offline
- Ivan Djokic
- Novi MyCity građanin
- Pridružio: 23 Sep 2012
- Poruke: 1
|
Pozdrav svima
Otvorio sam ovakvu temu na forumu Sveta kompjutera gde su me posavetovali da probam sa vama da resim problem koji imam sa virusom na racunaru.
Naime kad sam postavio temu na forumu Sk. dobio sam savet da probam da resim problem sa portabl verzijom SuperAntiSpyware ili Malwarebytes-om medjutim to nije pomoglo.
Od zastite koristim Kaspersky Internet Security 2010.Kad racunar podigne sistem pojavi se alarm od strane kasperskog da postoji Trojanac:
object:
C:\$Recycle.Bin\s-1-5-18\$be2fbc2d692df...\80000000.@
Trojan program:
Backdoor.win64.ZAccess.bt
Kaspersky trazi da ocisti taj virus i ukoliko to uradim on ga obrise,u toku skeniranja i brisanja tog virusa racunar pre restarta prijavi sledece:
NET-BroadcastEventWindow.2.0.0.0.33c0d9d.o:MOM.exe-Bad Image
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\culture.dll is
either not designed to run on Windows or it contains an error.Try
installing the program again using the original insallation media itd.
Zatim jos jedno upozorenje:
reader_sl.exe-Bad Image
C:\Windows\system32\ole32.dl is either not designed to run
on Windows or it contains an error. u nastavku isti text kao u pasusu gore napisanom.
E onda se restartuje racunar i pri podizanju sistema pojavi se sledeci prozorcic:
Windows-Bad Image
Exeption processing Message 0xc000007b Parameters
0x000007FEFCF4718C 0X000007FEFCF4718C 0X000007FEFCF4718C
0X000007FEFCF4718C 0X000007FEFCF4718C
Onda podigne sistem i Kasperski ponovo prijavi isti problem i tako u nedogled
E sad ja sam skenirao ceo sistem,kao je Kasperki sve sredio ali nije. Ako ignorisem prijavu Alarma od strane Kasperskog taj prozorcic se ne zatvara tako stoji sve vreme i na svakih 5 min. pojavljuje se sledeci prozorcic:
C:\WINDOWS\SYSTEM32\SVCHOST.EXE (PID:480):
Accesing the files C:\... \U\80000000.@ containing
Trojan program Backdoor.Win64.ZAccess.bt.
A zatim kao Kasperski je sam pokrenuo akciju i obrisao virus:
C:\WINDOWS\SYSTEM32\SVCHOST.EXE (PID:480):
Accesing the files C:\... \U\80000000.@ containing
Trojan program Backdoor.Win64.ZAccess.bt.Deleted and
backup is created.
I tako u nedogled...
Cak ako ne koristim racunar a on neode u sleep mode ukljuci se neka muzika koju ja nisam pustio,nikakav program nije aktiviran a muzikic svira i nemogu da je ugasim sem da restartujem racunar.
Palo mi je napamet da reinstaliram sistem ali bih voleo da bez toga probam da sa vasom pomoci resim ovaj problem,naravno ako moze.
Pozdrav i hvala unapred
mycity.rs/must-login.png
OTL logfile created on: 2012-09-23 16:41:56 - Run 2
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Ivke\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd
4,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,39% Memory free
7,99 Gb Paging File | 5,52 Gb Available in Paging File | 69,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 16,68 Gb Free Space | 29,90% Space Free | Partition Type: NTFS
Drive D: | 48,82 Gb Total Space | 26,51 Gb Free Space | 54,29% Space Free | Partition Type: NTFS
Drive E: | 48,82 Gb Total Space | 36,73 Gb Free Space | 75,23% Space Free | Partition Type: NTFS
Drive F: | 152,51 Gb Total Space | 80,54 Gb Free Space | 52,81% Space Free | Partition Type: NTFS
Drive H: | 29,29 Gb Total Space | 20,54 Gb Free Space | 70,13% Space Free | Partition Type: NTFS
Computer Name: IVKE-PC | User Name: Ivke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
========== Processes (SafeList) ==========
PRC - [2012-09-23 16:33:04 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Ivke\Downloads\OTL.exe
PRC - [2012-09-18 08:38:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-09-04 09:21:11 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011-04-08 12:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011-02-21 22:24:37 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2011-01-20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009-10-14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009-10-14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009-10-07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009-07-07 14:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2009-03-30 16:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2009-02-23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
========== Modules (No Company Name) ==========
MOD - [2012-09-18 08:38:54 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-09-04 09:21:10 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2011-11-02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-11-02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009-10-14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009-10-14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009-07-30 15:54:04 | 000,170,496 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009-03-30 16:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2009-02-06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
========== Services (SafeList) ==========
SRV:64bit: - [2012-08-21 15:33:16 | 001,019,328 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2011-03-09 23:00:40 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011-03-09 16:50:40 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-10-07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-09-21 09:48:49 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-09-18 08:38:54 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-07-03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011-02-21 22:24:37 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2011-02-21 22:06:42 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011-02-21 22:06:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-02-23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2012-07-30 13:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012-04-25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-12-07 20:04:24 | 000,043,456 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-03-09 17:33:48 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-03-09 16:15:18 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011-03-02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2011-02-26 15:41:49 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011-02-21 22:17:45 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-17 02:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010-04-27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010-04-27 17:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010-04-27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010-04-27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010-04-27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010-03-17 12:24:00 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010-03-02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010-02-18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009-11-03 17:33:44 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009-10-29 10:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009-10-19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009-10-14 21:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2009-10-07 10:49:26 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009-10-07 10:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009-10-07 10:45:36 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009-10-07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009-10-07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009-10-02 19:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009-09-01 15:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009-08-13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009-07-31 05:40:34 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMfilt64.sys -- (VMfilt)
DRV:64bit: - [2009-07-16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009-07-14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-02-13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = login.yahoo.com/config/login?.src=fpctx&am.....oo.com%2F/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C C3 B8 8B 04 D2 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {5172CA98-5601-4A3E-824F-22D143BE0D02}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5172CA98-5601-4A3E-824F-22D143BE0D02}: "URL" = google.com/search?hl=sv&q={searchTerms}&rlz=1I7SKPB_en
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=16t48f0frg39a"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFC2&ctid=CT2269050&SearchSource=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-09-18 08:38:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-09-22 09:20:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2011-02-21 22:17:50 | 000,000,000 | ---D | M]
[2011-03-18 15:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ivke\AppData\Roaming\Mozilla\Extensions
[2012-09-20 10:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ivke\AppData\Roaming\Mozilla\Firefox\Profiles\2fzvjcyc.default\extensions
[2011-06-14 18:19:04 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ivke\AppData\Roaming\Mozilla\Firefox\Profiles\2fzvjcyc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012-09-19 09:04:08 | 000,000,949 | ---- | M] () -- C:\Users\Ivke\AppData\Roaming\Mozilla\Firefox\Profiles\2fzvjcyc.default\searchplugins\conduit.xml
[2012-05-31 04:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-08-25 09:55:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-03-18 20:21:08 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012-09-18 08:38:55 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-05-04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012-03-07 13:28:56 | 000,244,544 | ---- | M] (SecMaker AB) -- C:\Program Files (x86)\mozilla firefox\plugins\npiidplg.dll
[2011-07-11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012-09-18 08:38:53 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-09-18 08:38:53 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Net iD] C:\Program Files\Net iD\iid.exe (SecMaker AB)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Net iD] C:\Program Files (x86)\Net iD\iid.exe (SecMaker AB)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Open With JPEGCompress - C:\Program Files (x86)\JPEGCompress\owjc.dll (Dreamscape Software)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open With JPEGCompress - C:\Program Files (x86)\JPEGCompress\owjc.dll (Dreamscape Software)
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.150.193.150 83.255.245.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B94F1F7A-5F62-42DD-A72A-1DC5A223D488}: DhcpNameServer = 193.150.193.150 83.255.245.11
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-02-23 21:40:59 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 60 Days ==========
[2012-09-22 15:19:09 | 000,000,000 | ---D | C] -- C:\Users\Ivke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012-09-22 15:19:09 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012-09-22 15:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012-09-22 15:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012-09-22 14:00:55 | 000,000,000 | ---D | C] -- C:\Users\Ivke\AppData\Roaming\SUPERAntiSpyware.com
[2012-09-22 14:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012-09-22 13:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012-09-22 13:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012-09-22 13:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012-09-22 12:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012-09-22 09:50:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012-09-22 09:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012-09-22 09:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012-09-20 08:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS
[2012-09-19 09:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012-09-19 09:01:30 | 000,000,000 | ---D | C] -- C:\Users\Ivke\AppData\Local\Conduit
[2012-09-03 21:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GNU
[2012-08-25 18:06:50 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012-08-16 09:39:54 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012-08-16 09:39:54 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012-08-16 09:39:54 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012-08-16 09:39:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012-08-16 09:39:53 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-08-16 09:39:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-08-16 09:39:53 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012-08-16 09:39:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012-08-16 09:39:53 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012-08-16 09:39:53 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012-08-16 09:39:48 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012-08-16 09:39:48 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-08-16 09:39:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-08-16 09:39:48 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-08-16 09:39:48 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-08-16 09:39:48 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-08-16 09:39:47 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-08-16 09:39:46 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012-08-12 16:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack x64
[2012-08-12 16:26:47 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012-07-30 13:32:08 | 000,102,240 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 60 Days ==========
[2012-09-23 16:32:00 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-09-23 16:31:02 | 000,000,986 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-09-23 16:24:33 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-09-23 16:24:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-09-23 16:24:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012-09-22 15:19:09 | 000,002,261 | ---- | M] () -- C:\Users\Ivke\Desktop\SpyHunter.lnk
[2012-09-22 15:14:14 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-09-22 15:14:14 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-09-22 15:13:52 | 000,726,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-09-22 15:13:52 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-09-22 15:13:52 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-09-22 15:06:56 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-22 12:27:36 | 000,001,399 | ---- | M] () -- C:\Users\Ivke\Desktop\iTunes - Shortcut.lnk
[2012-09-22 09:26:49 | 002,738,974 | ---- | M] () -- C:\Users\Ivke\Desktop\20120922_092649.jpg
[2012-09-22 09:26:44 | 004,635,263 | ---- | M] () -- C:\Users\Ivke\Desktop\20120922_092644.jpg
[2012-09-21 09:48:48 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-09-21 09:48:48 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-09-18 08:38:59 | 000,002,053 | ---- | M] () -- C:\Users\Ivke\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-09-10 16:49:11 | 000,000,235 | ---- | M] () -- C:\Windows\spcsadm.INI
[2012-09-10 09:41:52 | 000,000,019 | ---- | M] () -- C:\Windows\FTG.INI
[2012-08-28 11:56:26 | 000,012,146 | ---- | M] () -- C:\Windows\SysWow64\AVGIDSAgent
[2012-08-16 16:05:15 | 000,285,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-07-30 13:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012-09-22 15:19:09 | 000,002,261 | ---- | C] () -- C:\Users\Ivke\Desktop\SpyHunter.lnk
[2012-09-22 12:27:36 | 000,001,399 | ---- | C] () -- C:\Users\Ivke\Desktop\iTunes - Shortcut.lnk
[2012-09-22 10:28:39 | 002,738,974 | ---- | C] () -- C:\Users\Ivke\Desktop\20120922_092649.jpg
[2012-09-22 10:28:38 | 004,635,263 | ---- | C] () -- C:\Users\Ivke\Desktop\20120922_092644.jpg
[2012-08-28 11:56:26 | 000,012,146 | ---- | C] () -- C:\Windows\SysWow64\AVGIDSAgent
[2012-08-12 16:31:11 | 000,206,336 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
[2012-08-12 16:31:11 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll
[2012-08-12 16:31:10 | 000,127,488 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2012-06-09 14:19:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-06-09 14:16:21 | 000,003,949 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-10-08 14:20:39 | 000,000,000 | ---- | C] () -- C:\Users\Ivke\AppData\Local\{710843E7-45CA-4CCD-AEE4-D322AAACCC26}
[2011-08-18 16:56:16 | 000,000,193 | ---- | C] () -- C:\Users\Ivke\AppData\Roaming\default.rss
[2011-08-18 16:56:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011-03-24 19:16:31 | 000,000,235 | ---- | C] () -- C:\Windows\spcsadm.INI
[2011-03-24 19:16:31 | 000,000,019 | ---- | C] () -- C:\Windows\FTG.INI
[2011-03-18 15:49:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-03-09 22:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011-02-27 14:13:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011-02-23 19:33:18 | 000,000,192 | ---- | C] () -- C:\Windows\winamp.ini
[2011-02-23 00:44:12 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011-02-21 22:06:55 | 000,170,496 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011-02-21 22:06:55 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011-02-21 22:06:55 | 000,002,773 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2011-02-21 22:06:55 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2011-02-21 22:06:55 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2011-02-21 21:46:38 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011-02-21 21:46:32 | 000,033,159 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
========== ZeroAccess Check ==========
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
|