MyCity » Ambulanta -> Arhiva Ambulante » TR/ATRAPS.Gen2 virus

TR/ATRAPS.Gen2 virus

Napisano na dan: 24.8.2012

TR/ATRAPS.Gen2 virus
Sledeća strana Pagination

Idi na vrh

Poslao: 25 Avg 2012 00:54
Idi na vrh
offline
  • bibliotekar
  • Pridružio: 24 Avg 2012
  • Poruke: 1

Napisano: 24 Avg 2012 21:29

- pre dva dana AVIRA me je upozorila na prisustvo TR/ATRAPS.Gen2 virusa i nemogućnost da ga ukloni.

- pre toga primetio sam usporavanje rada kompjutera, pretraživanja i otvaranja siteova na Internetu.

- pokušao sam da nadjem manuelno čišćenje, jer su programi koji se nude kao "specijalizovani" za čišćenje papreni, a ja nemam mogućnosti da ih platim.

- u Vašoj Arhivi Ambulante pronašao sam da ste 4. juna o.g. imali sličan problem.
Za sada "moj" trojanac pokazuje znatno blaže simptome, pa ni lek iz arhive ne leči moju mašinu.

- ovo je kopija OTL. txt
OTL logfile created on: 24-Aug-12 22:07:04 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\DRABOR\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

4.00 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 67.84% Memory free
8.00 Gb Paging File | 6.62 Gb Available in Paging File | 82.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.31 Gb Total Space | 140.82 Gb Free Space | 72.10% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 160.94 Gb Free Space | 82.40% Space Free | Partition Type: NTFS
Drive E: | 1006.64 Gb Total Space | 480.77 Gb Free Space | 47.76% Space Free | Partition Type: NTFS
Drive I: | 7.45 Gb Total Space | 5.26 Gb Free Space | 70.58% Space Free | Partition Type: FAT32

Computer Name: DRABOR-PC | User Name: DRABOR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-24 22:05:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\DRABOR\Desktop\OTL.exe
PRC - [2012-08-02 19:34:06 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012-08-02 19:34:06 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
PRC - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012-02-10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2012-01-03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011-08-01 15:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2011-07-29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011-07-01 12:41:18 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-04-27 14:59:58 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010-11-05 22:04:43 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010-07-09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010-07-06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010-03-04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2010-02-12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2007-12-06 20:03:42 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe


========== Modules (No Company Name) ==========

MOD - [2012-08-15 16:38:24 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2011-07-29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011-07-29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010-09-22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-08-15 16:38:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-06-07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-02-10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012-02-10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011-07-01 12:41:18 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011-04-27 14:59:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011-03-16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-02-20 19:35:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010-10-11 01:08:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010-07-09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010-07-06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010-02-12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007-12-06 20:03:42 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-08-23 21:18:27 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV:64bit: - [2012-03-08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-07-01 12:41:19 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011-07-01 12:41:19 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 15:25:46 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-04-12 10:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010-03-18 21:52:18 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2010-03-18 21:52:10 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2010-03-18 21:52:02 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2010-03-18 21:51:50 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010-03-18 21:51:34 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010-03-18 21:51:26 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010-03-18 21:51:18 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010-03-18 21:50:52 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010-03-18 21:50:42 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010-03-18 21:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV:64bit: - [2010-03-18 21:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV:64bit: - [2010-03-18 21:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV:64bit: - [2010-03-18 21:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV:64bit: - [2010-03-18 21:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV:64bit: - [2010-03-18 21:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV:64bit: - [2010-03-18 21:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV:64bit: - [2010-03-18 21:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)
DRV:64bit: - [2010-01-19 15:58:36 | 000,597,504 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GUCI_AVS.sys -- (GUCI_AVS)
DRV:64bit: - [2009-11-12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-25 17:32:08 | 000,198,784 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmuvc.sys -- (VMUVC)
DRV:64bit: - [2008-07-01 11:14:42 | 000,303,616 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vvftUVC.sys -- (vvftUVC)
DRV:64bit: - [2008-06-27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007-04-10 04:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007-04-10 04:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007-04-10 04:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007-04-10 04:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007-04-10 04:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007-04-10 04:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007-04-10 04:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2012-08-24 20:25:49 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)
DRV - [2009-11-12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004-01-26 17:36:35 | 000,095,552 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004-01-26 17:01:28 | 000,052,224 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003-12-01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003-09-06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prosync1.sys -- (prosync1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = search.sweetim.com/search.asp?src=6&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 8C EB 53 C6 68 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1D749415-63F9-4DBB-96E5-9778DBB1C4B9}: "URL" = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKCU\..\SearchScopes\{4987713B-04E9-4C9E-A96B-8E8F7F9425FF}: "URL" = flvtubesearch.co/?tmp=toolbar_FlvTube_results&prt=flvtubetb01ie&Keywords={searchTerms}&clid=3e3af8af633d4a618e174fe03b21278b
IE - HKCU\..\SearchScopes\{6AE5F7D1-AB9D-4410-A75E-060CA3A8FD81}: "URL" = flvtubesearch.co/?tmp=toolbar_FlvTube_results&prt=flvtubetb01ie&Keywords={searchTerms}&clid=3ca54a6af71d403784025ba38538b312
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\..\SearchScopes\{F028D9A4-BB6B-4A5D-B350-8D647C7E3523}: "URL" = flvtubesearch.co/?tmp=toolbar_FlvTube_results&prt=flvtubetb01ie&Keywords={searchTerms}&clid=6a0ba96e0fa44b2688dc347a77ad5c16
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-FlvTube"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Yahoo-FlvTube"
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch.co/?tmp=toolbar_FLVTube_results&prt=flvtubetb01ff&clid=3ca54a6af71d403784025ba38538b312&subid=&Keywords={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.3.0.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100010
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Yahoo-FlvTube"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Yahoo-FlvTube"
FF - prefs.js..browser.startup.homepage: "http://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ff&clid=6a0ba96e0fa44b2688dc347a77ad5c16&subid="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-12-18 01:07:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi [2012-03-03 21:54:37 | 000,102,233 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-04-21 20:19:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-03-03 20:46:38 | 000,000,000 | ---D | M]

[2010-10-11 00:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DRABOR\AppData\Roaming\Mozilla\Extensions
[2012-04-26 10:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DRABOR\AppData\Roaming\Mozilla\Firefox\Profiles\922250dt.default\extensions
[2012-04-26 10:40:03 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\DRABOR\AppData\Roaming\Mozilla\Firefox\Profiles\922250dt.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011-12-11 12:43:12 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\DRABOR\AppData\Roaming\Mozilla\Firefox\Profiles\922250dt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012-04-01 16:16:39 | 000,000,000 | ---D | M] ("KMPlayer Toolbar") -- C:\Users\DRABOR\AppData\Roaming\Mozilla\Firefox\Profiles\922250dt.default\extensions\toolbar@ask.com
[2011-12-11 12:43:03 | 000,003,915 | ---- | M] () -- C:\Users\DRABOR\AppData\Roaming\Mozilla\Firefox\Profiles\922250dt.default\searchplugins\sweetim.xml
[2012-06-30 10:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-07-22 23:08:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010-10-13 19:52:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-12-18 01:07:44 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010-10-13 19:52:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010-06-29 06:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010-11-04 01:39:19 | 000,004,884 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\flvtube.xml

========== Chrome ==========

CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={E3B7A8D4-23E4-11E1-870B-001A4D9327FB}
CHR - default_search_provider: suggest_url =
CHR - homepage: home.sweetim.com/?barid={E3B7A8D4-23E4-11E1-870B-001A4D9327FB}
CHR - Extension: YouTube = C:\Users\DRABOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\DRABOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: FBPHOTOZOOM = C:\Users\DRABOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\DRABOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\DRABOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012-08-24 19:53:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {63E429B8-4FA2-2D55-1BB5-76BA3CC76251} - No CLSID value found.
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.250.33.21 87.250.33.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BDC94F0-380A-4EDD-A063-A9185B253DDD}: DhcpNameServer = 87.250.33.21 87.250.33.22
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\SysNative\WPDShServiceObj.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-09-28 21:00:12 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-08-24 22:05:48 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\DRABOR\Desktop\OTL.exe
[2012-08-24 21:03:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-08-24 20:58:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-08-24 20:44:26 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\DRABOR\Desktop\MyCity.exe.exe
[2012-08-24 19:40:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-08-24 19:30:31 | 000,000,000 | -H-D | C] -- C:\Users\DRABOR\Desktop\[Originals]
[2012-08-24 19:24:30 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{2A28850C-167A-4F71-B4E9-4A38226718EC}
[2012-08-23 19:04:26 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{CF0F4A41-D500-443D-970F-615DDF9337EC}
[2012-08-23 00:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012-08-22 23:24:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012-08-22 23:15:30 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012-08-22 23:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012-08-22 23:15:05 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Roaming\TestApp
[2012-08-22 23:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012-08-22 19:44:15 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{B500C709-C4B6-47B5-87C8-901955ACAAAA}
[2012-08-22 07:43:50 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{07FB7F42-CC4C-42B6-9AA9-59AEC06EB8F5}
[2012-08-21 19:01:52 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{1878F8A6-8AFB-40B9-9023-4A892895F3FD}
[2012-08-20 23:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
[2012-08-20 19:24:01 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{04748BA9-5942-4153-9374-271B61547952}
[2012-08-18 16:05:56 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{57966F78-5168-4093-ADCA-E4220D62208A}
[2012-08-18 04:05:27 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{2D362562-A9C6-4935-9C4E-4FCCAC751C4B}
[2012-08-17 16:04:41 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{B3FE89FF-A2CD-43F1-B795-88F04EC09BC4}
[2012-08-17 16:04:14 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{966523A5-6259-4DF0-A17E-B000B236EE0A}
[2012-08-17 04:03:36 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{1BC6C2B3-D616-4064-A756-D41FBC3C5CF0}
[2012-08-17 04:03:12 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{1A889896-4354-4833-BB56-50A7C9976781}
[2012-08-16 16:02:41 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{3EDF7C18-E35F-429C-8884-6B48D7C50F49}
[2012-08-16 16:02:28 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{B497FAF6-AB2B-49EB-81F2-563AA47D0B4F}
[2012-08-15 16:14:25 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{20EE7B2D-D282-4C71-A2DA-898459B46DB2}
[2012-08-15 16:14:10 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{3272EE56-9BDB-4106-9296-F25F6BF34AAF}
[2012-08-14 15:52:48 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{EFDE1370-C868-42C0-89A6-1533BE0A5376}
[2012-08-14 15:52:35 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{B30F9304-681B-46E5-8BDA-F5AB34715F0C}
[2012-08-13 15:32:23 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{ADF13F99-A19D-491B-8C65-D27FB45BF492}
[2012-08-13 15:32:07 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{67B9C380-C483-4C88-BD57-183A2A538006}
[2012-08-12 19:36:15 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{7A70CD14-13A0-47E9-911A-99D8F962A325}
[2012-08-12 19:35:50 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{422FB85C-73BE-4826-A117-59F5EE145CF4}
[2012-08-12 07:35:02 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{6CC63D3F-AD2A-4654-94A4-4F11D6BEDB4B}
[2012-08-11 19:34:21 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{E4580282-B49C-4506-BE71-D8FA84FFE968}
[2012-08-11 19:33:52 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{A6105800-4DDC-4C02-92EC-9FA44D0FC43E}
[2012-08-11 07:33:24 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{F3A8E791-BBA3-4A03-98A0-5871B3AE3857}
[2012-08-10 19:32:24 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{248596BD-7DAB-4776-A058-A3BD8ABDC830}
[2012-08-10 19:32:11 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{4C2A6022-D26E-4F0F-961E-87EF53A68982}
[2012-08-09 15:47:00 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{932AEADE-E6FC-498C-82BC-87BE2BAF3AE4}
[2012-08-09 15:46:47 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{4679C73B-73FC-4CF7-B6BE-73FB964D8263}
[2012-08-08 15:48:08 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{1E3D5851-AA49-40E1-9D9C-35BA0837FF5E}
[2012-08-08 15:47:54 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{FE7C854C-54AA-4220-B113-3A423D325C47}
[2012-08-07 15:38:28 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{2EA1585F-2AEA-4CC6-86EE-C1315AD7BBAD}
[2012-08-07 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{8EFCD579-67F5-4985-8F3A-D2BAC0F2B61C}
[2012-08-07 03:09:38 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{662B42BE-14BB-463F-AB09-C8F5029C0DA3}
[2012-08-07 03:09:14 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{74B80022-A29E-43AD-BE6A-2110A2850E38}
[2012-08-06 15:08:40 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{8C91046A-65F0-49A3-B2E3-06A1ACC8560B}
[2012-08-06 15:08:26 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{631E4E24-780C-4D2B-9A25-3FF6017BD1CA}
[2012-08-05 23:25:07 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{57316ACC-8110-4733-BE23-987D2E2ECEBE}
[2012-08-05 23:24:43 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{3A29C8C4-7138-4D40-BC05-C7EF8C9842E6}
[2012-08-05 11:24:09 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{311948ED-6770-4485-8206-9CB3BFB6C3EB}
[2012-08-05 11:23:55 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{1A0D3AFE-94C3-42EE-B679-697EB94CF6D9}
[2012-08-04 13:46:59 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{07A19CD2-02DC-4B1F-B1F8-BC2FF00842A3}
[2012-08-04 13:46:35 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{3589432D-447A-40D0-876A-B1BFBD58CC61}
[2012-08-04 01:46:05 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{A6AB134D-C6A3-47ED-AD42-058F4BAD56FC}
[2012-08-04 01:45:44 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{F81FAC2E-AD28-4AF2-9ADE-5D5438C89201}
[2012-08-03 13:45:12 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{BFC594A1-FAF4-4EDB-8316-3C1CE19070EC}
[2012-08-03 13:44:59 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{82435322-203A-4FB9-9623-13F6F507C90B}
[2012-08-02 18:43:09 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{DB7905B4-4854-438D-99D9-33C3614DAE63}
[2012-08-02 18:42:55 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{661A69B7-6E00-4624-A02D-1CB514FA206C}
[2012-08-01 18:27:36 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{D2D3FD37-A4E4-407B-B2FE-41533D1C85D2}
[2012-08-01 18:27:21 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{BE947A6A-3C3F-46D9-BA32-DFC77850ED72}
[2012-07-31 19:26:43 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\Desktop\Sky Rim trainers
[2012-07-31 18:36:13 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{B4F2F3D2-4745-4DCD-955E-3FBAFF97E992}
[2012-07-31 18:35:57 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{C50D4868-30D2-484D-BC03-A3A2C362DE22}
[2012-07-30 21:18:48 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\Skyrim
[2012-07-30 21:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2012-07-30 20:54:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012-07-30 20:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012-07-30 18:22:50 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{76846396-CD41-4F7C-86B5-9F7EAC89238F}
[2012-07-30 18:22:18 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{40B8BB85-678C-4263-9DE9-8DA67CC76C53}
[2012-07-29 22:23:12 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{950D05D3-7D1A-4FDC-AB48-B911105C53A2}
[2012-07-29 22:22:59 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{0FBF9338-D471-444F-9CB7-CF77C94396A1}
[2012-07-29 10:22:25 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{1509DE18-73F8-4FF3-8604-A86DF408EF66}
[2012-07-29 10:22:11 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{94C2249D-8477-4370-AAD8-060E3AB1AB87}
[2012-07-28 18:04:40 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{9E482FC9-42F5-4189-8A0D-DC014AD1BB6A}
[2012-07-28 18:04:16 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{B91D91F9-BA0D-41B8-A7D9-57546D6050EA}
[2012-07-28 06:03:47 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{6E5FEBFB-1149-4E3E-9D75-003C82E1B420}
[2012-07-27 18:02:21 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{2F1C317A-4865-41EF-984A-CEAD0F999BBA}
[2012-07-27 18:02:01 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{86EA03FE-C8A3-45D6-9E7E-F6A66B5CB790}
[2012-07-27 04:38:42 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{A0E925CC-397B-4107-A504-F9826FC7B04F}
[2012-07-26 16:37:26 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{0091FC98-5AA8-4250-90BD-3FBD1DF6CA76}
[2012-07-26 16:37:13 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{B169B099-7772-48BE-9349-C8BDE4D45A5B}
[2012-07-26 03:36:07 | 000,000,000 | ---D | C] -- C:\Users\DRABOR\AppData\Local\{6C548BD0-9180-4A06-A2E0-C5F0BBB2D956}
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-08-24 22:06:35 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-08-24 22:06:35 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-08-24 22:05:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\DRABOR\Desktop\OTL.exe
[2012-08-24 22:05:42 | 000,782,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-08-24 22:05:42 | 000,662,972 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-08-24 22:05:42 | 000,121,840 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-08-24 22:01:30 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012-08-24 22:01:28 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-08-24 22:01:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-08-24 22:01:11 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012-08-24 22:00:31 | 000,033,208 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx
[2012-08-24 22:00:31 | 000,033,208 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx
[2012-08-24 22:00:31 | 000,027,408 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx
[2012-08-24 22:00:31 | 000,027,408 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx
[2012-08-24 22:00:31 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx
[2012-08-24 21:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-08-24 21:35:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-08-24 20:44:27 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\DRABOR\Desktop\MyCity.exe.exe
[2012-08-24 20:25:49 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2012-08-24 19:53:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-08-24 19:43:58 | 001,468,299 | ---- | M] () -- C:\Users\DRABOR\Desktop\TR_ATRAPS.Gen2 virus.mht
[2012-08-23 21:18:27 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012-08-23 21:18:18 | 446,899,859 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012-08-23 21:16:32 | 000,000,722 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012-08-23 00:18:12 | 000,000,021 | ---- | M] () -- C:\Windows\tpcsd
[2012-08-22 23:15:46 | 002,217,570 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012-08-15 16:38:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-08-15 16:38:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-08-07 19:10:29 | 000,001,209 | ---- | M] () -- C:\Users\DRABOR\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012-08-07 19:10:29 | 000,001,185 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012-07-30 22:22:09 | 000,001,227 | ---- | M] () -- C:\Users\DRABOR\Desktop\SkyrimLauncher.lnk
[2012-07-26 01:01:31 | 000,000,000 | ---- | M] () -- C:\Users\DRABOR\Desktop\New WinZip Zipx File.zipx
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2037-11-30 09:43:57 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\80000000.@
[2037-04-10 06:28:15 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\000000c0.@
[2037-04-10 06:28:09 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\000000cb.@
[2037-04-10 06:27:51 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\000000cf.@
[2037-04-10 06:27:36 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\800000c0.@
[2037-04-10 06:27:26 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\800000cb.@
[2037-04-10 06:27:17 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\800000cf.@
[2012-08-24 20:25:49 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2012-08-24 19:43:58 | 001,468,299 | ---- | C] () -- C:\Users\DRABOR\Desktop\TR_ATRAPS.Gen2 virus.mht
[2012-08-23 21:18:27 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012-08-23 21:16:32 | 000,000,722 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012-08-23 15:49:20 | 000,092,672 | ---- | C] () -- C:\Windows\assembly\temp\U\80000032.@
[2012-08-23 15:49:20 | 000,080,896 | ---- | C] () -- C:\Windows\assembly\temp\U\80000064.@
[2012-08-23 00:18:12 | 000,000,021 | ---- | C] () -- C:\Windows\tpcsd
[2012-08-22 23:15:36 | 002,217,570 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012-08-22 19:13:50 | 000,000,218 | ---- | C] () -- C:\Windows\assembly\temp\L\00000004.@
[2012-07-30 22:22:15 | 000,001,227 | ---- | C] () -- C:\Users\DRABOR\Desktop\SkyrimLauncher.lnk
[2012-07-29 10:23:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-07-26 01:01:31 | 000,000,000 | ---- | C] () -- C:\Users\DRABOR\Desktop\New WinZip Zipx File.zipx
[2012-06-25 09:36:09 | 000,001,536 | ---- | C] () -- C:\Windows\assembly\temp\U\00000001.@
[2012-06-14 00:12:52 | 000,224,768 | ---- | C] () -- C:\Windows\assembly\temp\U\00000002.@
[2012-04-06 20:57:37 | 000,382,136 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012-03-30 16:18:01 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\80000004.@
[2012-01-19 21:20:58 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-11-02 19:48:14 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\00000004.@
[2011-07-06 11:56:38 | 000,000,039 | ---- | C] () -- C:\Windows\ClassicMusCol.ini
[2011-07-04 00:34:17 | 000,000,022 | -HS- | C] () -- C:\Windows\SysWow64\Userdata.ini
[2011-06-29 13:47:08 | 000,286,208 | ---- | C] () -- C:\Windows\SysWow64\binkw32.dll
[2011-05-31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011-05-31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011-04-09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-04-03 13:05:32 | 000,000,063 | ---- | C] () -- C:\Windows\WININIT.INI
[2011-02-20 20:05:39 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011-02-20 19:34:12 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011-02-20 19:34:12 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011-02-18 20:45:12 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2010-12-08 01:50:03 | 000,776,562 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-12-03 21:09:34 | 000,000,017 | ---- | C] () -- C:\Users\DRABOR\AppData\Local\resmon.resmoncfg
[2010-11-10 23:09:51 | 000,550,400 | ---- | C] () -- C:\Windows\SysWow64\VCLLoader.dll
[2010-10-15 15:56:56 | 000,002,157 | ---- | C] () -- C:\Windows\SysWow64\GUCI_AVS.ini
[2010-10-14 18:44:47 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010-10-13 19:27:01 | 000,076,288 | ---- | C] () -- C:\Users\DRABOR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-11 00:30:23 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

a extras.txt je u attch.

Dopuna: 25 Avg 2012 0:54

hvala VELIKO na trudu i solidarnosti, moji sugrađani! ne treba više da se trudite. sam sam rešio problem.

Poslao: 25 Avg 2012 08:49
Idi na vrh
offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Pozdrav, overman.




Exclamation U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.
Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------


Exclamation I zapamti da nikada, ali nikada ne pretražuješ Arhivu Ambulante tragajući za rešenjem problema, pošto tako možeš da oštetiš sistem! Arhiva Ambulante nije osmišljena da ostali koristnici tragaju za rešenjem po njoj. Inficiran si ZeroAccess rootkit-om, koji nije tako lako otkloniti, tako da bih te zamolio da ispratiš sledeće uputstvo.



Arrow Ponovo pokreni program OTL dvoklikom na ikonicu;

U beli okvir prozora gde piše Custom Scans/Fixes iskopirati sledeći tekst:

:files
C:\Windows\assembly\temp\U
ipconfig /flushdns /c

:commands
[CREATERESTOREPOINT]
[EMPTYJAVA]
[emptytemp]


Klikni taster Run Fix;


Log koji dobiješ iskopiraj ovde u poruci.




Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.



Ivance95 (AMF Tim)

MyCity » Ambulanta -> Arhiva Ambulante » TR/ATRAPS.Gen2 virus

Ko je trenutno na forumu
 

Ukupno su 792 korisnika na forumu :: 6 registrovanih, 2 sakrivenih i 784 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: AMCXXL, babaroga, bojcistv, Bubimir, HrcAk47, zziko