2012-10-18 10:38 -------- d-----w- c:\program files (x86)\Panda Security
2012-10-12 15:29 . 2012-10-12 15:29 -------- d-----w- c:\programdata\BVRP Software
2012-10-12 15:08 . 2012-10-12 15:08 -------- d-----w- c:\programdata\Installations
2012-10-12 14:47 . 2010-12-21 05:55 15872 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2012-10-12 14:47 . 2010-12-21 05:55 15360 ----a-w- c:\windows\system32\drivers\ss_cm.sys
2012-10-12 14:47 . 2012-10-12 14:47 -------- d-----w- c:\program files\SAMSUNG
2012-10-12 14:47 . 2012-10-12 14:47 -------- d-----w- c:\programdata\Samsung
2012-10-09 14:40 . 2012-10-12 14:50 -------- d-----w- c:\users\Gile\AppData\Roaming\Samsung
2012-10-09 14:39 . 2003-02-21 16:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-10-09 14:39 . 2012-10-09 14:39 -------- d-----w- c:\windows\SysWow64\Samsung_USB_Drivers
2012-10-09 14:38 . 2006-07-24 14:05 5632 ----a-w- c:\windows\SysWow64\drivers\StarOpen.sys
2012-10-08 20:33 . 2012-10-08 20:33 -------- d-----w- c:\users\Gile\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 20:20 . 2012-04-06 16:50 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 20:20 . 2012-02-16 14:27 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"MediaGet2"="c:\users\Gile\AppData\Local\MediaGet2\mediaget.exe" [2011-11-03 8281600]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-29 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-15 235520]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-02-15 10856960]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-02-15 327680]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 20:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-23 11775592]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Gile\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 89.216.1.40 89.216.1.50
FF - ProfilePath - c:\users\Gile\AppData\Roaming\Mozilla\Firefox\Profiles\y6bqs35s.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.032"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*x*e*b\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.int"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*n*e*øjZh%Xê™ÒZˆ%Ø%èôH*
zP\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.png"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*P*o*r*n*o*c*h*
zP\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*P*r*e*s*t*SzP\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-1181290801-2996569609-2719667674-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-1181290801-2996569609-2719667674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\ACD Systems\EN\DevDetect.exe
.
**************************************************************************
.
Completion time: 2012-10-18 16:14:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-18 14:14
.
Pre-Run: 43,556,667,392 bytes free
Post-Run: 43,226,095,616 bytes free
.
- - End Of File - - 14CBD4AFD1306C85A67842F85EFED672





mycity.rs/must-login.png

Dopuna: 18 Okt 2012 16:23

A evo ga i log za Custom Scans/Fixes ako sam dobro shvatio da je to sto si trazio za OTL
mycity.rs/must-login.png

Dopuna: 18 Okt 2012 16:25

Taze OTL scan

OTL logfile created on: 18-Oct-12 16:20:54 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gile\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

4.00 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 65.87% Memory free
9.99 Gb Paging File | 8.51 Gb Available in Paging File | 85.11% Paging File free
Paging file location(s): c:\pagefile.sys 6141 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73.08 Gb Total Space | 40.33 Gb Free Space | 55.18% Space Free | Partition Type: NTFS
Drive D: | 392.58 Gb Total Space | 205.67 Gb Free Space | 52.39% Space Free | Partition Type: NTFS

Computer Name: GILE-PC | User Name: Gile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-10-18 14:27:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gile\Desktop\OTL.exe
PRC - [2012-09-07 16:35:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\firefox.exe
PRC - [2012-08-08 17:23:17 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012-05-08 23:45:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012-05-08 23:45:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-11-03 19:11:03 | 008,281,600 | ---- | M] (MediaGet LLC) -- C:\Users\Gile\AppData\Local\MediaGet2\mediaget.exe
PRC - [2010-11-16 18:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2010-11-16 18:46:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010-04-01 19:00:16 | 000,603,472 | ---- | M] (ACD Systems International Inc.) -- C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe
PRC - [2010-01-15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe


========== Modules (No Company Name) ==========

MOD - [2012-09-07 16:35:37 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\mozjs.dll
MOD - [2011-11-03 19:11:03 | 002,263,552 | ---- | M] () -- C:\Users\Gile\AppData\Local\MediaGet2\libvlccore.dll
MOD - [2011-11-03 19:11:03 | 000,101,376 | ---- | M] () -- C:\Users\Gile\AppData\Local\MediaGet2\libvlc.dll
MOD - [2011-11-03 19:11:01 | 008,223,744 | ---- | M] () -- C:\Users\Gile\AppData\Local\MediaGet2\QtGui4.dll
MOD - [2011-11-03 19:11:01 | 002,293,760 | ---- | M] () -- C:\Users\Gile\AppData\Local\MediaGet2\QtCore4.dll
MOD - [2011-11-03 19:11:01 | 000,975,360 | ---- | M] () -- C:\Users\Gile\AppData\Local\MediaGet2\QtNetwork4.dll
MOD - [2011-11-03 19:11:01 | 000,339,968 | ---- | M] () -- C:\Users\Gile\AppData\Local\MediaGet2\QtXml4.dll
MOD - [2011-11-03 19:11:01 | 000,220,672 | ---- | M] () -- C:\Users\Gile\AppData\Local\MediaGet2\imageformats\qmng4.dll
MOD - [2011-11-03 19:11:01 | 000,196,608 | ---- | M] () -- C:\Users\Gile\AppData\Local\MediaGet2\imageformats\qjpeg4.dll
MOD - [2011-11-03 19:11:01 | 000,026,624 | ---- | M] () -- C:\Users\Gile\AppData\Local\MediaGet2\imageformats\qgif4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012-02-15 05:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-10-08 22:20:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-09-07 16:35:37 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-05-08 23:45:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012-05-08 23:45:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010-11-16 18:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-05-08 23:45:43 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012-05-08 23:45:43 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012-03-29 17:40:46 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-02-15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012-02-15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012-02-15 04:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011-12-05 21:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011-09-16 16:09:16 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011-03-11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-05-15 17:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009-10-05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-03-02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F B1 20 0D 1C AD CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = daemon-search.com/search/web?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\components [2012-09-07 16:35:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins [2012-09-07 16:35:35 | 000,000,000 | ---D | M]

[2011-02-23 22:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gile\AppData\Roaming\Mozilla\Extensions
[2012-09-12 01:06:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gile\AppData\Roaming\Mozilla\Firefox\Profiles\y6bqs35s.default\extensions
[2012-03-05 00:57:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Gile\AppData\Roaming\Mozilla\Firefox\Profiles\y6bqs35s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012-01-26 02:22:43 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Gile\AppData\Roaming\Mozilla\Firefox\Profiles\y6bqs35s.default\extensions\DivXWebPlayer@divx.com.xpi
[2012-09-12 01:06:58 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Gile\AppData\Roaming\Mozilla\Firefox\Profiles\y6bqs35s.default\extensions\testpilot@labs.mozilla.com.xpi
[2011-03-17 23:26:29 | 000,002,059 | ---- | M] () -- C:\Users\Gile\AppData\Roaming\Mozilla\Firefox\Profiles\y6bqs35s.default\searchplugins\daemon-search.xml

O1 HOSTS File: ([2012-10-18 16:11:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKCU..\Run: [MediaGet2] C:\Users\Gile\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Gile\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Gile\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} appldnld.apple.com.edgesuite.net/content.in.....plugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.216.1.40 89.216.1.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85DCBA9C-C131-4544-A764-D68EC2A77363}: DhcpNameServer = 89.216.1.40 89.216.1.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0CE508E-0E8F-426C-BE02-7FB9839A1B03}: DhcpNameServer = 89.216.1.40 89.216.1.50
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-10-18 16:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012-10-18 16:11:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-10-18 16:07:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012-10-18 15:50:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-10-18 15:49:00 | 004,984,103 | R--- | C] (Swearware) -- C:\Users\Gile\Desktop\ComboFix.exe
[2012-10-18 14:29:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gile\Desktop\OTL.exe
[2012-10-18 14:08:35 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Users\Gile\Desktop\BlitzBlank.exe
[2012-10-18 13:47:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-10-18 13:47:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-10-18 13:47:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-10-18 13:47:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-10-18 13:47:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-10-18 13:44:36 | 000,000,000 | ---D | C] -- C:\Users\Gile\AppData\Local\Max Secure Software
[2012-10-18 13:10:35 | 000,000,000 | ---D | C] -- C:\Users\Gile\AppData\Roaming\GetRightToGo
[2012-10-18 12:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012-10-18 12:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012-10-12 17:32:32 | 000,000,000 | ---D | C] -- C:\Users\Gile\Documents\Sony Ericsson
[2012-10-12 17:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2012-10-12 17:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2012-10-12 16:47:38 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_wh.sys
[2012-10-12 16:47:38 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_cm.sys
[2012-10-12 16:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2012-10-12 16:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012-10-09 16:40:58 | 000,000,000 | ---D | C] -- C:\Users\Gile\AppData\Roaming\Samsung
[2012-10-09 16:40:58 | 000,000,000 | ---D | C] -- C:\Users\Gile\Documents\My Art
[2012-10-09 16:39:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Samsung_USB_Drivers
[2012-10-08 22:33:46 | 000,000,000 | ---D | C] -- C:\Users\Gile\AppData\Local\Macromedia
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-10-18 16:19:50 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-10-18 16:19:50 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-10-18 16:16:42 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-10-18 16:16:42 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-10-18 16:16:42 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-10-18 16:11:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-10-18 16:11:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-10-18 16:11:37 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2012-10-18 15:52:16 | 004,984,103 | R--- | M] (Swearware) -- C:\Users\Gile\Desktop\ComboFix.exe
[2012-10-18 15:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-10-18 14:27:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gile\Desktop\OTL.exe
[2012-10-18 14:07:55 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Users\Gile\Desktop\BlitzBlank.exe
[2012-10-18 12:38:22 | 000,001,306 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2012-10-17 16:39:43 | 000,006,608 | ---- | M] () -- C:\bootsqm.dat
[2012-10-15 17:19:04 | 000,096,768 | ---- | M] () -- C:\Users\Gile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-10-12 17:05:00 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2012-10-08 22:20:56 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-10-08 22:20:56 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-09-27 14:34:35 | 000,073,946 | ---- | M] () -- C:\Users\Gile\Desktop\Clip_4.jpg
[2012-09-27 14:34:11 | 000,113,077 | ---- | M] () -- C:\Users\Gile\Desktop\Clip_2.jpg
[2012-09-27 14:33:41 | 000,083,039 | ---- | M] () -- C:\Users\Gile\Desktop\Clip.jpg
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-10-18 13:47:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-10-18 13:47:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-10-18 13:47:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-10-18 13:47:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-10-18 13:47:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-10-18 12:38:22 | 000,001,306 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2012-10-17 16:39:43 | 000,006,608 | ---- | C] () -- C:\bootsqm.dat
[2012-10-09 16:39:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012-10-09 16:38:42 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2012-09-27 14:30:43 | 000,073,946 | ---- | C] () -- C:\Users\Gile\Desktop\Clip_4.jpg
[2012-09-27 14:26:35 | 000,113,077 | ---- | C] () -- C:\Users\Gile\Desktop\Clip_2.jpg
[2012-09-27 14:26:15 | 000,083,039 | ---- | C] () -- C:\Users\Gile\Desktop\Clip.jpg
[2012-06-20 14:56:09 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2012-02-15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-02-15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-02-14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012-01-31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012-01-28 17:16:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012-01-13 15:59:56 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-02-24 18:21:24 | 000,096,768 | ---- | C] () -- C:\Users\Gile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-02-24 16:39:28 | 000,000,079 | ---- | C] () -- C:\Users\Gile\AppData\Local\CrystalDiskMark30.ini
[2011-02-24 07:12:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-02-23 23:30:19 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== ZeroAccess Check ==========

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010-07-27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-07-27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Manojlo, malo si mi poremetio logove.

Idemo na dodatne provere:


ArrowKorak#1

Preuzmi aswMBR i sacuvaj ga na Desktop.

Dvoklikom pokreni aswMBR.

Ukoliko dobijes sledecu poruku:
Would you like to download latest Avast! virus definitions?
Klikni na dugme Yes i pricekaj da se proces preuzimanja definicija zavrsi.


Proveri da je pod AV Scan: izabrana opcija QuickScan

Klikni na Scan.

Kada zavrsi skeniranje ( Scan finished successfully ) klikni Save log.
Sacuvaj aswMBR log na Desktop.
Sadrzaj tog loga iskopiraj u temi.



************************************************

ArrowKorak#2

Ponovo pokreni program OTL dvoklikom na ikonicu;

Klikni taster

U beli okvir prozora gde piše Custom Scans/Fixes iskopirati sledeći tekst:


C:\*.*
/md5start
services.exe
/md5stop
dir /s /a "C:\Windows\Installer\{f4788b42-496a-dc46-0196-9468ffe7ff13}" /c
dir /s /a "C:\Users\Gile\AppData\Local\{f4788b42-496a-dc46-0196-9468ffe7ff13}" /c
%systemroot%\assembly\GAC_32\*.ini /S /MD5
%systemroot%\assembly\GAC_64\*.ini /S /MD5



Klikni taster RunScan;


Log koji dobiješ iskopiraj ovde u poruci.

offline
  • Pridružio: 18 Okt 2012
  • Poruke: 57

Za sad nemam vise problema, nista mi vise ne iskace radim normalno na netu a ovaj mi trazi da skinem avast s tim sto mi ZA prijavljuje nesto znak pitanja i pominje mi rootkit pa i delovao sumnjivo. Ako mislis da definitivno trebam to da skinem i odradim scan onda ok ako ne mozda mogu i bez njega da picim.

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Znam, uskoro zavrsavamo, odradi ova dva koraka cisto da spavas mirne glave. Wink
Zone Alarm te obavestava na moguc sumnjiv program a aswMBR je samo AntiRootkit alat ( potpisan od avasta). Uveravam te da su svi linkovi i alati koje ti ja dajem ispravni, legitimni i predhodno testirani i provereni.

offline
  • Pridružio: 18 Okt 2012
  • Poruke: 57

Ok uradio sam, nego pre nego da postavim da te pitam da li mi preporucujes da Aviru zamenim nekim drugim besplatnim antivirusom i da li mozes da mi kazes kako da se zastitim od peer2peer napasti kao sto su ti novi ZeroAccess virusi, kako da zastitim torent?

Evo ga aswMBR log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-18 22:50:20
-----------------------------
22:50:20.131 OS Version: Windows x64 6.1.7600
22:50:20.132 Number of processors: 2 586 0x170A
22:50:20.132 ComputerName: GILE-PC UserName: Gile
22:50:20.704 Initialize success
22:52:02.217 AVAST engine defs: 12101801
22:52:10.022 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-6
22:52:10.024 Disk 0 Vendor: WDC_WD5000AAKS-00A7B2 01.03B01 Size: 476940MB BusType: 3
22:52:10.038 Disk 0 MBR read successfully
22:52:10.040 Disk 0 MBR scan
22:52:10.045 Disk 0 Windows 7 default MBR code
22:52:10.056 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:52:10.067 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 74835 MB offset 206848
22:52:10.072 Disk 0 Partition - 00 05 Extended 402001 MB offset 153468945
22:52:10.087 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 402001 MB offset 153469008
22:52:10.108 Disk 0 scanning C:\Windows\system32\drivers
22:52:18.135 Service scanning
22:52:31.035 Modules scanning
22:52:31.043 Disk 0 trace - called modules:
22:52:31.056 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:52:31.061 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c152e0]
22:52:31.066 3 CLASSPNP.SYS[fffff8800186943f] -> nt!IofCallDriver -> [0xfffffa8004ae1520]
22:52:31.070 5 ACPI.sys[fffff88000fa1781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-6[0xfffffa8004ad0060]
22:52:31.799 AVAST engine scan C:\Windows
22:52:33.651 AVAST engine scan C:\Windows\system32
22:55:03.747 AVAST engine scan C:\Windows\system32\drivers
22:55:11.366 AVAST engine scan C:\Users\Gile
22:56:47.074 AVAST engine scan C:\ProgramData
22:57:42.530 Scan finished successfully
22:58:32.502 Disk 0 MBR has been saved successfully to "C:\Users\Gile\Desktop\MBR.dat"
22:58:32.506 The log file has been saved successfully to "C:\Users\Gile\Desktop\aswMBR.txt"

I Korak#2 OTL log:

OTL logfile created on: 18-Oct-12 22:59:19 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gile\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

4.00 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 58.24% Memory free
9.99 Gb Paging File | 8.02 Gb Available in Paging File | 80.24% Paging File free
Paging file location(s): c:\pagefile.sys 6141 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73.08 Gb Total Space | 39.14 Gb Free Space | 53.56% Space Free | Partition Type: NTFS
Drive D: | 392.58 Gb Total Space | 203.69 Gb Free Space | 51.89% Space Free | Partition Type: NTFS

Computer Name: GILE-PC | User Name: Gile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< C:\*.* >
[2012-10-17 16:39:43 | 000,006,608 | ---- | M] () -- C:\bootsqm.dat
[2012-10-09 16:44:10 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
[2012-10-18 16:14:49 | 000,030,068 | ---- | M] () -- C:\ComboFix.txt
[2012-10-18 21:18:57 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2012-10-18 21:19:00 | 2144,337,919 | -HS- | M] () -- C:\pagefile.sys
[2012-10-18 12:45:16 | 000,241,934 | ---- | M] () -- C:\TDSSKiller.2.8.13.0_18.10.2012_12.43.54_log.txt

< MD5 for: SERVICES.EXE >
[2009-07-14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009-07-14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009-07-14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< dir /s /a "C:\Windows\Installer\{f4788b42-496a-dc46-0196-9468ffe7ff13}" /c >
Volume in drive C has no label.
Volume Serial Number is DC74-AC26

< dir /s /a "C:\Users\Gile\AppData\Local\{f4788b42-496a-dc46-0196-9468ffe7ff13}" /c >
Volume in drive C has no label.
Volume Serial Number is DC74-AC26

< %systemroot%\assembly\GAC_32\*.ini /S /MD5 >

< %systemroot%\assembly\GAC_64\*.ini /S /MD5 >

< End of report >

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

U redu, to je to. Logovi su cisti i nema znakova aktivnog malware-a. Ovo je sad cist sistem.

- Uklonimo koriscene alate.

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

-----------------------------------------------------------


Arrow Ponovo pokreni OTL i klikni na dugme CleanUp!.

Napomena: OTL ce zatraziti restart sistema. Nakon restarta svi korisceni alati i logovi bi trebali biti uklonjeni. Ukoliko nesto bude zaostalo, slobodno obrisi rucno.


***********************************************


Jos par saveta koje bih ti preporucio ...


Idea Imaš sistem koji nije ažuriran. Preporučujem da instaliraš Service Pack 1, koji će doprineti boljoj sigurnosti i stabilnosti operativnog sistema . Potrebno je da klikneš na sledeći link:
http://download.microsoft.com/download/0/A/F/0AFB5.....32-X64.exe
... i preuzmeš ovu datoteku. Nakon preuzimanja, pokreni je dvostrukim klikom i prati dalja uputstva na ekranu.


Idea Preporučujem ti da koristiš program MCShield za zaštitu USB memorijskih uređaja.

Program možeš preuzeti sa OVOG linka. Nakon instalacije programa, priključi USB memorijske uređaje, i oni će biti skenirani. Na kraju skeniranja ćeš dobiti izveštaj da je uređaj čist ili obaveštenje o uklonjenom malware-u.


Idea Takođe, poseti ovu temu da vidiš da li ti je pretraživač ranjiv i instaliraš ažurirane komponente
http://www.mycity.rs/Propusti-i-azuriranja/Testira.....anjiv.html


To bi bilo to. Pozz Wink

Ko je trenutno na forumu
 

Ukupno su 646 korisnika na forumu :: 9 registrovanih, 0 sakrivenih i 637 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bojank, DPera, dragoljub11987, gorantrojka, hyla, Krvava Devetka, Lord Nem, nemkea71, opt1