TR/ATRAPS.Gen2 virus

3

TR/ATRAPS.Gen2 virus

offline
  • boksi  Male
  • Ugledni građanin
  • Pridružio: 11 Jun 2008
  • Poruke: 474

OTL logfile created on: 6/5/2012 5:21:34 PM - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Boris\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.39% Memory free
3.98 Gb Paging File | 3.01 Gb Available in Paging File | 75.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 19.43 Gb Total Space | 3.41 Gb Free Space | 17.52% Space Free | Partition Type: NTFS
Drive D: | 54.99 Gb Total Space | 6.73 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 61.66 Mb Free Space | 61.67% Space Free | Partition Type: NTFS

Computer Name: BORIS-PC | User Name: Boris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/05 17:20:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe
PRC - [2012/05/25 20:53:57 | 000,894,352 | ---- | M] (BitTorrent, Inc.) -- D:\uTorrent\uTorrent.exe
PRC - [2012/04/21 03:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/03/13 12:58:58 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe
PRC - [2010/02/03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/12/24 16:52:08 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008/08/29 17:27:30 | 000,143,360 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/05 14:19:08 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/04/21 03:19:01 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2007/05/22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\system32\01AEAFEE.exe -- (01AEAFEE)
SRV - [2012/06/04 22:22:27 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/21 03:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/26 08:45:56 | 000,256,000 | ---- | M] () [Auto | Stopped] -- C:\32788R22FWJFW\pev.3XE -- (PEVSystemStart)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/14 03:15:38 | 000,067,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2009/06/10 23:14:05 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/12/24 16:52:08 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)


========== Driver Services (SafeList) ==========

DRV - [2012/06/05 16:44:29 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/05/14 08:45:53 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/03/13 12:58:52 | 000,087,536 | ---- | M] (CyberLink Corp.) [2012/04/21 20:02:53] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009/08/13 08:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/14 03:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 01:14:09 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009/07/14 01:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2008/08/29 15:29:44 | 000,256,512 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vvftUVC.sys -- (vvftUVC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB C9 B3 4E 19 23 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={6D3AEEB9-5ECB-4558-AD6B-9AC7A2B45AA0}&mid=99809890e09347d08918d156c7e4e1c3-9e676b974cdecd5e54574e8b31e8c02d1b6f5dd5&lang=en&ds=AVG&pr=fr&d=2012-06-05 06:15:09&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.rs/"
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.11.0.9874
FF - prefs.js..extensions.enabledItems: ehtip@robertkatic:2.4.2
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B1c5de9b9-5cc7-40e5-9f5b-dbdfc792a850%7D&mid=99809890e09347d08918d156c7e4e1c3-9e676b974cdecd5e54574e8b31e8c02d1b6f5dd5&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-05%2006%3A15%3A09&sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/24 19:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/24 19:58:17 | 000,000,000 | ---D | M]

[2012/04/21 20:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boris\AppData\Roaming\Mozilla\Extensions
[2012/05/02 21:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\tq1etcya.default\extensions
[2012/04/21 23:02:37 | 000,000,000 | ---D | M] (EHTip) -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\tq1etcya.default\extensions\ehtip@robertkatic
[2012/04/21 22:59:44 | 000,002,096 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\tq1etcya.default\searchplugins\translate-english-to-croatian.xml
[2012/04/24 19:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/21 22:29:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/21 03:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/06/05 06:15:06 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/21 03:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/21 03:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [uTorrent] D:\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79DC8D92-019E-4A94-8F91-3F1CC53E2DFC}: DhcpNameServer = 89.216.1.40 89.216.1.50
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/06/05 17:20:26 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe
[2012/06/05 16:36:33 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/06/05 15:08:03 | 004,537,537 | R--- | C] (Swearware) -- C:\Users\Boris\Desktop\ComboFix.exe
[2012/06/05 10:37:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/05 06:18:01 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/04 23:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/04 23:57:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/04 23:56:26 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/06/04 23:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/06/04 23:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/06/04 23:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/04 23:18:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/06/03 20:58:57 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2012/06/03 20:58:57 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2012/06/03 20:58:57 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2012/06/03 20:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2012/06/03 20:57:24 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drvc.dll
[2012/06/03 20:57:24 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2012/06/03 20:57:24 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
[2012/06/03 20:57:24 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2012/06/03 20:57:24 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
[2012/06/03 20:57:24 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2012/06/03 20:57:24 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2012/06/03 20:57:24 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2012/06/03 20:57:24 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
[2012/06/03 20:57:24 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
[2012/06/03 20:57:24 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2012/06/03 20:57:24 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2012/06/03 20:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2012/06/03 20:57:23 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2012/06/03 20:57:23 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2012/06/03 20:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2012/05/28 10:58:45 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\uTorrent
[2012/05/26 09:45:33 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{CA9A95B7-ADD3-4408-BF0B-C39B3929AD8E}
[2012/05/26 09:45:28 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{45202387-D79B-4061-BF55-1204DA8D84A0}
[2012/05/23 17:16:32 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{BAF274C4-F8E6-4FA3-8826-06800FFD635F}
[2012/05/23 17:16:29 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{65D32298-0FCD-4FF0-A3C6-F41D0EB4AE2D}
[2012/05/19 22:33:33 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{8B1CAF35-E4A0-408D-BEF4-8682D6E3E470}
[2012/05/19 22:33:30 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{A80ECC70-3152-437B-A1F3-400D50E17C9D}
[2012/05/19 07:57:54 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{B6873037-E24E-4D08-B185-B07849A672EB}
[2012/05/19 07:57:52 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{E426A70B-C2B1-4B5B-B8E5-B5B138F39F19}
[2012/05/16 12:32:30 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{56F04E7D-DA06-4D7F-9CA5-BF318CAC2AA7}
[2012/05/16 12:32:27 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{2F1BF0D6-6007-4270-887B-02F341E26491}
[2012/05/14 11:56:34 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{63B3E7ED-FB29-45D4-88F1-F2961BE0C624}
[2012/05/14 11:56:32 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{7E437570-C481-4AB0-A14B-ACB9EA9B48E5}
[2012/05/14 08:45:53 | 000,685,816 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/05/12 14:03:21 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{4849CD94-6CC3-43C0-92D3-EDB18640C37B}
[2012/05/12 14:03:19 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{D7FC1E66-475E-4132-A775-6679B7FA6618}
[2012/05/11 12:29:30 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{BAC5D7B2-955D-4054-B95B-AFD758AC3131}
[2012/05/11 12:29:28 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{CA0EC607-81F5-4ECE-9227-1E4DA420EBC8}
[2012/05/11 12:29:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{E2C3EE90-2A95-4345-B492-B7EDF30A69E5}
[2012/05/11 12:28:58 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{CECA781E-867B-422B-BB72-FEA9331BEFCC}
[2012/05/10 10:48:28 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{342E2014-6C4F-4CA9-84FE-FE70E4D0D4D5}
[2012/05/10 10:48:25 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{EB763644-D427-45E2-9550-AE5CD6ABBF4D}
[2012/05/09 07:05:00 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/09 07:04:59 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/09 07:04:58 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/09 07:04:56 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/09 07:04:56 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/09 07:04:55 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/09 07:04:55 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/09 07:04:55 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/08 20:40:53 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{2174536C-3407-4D0F-BBBC-C3FC552894C3}
[2012/05/08 20:40:51 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\{8E4FE846-8457-447C-954A-A54660FF0E97}

========== Files - Modified Within 30 Days ==========

[2012/06/05 17:20:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe
[2012/06/05 17:19:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/05 16:57:25 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/05 16:51:38 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/05 16:51:38 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/05 16:45:58 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/05 16:44:29 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[2012/06/05 16:44:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/05 16:44:22 | 1602,347,008 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/05 15:07:47 | 004,537,537 | R--- | M] (Swearware) -- C:\Users\Boris\Desktop\ComboFix.exe
[2012/06/05 00:00:51 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/05 00:00:51 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/04 23:18:49 | 194,845,403 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/04 22:22:24 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/04 22:22:24 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/03 22:17:09 | 000,000,524 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\.ptbt1
[2012/06/03 20:57:24 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2012/05/09 19:37:13 | 000,412,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/06/04 23:18:49 | 194,845,403 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/03 22:17:09 | 000,000,524 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\.ptbt1
[2012/06/03 20:58:57 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012/06/03 20:57:24 | 000,121,344 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.ax
[2012/06/03 20:57:24 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
[2012/06/03 20:57:24 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2012/06/03 20:57:24 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
[2012/06/03 20:57:24 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
[2012/06/03 20:57:24 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
[2012/06/03 20:57:24 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2012/06/03 20:57:24 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2012/06/03 20:57:23 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2012/06/03 20:57:23 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2012/06/03 20:57:23 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2012/04/21 21:03:21 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/04/21 20:11:48 | 000,005,632 | ---- | C] () -- C:\Users\Boris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/21 19:59:52 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/04/21 19:59:50 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/04/21 19:59:50 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/04/21 19:59:49 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2012/04/21 19:59:48 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/04/21 19:43:46 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.EXE >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=A302BBFF2A7278C0E239EE5D471D86A9 -- C:\Windows\System32\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 04:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/14 04:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 04:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/14 04:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/21 03:19:35 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/21 03:19:35 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/21 03:19:35 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/21 03:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/21 03:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/21 03:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/04/21 21:49:02 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/04/21 21:49:02 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/04/21 21:49:02 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/04/21 21:49:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/04/21 21:49:03 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/21 03:19:35 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/21 03:19:35 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/21 03:19:35 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/21 03:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/21 03:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/21 03:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/04/21 21:49:02 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/04/21 21:49:02 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/04/21 21:49:02 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/04/21 21:49:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/04/21 21:49:03 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Idi na:

http://www.mycity.rs/ambulanta-upload.php

i upload-uj sljedeći fajl:

C:\Windows\System32\ias.dll

offline
  • boksi  Male
  • Ugledni građanin
  • Pridružio: 11 Jun 2008
  • Poruke: 474

uplodovao sam...

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Instaliraj opet Aviru i vidi da li će ti opet da prijavi TR/ATRAPS.Gen2. Ukoliko ga prijavi, obavezno napiši koji fajl je detektovan (ili okači screenshot).

offline
  • boksi  Male
  • Ugledni građanin
  • Pridružio: 11 Jun 2008
  • Poruke: 474

Jel bolja Avira od AVG antivirusa?

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Nije ni bolja ni gora. Ono što nama treba jeste da saznamo koji fajl ti je detektovan pod nazivom TR/ATRAPS.Gen2.

offline
  • boksi  Male
  • Ugledni građanin
  • Pridružio: 11 Jun 2008
  • Poruke: 474

Napisano: 05 Jun 2012 20:34

Taj fajl nisam uspeo da nadjem Avira je ga nasla u Sistemu32 pod nazivom installer

Dopuna: 05 Jun 2012 20:51

Evo ga opet ovde


offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sljedećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obilježene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obilježi sve stavke i klikni Remove Selected.

Po završetku procesa, lizvještaj će se otvoriti u Notepad-u i iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, izvještaj će biti dostupan na Logs kartici (obeleži ga i klikni Open).

offline
  • boksi  Male
  • Ugledni građanin
  • Pridružio: 11 Jun 2008
  • Poruke: 474

Sta ovde da radim?


offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Klikni na Disable protection i pokreni Quick Scan i postavi izvještaj nakon skeniranja.

Ko je trenutno na forumu
 

Ukupno su 1039 korisnika na forumu :: 53 registrovanih, 9 sakrivenih i 977 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., arsa, Ben Roj, bladesu, brundo65, dankisha, Dimitrise93, Djokislav, Doca, DonRumataEstorski, Dorcolac, dragoljub11987, DragoslavS, Fog of War, Frunze, Georgius, glada, kinez88, kljift, Krusarac, kunktator, kybonacci, ljuba, lord sir giga, LUDI, Luka Blažević, M1los, Marko.anticc, marsovac 2, mercedesamg, milenko crazy north, nebkv, nemkea71, Parker, Romibrat, savaskytec, Shinobi, slonic_tonic, Smajser, Srky Boy, Steeeefan, Stoilkovic, theNedjeljko, tmanda323, uruk, VanHelsing, Vatreni Zmaj, VJ, Vlad000, Volkhov-M, zixmix, zlaya011, Čivi