I posle skeniranja ima virusa

I posle skeniranja ima virusa

offline
  • Pridružio: 23 Sep 2012
  • Poruke: 1

Pozdrav svima Smile

Otvorio sam ovakvu temu na forumu Sveta kompjutera gde su me posavetovali da probam sa vama da resim problem koji imam sa virusom na racunaru.
Naime kad sam postavio temu na forumu Sk. dobio sam savet da probam da resim problem sa portabl verzijom SuperAntiSpyware ili Malwarebytes-om medjutim to nije pomoglo.

Od zastite koristim Kaspersky Internet Security 2010.Kad racunar podigne sistem pojavi se alarm od strane kasperskog da postoji Trojanac:

object:
C:\$Recycle.Bin\s-1-5-18\$be2fbc2d692df...\80000000.@
Trojan program:
Backdoor.win64.ZAccess.bt
Kaspersky trazi da ocisti taj virus i ukoliko to uradim on ga obrise,u toku skeniranja i brisanja tog virusa racunar pre restarta prijavi sledece:

NET-BroadcastEventWindow.2.0.0.0.33c0d9d.o:MOM.exe-Bad Image
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\culture.dll is
either not designed to run on Windows or it contains an error.Try
installing the program again using the original insallation media itd.
Zatim jos jedno upozorenje:

reader_sl.exe-Bad Image
C:\Windows\system32\ole32.dl is either not designed to run
on Windows or it contains an error. u nastavku isti text kao u pasusu gore napisanom.

E onda se restartuje racunar i pri podizanju sistema pojavi se sledeci prozorcic:

Windows-Bad Image
Exeption processing Message 0xc000007b Parameters
0x000007FEFCF4718C 0X000007FEFCF4718C 0X000007FEFCF4718C
0X000007FEFCF4718C 0X000007FEFCF4718C
Onda podigne sistem i Kasperski ponovo prijavi isti problem i tako u nedogled
E sad ja sam skenirao ceo sistem,kao je Kasperki sve sredio ali nije. Ako ignorisem prijavu Alarma od strane Kasperskog taj prozorcic se ne zatvara tako stoji sve vreme i na svakih 5 min. pojavljuje se sledeci prozorcic:

C:\WINDOWS\SYSTEM32\SVCHOST.EXE (PID:480):
Accesing the files C:\... \U\80000000.@ containing
Trojan program Backdoor.Win64.ZAccess.bt.

A zatim kao Kasperski je sam pokrenuo akciju i obrisao virus:

C:\WINDOWS\SYSTEM32\SVCHOST.EXE (PID:480):
Accesing the files C:\... \U\80000000.@ containing
Trojan program Backdoor.Win64.ZAccess.bt.Deleted and
backup is created.
I tako u nedogled...
Cak ako ne koristim racunar a on neode u sleep mode ukljuci se neka muzika koju ja nisam pustio,nikakav program nije aktiviran a muzikic svira i nemogu da je ugasim sem da restartujem racunar.

Palo mi je napamet da reinstaliram sistem ali bih voleo da bez toga probam da sa vasom pomoci resim ovaj problem,naravno ako moze.

Pozdrav i hvala unapred




mycity.rs/must-login.png


OTL logfile created on: 2012-09-23 16:41:56 - Run 2
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Ivke\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,39% Memory free
7,99 Gb Paging File | 5,52 Gb Available in Paging File | 69,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 16,68 Gb Free Space | 29,90% Space Free | Partition Type: NTFS
Drive D: | 48,82 Gb Total Space | 26,51 Gb Free Space | 54,29% Space Free | Partition Type: NTFS
Drive E: | 48,82 Gb Total Space | 36,73 Gb Free Space | 75,23% Space Free | Partition Type: NTFS
Drive F: | 152,51 Gb Total Space | 80,54 Gb Free Space | 52,81% Space Free | Partition Type: NTFS
Drive H: | 29,29 Gb Total Space | 20,54 Gb Free Space | 70,13% Space Free | Partition Type: NTFS

Computer Name: IVKE-PC | User Name: Ivke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012-09-23 16:33:04 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Ivke\Downloads\OTL.exe
PRC - [2012-09-18 08:38:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-09-04 09:21:11 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011-04-08 12:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011-02-21 22:24:37 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2011-01-20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009-10-14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009-10-14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009-10-07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009-07-07 14:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2009-03-30 16:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2009-02-23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012-09-18 08:38:54 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-09-04 09:21:10 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2011-11-02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-11-02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009-10-14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009-10-14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009-07-30 15:54:04 | 000,170,496 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009-03-30 16:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2009-02-06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2012-08-21 15:33:16 | 001,019,328 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2011-03-09 23:00:40 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011-03-09 16:50:40 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-10-07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-09-21 09:48:49 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-09-18 08:38:54 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-07-03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011-02-21 22:24:37 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2011-02-21 22:06:42 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011-02-21 22:06:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-02-23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2012-07-30 13:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012-04-25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-12-07 20:04:24 | 000,043,456 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-03-09 17:33:48 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-03-09 16:15:18 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011-03-02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2011-02-26 15:41:49 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011-02-21 22:17:45 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-17 02:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010-04-27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010-04-27 17:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010-04-27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010-04-27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010-04-27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010-03-17 12:24:00 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010-03-02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010-02-18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009-11-03 17:33:44 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009-10-29 10:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009-10-19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009-10-14 21:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2009-10-07 10:49:26 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009-10-07 10:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009-10-07 10:45:36 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009-10-07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009-10-07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009-10-02 19:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009-09-01 15:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009-08-13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009-07-31 05:40:34 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMfilt64.sys -- (VMfilt)
DRV:64bit: - [2009-07-16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009-07-14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-02-13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = login.yahoo.com/config/login?.src=fpctx&am.....oo.com%2F/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C C3 B8 8B 04 D2 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {5172CA98-5601-4A3E-824F-22D143BE0D02}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5172CA98-5601-4A3E-824F-22D143BE0D02}: "URL" = google.com/search?hl=sv&q={searchTerms}&rlz=1I7SKPB_en
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=16t48f0frg39a"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFC2&ctid=CT2269050&SearchSource=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-09-18 08:38:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-09-22 09:20:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2011-02-21 22:17:50 | 000,000,000 | ---D | M]

[2011-03-18 15:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ivke\AppData\Roaming\Mozilla\Extensions
[2012-09-20 10:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ivke\AppData\Roaming\Mozilla\Firefox\Profiles\2fzvjcyc.default\extensions
[2011-06-14 18:19:04 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ivke\AppData\Roaming\Mozilla\Firefox\Profiles\2fzvjcyc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012-09-19 09:04:08 | 000,000,949 | ---- | M] () -- C:\Users\Ivke\AppData\Roaming\Mozilla\Firefox\Profiles\2fzvjcyc.default\searchplugins\conduit.xml
[2012-05-31 04:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-08-25 09:55:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-03-18 20:21:08 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012-09-18 08:38:55 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-05-04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012-03-07 13:28:56 | 000,244,544 | ---- | M] (SecMaker AB) -- C:\Program Files (x86)\mozilla firefox\plugins\npiidplg.dll
[2011-07-11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012-09-18 08:38:53 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-09-18 08:38:53 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Net iD] C:\Program Files\Net iD\iid.exe (SecMaker AB)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Net iD] C:\Program Files (x86)\Net iD\iid.exe (SecMaker AB)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Open With JPEGCompress - C:\Program Files (x86)\JPEGCompress\owjc.dll (Dreamscape Software)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open With JPEGCompress - C:\Program Files (x86)\JPEGCompress\owjc.dll (Dreamscape Software)
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.150.193.150 83.255.245.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B94F1F7A-5F62-42DD-A72A-1DC5A223D488}: DhcpNameServer = 193.150.193.150 83.255.245.11
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-02-23 21:40:59 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2012-09-22 15:19:09 | 000,000,000 | ---D | C] -- C:\Users\Ivke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012-09-22 15:19:09 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012-09-22 15:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012-09-22 15:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012-09-22 14:00:55 | 000,000,000 | ---D | C] -- C:\Users\Ivke\AppData\Roaming\SUPERAntiSpyware.com
[2012-09-22 14:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012-09-22 13:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012-09-22 13:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012-09-22 13:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012-09-22 12:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012-09-22 09:50:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012-09-22 09:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012-09-22 09:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012-09-20 08:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS
[2012-09-19 09:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012-09-19 09:01:30 | 000,000,000 | ---D | C] -- C:\Users\Ivke\AppData\Local\Conduit
[2012-09-03 21:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GNU
[2012-08-25 18:06:50 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012-08-16 09:39:54 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012-08-16 09:39:54 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012-08-16 09:39:54 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012-08-16 09:39:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012-08-16 09:39:53 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-08-16 09:39:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-08-16 09:39:53 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012-08-16 09:39:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012-08-16 09:39:53 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012-08-16 09:39:53 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012-08-16 09:39:48 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012-08-16 09:39:48 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-08-16 09:39:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-08-16 09:39:48 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-08-16 09:39:48 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-08-16 09:39:48 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-08-16 09:39:47 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-08-16 09:39:46 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012-08-12 16:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack x64
[2012-08-12 16:26:47 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012-07-30 13:32:08 | 000,102,240 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2012-09-23 16:32:00 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-09-23 16:31:02 | 000,000,986 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-09-23 16:24:33 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-09-23 16:24:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-09-23 16:24:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012-09-22 15:19:09 | 000,002,261 | ---- | M] () -- C:\Users\Ivke\Desktop\SpyHunter.lnk
[2012-09-22 15:14:14 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-09-22 15:14:14 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-09-22 15:13:52 | 000,726,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-09-22 15:13:52 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-09-22 15:13:52 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-09-22 15:06:56 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-22 12:27:36 | 000,001,399 | ---- | M] () -- C:\Users\Ivke\Desktop\iTunes - Shortcut.lnk
[2012-09-22 09:26:49 | 002,738,974 | ---- | M] () -- C:\Users\Ivke\Desktop\20120922_092649.jpg
[2012-09-22 09:26:44 | 004,635,263 | ---- | M] () -- C:\Users\Ivke\Desktop\20120922_092644.jpg
[2012-09-21 09:48:48 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-09-21 09:48:48 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-09-18 08:38:59 | 000,002,053 | ---- | M] () -- C:\Users\Ivke\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-09-10 16:49:11 | 000,000,235 | ---- | M] () -- C:\Windows\spcsadm.INI
[2012-09-10 09:41:52 | 000,000,019 | ---- | M] () -- C:\Windows\FTG.INI
[2012-08-28 11:56:26 | 000,012,146 | ---- | M] () -- C:\Windows\SysWow64\AVGIDSAgent
[2012-08-16 16:05:15 | 000,285,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-07-30 13:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-09-22 15:19:09 | 000,002,261 | ---- | C] () -- C:\Users\Ivke\Desktop\SpyHunter.lnk
[2012-09-22 12:27:36 | 000,001,399 | ---- | C] () -- C:\Users\Ivke\Desktop\iTunes - Shortcut.lnk
[2012-09-22 10:28:39 | 002,738,974 | ---- | C] () -- C:\Users\Ivke\Desktop\20120922_092649.jpg
[2012-09-22 10:28:38 | 004,635,263 | ---- | C] () -- C:\Users\Ivke\Desktop\20120922_092644.jpg
[2012-08-28 11:56:26 | 000,012,146 | ---- | C] () -- C:\Windows\SysWow64\AVGIDSAgent
[2012-08-12 16:31:11 | 000,206,336 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
[2012-08-12 16:31:11 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll
[2012-08-12 16:31:10 | 000,127,488 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2012-06-09 14:19:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-06-09 14:16:21 | 000,003,949 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-10-08 14:20:39 | 000,000,000 | ---- | C] () -- C:\Users\Ivke\AppData\Local\{710843E7-45CA-4CCD-AEE4-D322AAACCC26}
[2011-08-18 16:56:16 | 000,000,193 | ---- | C] () -- C:\Users\Ivke\AppData\Roaming\default.rss
[2011-08-18 16:56:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011-03-24 19:16:31 | 000,000,235 | ---- | C] () -- C:\Windows\spcsadm.INI
[2011-03-24 19:16:31 | 000,000,019 | ---- | C] () -- C:\Windows\FTG.INI
[2011-03-18 15:49:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-03-09 22:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011-02-27 14:13:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011-02-23 19:33:18 | 000,000,192 | ---- | C] () -- C:\Windows\winamp.ini
[2011-02-23 00:44:12 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011-02-21 22:06:55 | 000,170,496 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011-02-21 22:06:55 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011-02-21 22:06:55 | 000,002,773 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2011-02-21 22:06:55 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2011-02-21 22:06:55 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2011-02-21 21:46:38 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011-02-21 21:46:32 | 000,033,159 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav, Ivan Djokic


U toku rešavanja slučaja, molio bih te da se pridržavas sledećeg:
Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamenjivati) i raditi isključivo po njima;
Ne tražiti istovremeno pomoć na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo;
Ukoliko se desi nešto što ne stoji u uputstvu, a ne znaš šta je, zaustavi sve i pitaj;
U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio;
Uvek kopiraj ceo izveštaj u poruku, bez da ga attach-uješ, ukoliko nije tako zatraženo;
Ukoliko ne odgovorim u roku od 24h, osveži temu novim post-om;
Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK


Korak 1.

Koristiš zastarelu verziju Kasperskog, kojoj uskoro prestaje podrška. Takođe da nam ne pravi probleme tokom uklanjanja malware-a, otiđi u Control Panel i deinstaliraj Kaspersky Internet Security 2010.



Korak 2.

Dvoklikom pokreni OTL.

Štikliraj opciju Scan All Users.
U beli okvir prozora gde piše Custom Scans/Fixes iskopiraj sledeći tekst:

CREATERESTOREPOINT
BASESERVICES
drives
/md5start
services.exe
/md5stop
%systemroot%\assembly\GAC_32\*.ini /MD5
%systemroot%\assembly\GAC_64\*.ini /MD5
%systemroot%\Installer|@;true;true;true
%systemdrive%\$Recycle.Bin|@;true;true;true
C:\$Recycle.Bin\S-1-5-18 /s
C:\$Recycle.Bin\S-1-5-21-1862684139-277524484-329249885-1000 /s



Klikni RunScan i pričekaj da se skeniranje završi.
Iskopiraj sadržaj OTL.txt izveštaja u temu na forumu.




Korak 3.

Preuzmi TDSSKiller sa sljedeće adrese na Desktop:

TDSSKiller


Kad preuzimanje bude završeno:

Preimenuj TDSSKiller.exe u MyCity.exe

Pokreni MyCity.exe i klikni na Change parametres.

U dijelu Additional options štrikliraj opcije Verify driver signatures i Detect TDLFS file system, a zatim klikni na OK.

Klikni na Start scan.

Kad završi prikazaće ti rezultate skeniranja i tu nemoj ništa da mijenjaš već samo klikni na Continue.

Ukoliko program bude zatražio restart sistema dozvoli mu to.

Prikači uz poruku izvještaj koji se nalazi na sljedećoj lokaciji:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vrijeme kada je log napravljen)




Korak 4.

Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:provjeriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obilježeni tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.

Ko je trenutno na forumu
 

Ukupno su 760 korisnika na forumu :: 35 registrovanih, 1 sakriven i 724 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, _Sale, A.R.Chafee.Jr., amaterSRB, Bane san, Cirkon, dac, dankisha, Dorcolac, Drug pukovnik, Duh sa sekirom, ILGromovnik, kripo, Lieutenant, mercedesamg, Milan A. Nikolic, milos.cbr, Mlav, nemkea71, nenad81, oddsock, ostoja, Polemarchoi, Regrut Boskica, Sirius, Srki94, Steeeefan, Toni, Toper, vasa.93, VJ, Vlada1389, vlahale, zljubomir, Živković