[ s.makic @ 14.01.2009. 00:20 ] @
Imao sam problem sa otvaranjem particija C i D kad bi pokušao da ih otvorim nisam mogao, pokazivalo bi mi "c:\recycled\boot.com is not valid Win32 aplication" na ovom forumu sam našao da su i drugi imali isti problem i da su ih rešili putem HiJackThis log i Combofix log. Ja sam skinuo najpre Flash_Disinfector.exe postavio sam ga na Deskopu i kada sam ga startovao posle toga sve je radilo normalno. Skinuo sam i navedene programe i izvršio skeniranje, međutim potrebna mi je pomoć stručnaka da mi kaže kako da zanam šta od toga treba obrisati, i kako da ja kao laik navede programe naučim da koristim. U nastavku dajem logove

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56, on 2009-01-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Preuzmi sa FlashGet-om - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Preuzmi sve sa FlashGet-om - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9522 bytes

ComboFix 09-01-13.03 - Lazar 2009-01-13 22:01:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511.235 [GMT 1:00]
Running from: c:\documents and settings\Lazar\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 000737-2] *On-access scanning enabled* (Outdated)
AV: AVG 7.5.428 *On-access scanning enabled* (Outdated)

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\resycled
c:\resycled\boot.com
c:\windows\system32\hpowiax3.dll
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-13 21:18 . 2009-01-13 21:18 <DIR> d-------- c:\program files\Trend Micro
2009-01-13 00:13 . 2009-01-13 00:13 <DIR> d-------- c:\program files\Morton Benson
2009-01-13 00:13 . 2009-01-13 00:13 <DIR> d-------- c:\documents and settings\Lazar\WINDOWS
2009-01-13 00:13 . 1997-03-24 17:42 314,368 --a------ c:\windows\IsUninst.exe
2009-01-13 00:05 . 2009-01-13 00:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2009-01-13 00:03 . 2009-01-13 00:03 <DIR> d-------- c:\documents and settings\Lazar\Application Data\funkitron
2009-01-12 23:40 . 2009-01-12 23:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-12 23:37 . 2009-01-13 00:06 <DIR> d-------- C:\YuRecnik
2009-01-12 23:36 . 2009-01-12 23:36 <DIR> d-------- c:\program files\PDFCreator
2009-01-12 23:36 . 2000-05-22 17:58 647,872 --a------ c:\windows\system32\MSCOMCT2.OCX
2009-01-12 23:36 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
2009-01-12 23:36 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2009-01-12 23:36 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
2009-01-12 23:09 . 2009-01-12 23:09 227 --a------ C:\DelUS.BAT
2009-01-12 22:52 . 2009-01-12 23:09 <DIR> d-------- c:\program files\AVPersonal
2009-01-12 22:51 . 2009-01-12 22:51 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-12 22:49 . 2009-01-12 22:49 <DIR> d-------- c:\program files\BillP Studios
2009-01-12 22:49 . 2009-01-12 22:49 <DIR> d-------- c:\documents and settings\Lazar\Application Data\WinPatrol
2009-01-12 22:47 . 2009-01-12 22:47 <DIR> d-------- c:\documents and settings\LocalService\Application Data\AVG7
2009-01-12 22:47 . 2009-01-13 11:48 <DIR> d-------- c:\documents and settings\Lazar\Application Data\AVG7
2009-01-12 22:47 . 2009-01-12 22:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2009-01-12 22:47 . 2009-01-13 21:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg7
2009-01-12 22:45 . 2009-01-12 22:45 <DIR> d-------- c:\program files\IObit
2009-01-12 21:25 . 2009-01-12 21:33 <DIR> d-------- c:\program files\GameHouse Games II
2009-01-12 21:20 . 2009-01-12 21:20 <DIR> d-------- c:\windows\SSMaui Wowee
2009-01-12 21:20 . 1999-02-16 08:02 49,664 --a------ c:\windows\SSMaui Wowee.scr
2009-01-12 21:18 . 2004-09-20 16:00 802,816 --a------ c:\windows\FeedingFrenzy.scr
2009-01-12 21:17 . 2005-01-07 11:39 57,344 --a------ c:\windows\system32\Big Kahuna Reef.scr
2009-01-12 21:16 . 2009-01-12 21:23 <DIR> d-------- c:\program files\GameHouse Games Collection
2009-01-12 21:16 . 2005-08-03 13:48 389,120 --a------ c:\windows\Adventure Inlay.scr
2009-01-12 21:05 . 2003-03-18 22:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-01-12 21:04 . 2009-01-12 21:04 <DIR> d-------- c:\program files\AC3Filter
2009-01-12 21:04 . 2003-08-19 08:20 180,224 --a------ c:\windows\system32\ac3filter.cpl
2009-01-12 21:03 . 2009-01-12 21:03 <DIR> d-------- c:\program files\Alwil Software
2009-01-12 21:01 . 2009-01-12 21:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bluetooth
2009-01-12 20:56 . 2009-01-12 20:56 <DIR> d-------- c:\program files\Malicious Software Removal Tool
2009-01-12 20:52 . 2009-01-12 20:52 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-12 20:52 . 2006-05-12 05:03 6,144 --------- c:\windows\system32\kbdpash.dll
2009-01-12 20:52 . 2006-05-12 05:03 6,144 --------- c:\windows\system32\kbdnepr.dll
2009-01-12 20:52 . 2006-05-12 05:03 6,144 --------- c:\windows\system32\kbdiultn.dll
2009-01-12 20:52 . 2006-05-12 05:03 6,144 --------- c:\windows\system32\kbdbhc.dll
2009-01-12 20:51 . 2006-05-05 10:41 453,120 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-12 20:51 . 2006-06-01 19:47 163,840 -----c--- c:\windows\system32\dllcache\jgdw400.dll
2009-01-12 20:51 . 2006-06-01 19:47 27,648 -----c--- c:\windows\system32\dllcache\jgpl400.dll
2009-01-12 20:51 . 2005-06-15 11:43 18,200 --a------ c:\windows\system32\wups2.dll
2009-01-12 20:48 . 2006-04-19 12:50 17,152 -----c--- c:\windows\system32\dllcache\usbohci.sys
2009-01-12 20:47 . 2006-03-17 01:38 28,672 --------- c:\windows\system32\verclsid.exe
2009-01-12 20:34 . 2009-01-12 20:34 <DIR> d-------- c:\program files\Windows Journal Viewer
2009-01-12 20:32 . 2009-01-12 22:49 <DIR> d-------- c:\windows\Downloaded Installations
2009-01-12 20:32 . 2009-01-12 20:59 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-12 20:32 . 2009-01-12 20:32 <DIR> d-------- c:\program files\HighMAT CD Writing Wizard
2009-01-12 20:32 . 2005-01-28 13:44 5,525,504 --a------ c:\windows\system32\setb5.tmp
2009-01-12 20:30 . 2009-01-12 20:30 <DIR> d-------- c:\windows\system32\URTTEMP
2009-01-12 20:27 . 2009-01-12 20:28 <DIR> d-------- c:\program files\AutoPatcher
2009-01-12 20:21 . 2009-01-12 21:36 <DIR> d-------- C:\totalcmd
2009-01-12 20:21 . 2006-10-23 06:55 545 --a------ c:\windows\UC.PIF
2009-01-12 20:21 . 2006-10-23 06:55 545 --a------ c:\windows\RAR.PIF
2009-01-12 20:21 . 2006-10-23 06:55 545 --a------ c:\windows\PKZIP.PIF
2009-01-12 20:21 . 2006-10-23 06:55 545 --a------ c:\windows\PKUNZIP.PIF
2009-01-12 20:21 . 2006-10-23 06:55 545 --a------ c:\windows\NOCLOSE.PIF
2009-01-12 20:21 . 2006-10-23 06:55 545 --a------ c:\windows\LHA.PIF
2009-01-12 20:21 . 2006-10-23 06:55 545 --a------ c:\windows\ARJ.PIF
2009-01-12 20:21 . 2009-01-12 21:53 523 --a------ c:\windows\wincmd.ini
2009-01-12 20:20 . 2009-01-12 20:20 <DIR> d-------- c:\program files\CyberLink
2009-01-12 20:19 . 2009-01-12 20:19 <DIR> d-------- c:\program files\Google
2009-01-12 20:19 . 2009-01-12 20:19 <DIR> d-------- c:\program files\FlashGet
2009-01-12 20:18 . 2009-01-12 20:18 <DIR> d-------- C:\audiograbber
2009-01-12 20:15 . 2009-01-12 20:15 <DIR> d--hs---- c:\windows\ftpcache
2009-01-12 20:10 . 2009-01-12 20:10 <DIR> d-------- c:\program files\Acoustica CD Label Maker
2009-01-12 20:10 . 2009-01-12 20:10 <DIR> d-------- c:\documents and settings\Lazar\Application Data\Acoustica
2009-01-12 20:10 . 2003-08-15 13:55 348,160 --a------ c:\windows\system32\eSellerateEngine.dll
2009-01-12 20:08 . 2009-01-12 20:08 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-12 20:08 . 2009-01-12 20:08 <DIR> d-------- c:\program files\aod
2009-01-12 20:07 . 2009-01-12 20:07 <DIR> d-------- c:\program files\Real
2009-01-12 20:07 . 2009-01-12 20:08 <DIR> d-------- c:\program files\Common Files\Real
2009-01-12 20:06 . 2009-01-12 23:44 <DIR> d-------- c:\program files\DAP
2009-01-12 20:06 . 2009-01-12 20:06 479,298 --a------ c:\windows\system32\wbocx.ocx
2009-01-12 20:06 . 2009-01-12 20:06 172,032 --a------ c:\windows\system32\AniGIF.ocx
2009-01-12 20:06 . 2009-01-12 20:06 50,688 --a------ c:\windows\system32\wbhelp2.dll
2009-01-12 20:03 . 2009-01-12 20:03 <DIR> d-------- c:\program files\Smart Projects
2009-01-12 19:59 . 2009-01-12 19:59 <DIR> d-------- c:\program files\RADVideo
2009-01-12 19:51 . 2009-01-12 21:12 <DIR> d-------- c:\program files\Winamp
2009-01-12 19:51 . 2009-01-12 19:51 <DIR> d-------- c:\program files\Media Player Classic
2009-01-12 19:51 . 2006-08-25 04:47 129,784 --------- c:\windows\system32\pxafs.dll
2009-01-12 19:51 . 2006-08-25 04:47 2,560 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-01-12 19:51 . 2006-08-25 04:47 2,432 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-01-12 19:50 . 2009-01-12 19:50 <DIR> d-------- c:\program files\QuickTime
2009-01-12 19:50 . 2009-01-12 19:50 <DIR> d-------- c:\program files\Apple Software Update
2009-01-12 19:49 . 2009-01-12 19:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-12 19:48 . 2009-01-12 19:53 <DIR> d-------- c:\windows\system32\languages
2009-01-12 19:48 . 2009-01-12 19:52 678,918 --a------ c:\windows\system32\unins000.exe
2009-01-12 19:48 . 2006-10-14 01:50 397,312 --a------ c:\windows\system32\ff_libfaad2.dll
2009-01-12 19:48 . 2006-10-14 01:51 117,248 --a------ c:\windows\system32\ff_tremor.dll
2009-01-12 19:48 . 2006-10-02 13:45 37,888 --a------ c:\windows\system32\ffvdub.vdf
2009-01-12 19:48 . 2009-01-12 19:53 26,353 --a------ c:\windows\system32\unins000.dat
2009-01-12 19:48 . 2006-10-02 13:45 20,480 --a------ c:\windows\system32\makeAVIS.exe
2009-01-12 19:48 . 2006-10-02 13:44 6,656 --a------ c:\windows\system32\ffavisynth.dll
2009-01-12 19:48 . 2006-10-02 13:44 6,144 --a------ c:\windows\system32\FLT_ffdshow.dll
2009-01-12 19:48 . 2006-10-02 13:43 6,144 --a------ c:\windows\system32\ff_acm.acm
2009-01-12 19:48 . 2006-08-05 12:06 549 --a------ c:\windows\system32\makeAVIS.exe.manifest
2009-01-12 19:47 . 2009-01-12 19:52 <DIR> d-------- c:\program files\DivX
2009-01-12 19:47 . 2009-01-12 19:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-12 19:46 . 2009-01-12 19:46 <DIR> d-------- c:\program files\Startup List 2.02
2009-01-12 19:44 . 2009-01-12 19:45 <DIR> d-------- c:\program files\IZArc
2009-01-12 19:43 . 2009-01-12 19:43 <DIR> d-------- c:\program files\Yahoo!
2009-01-12 19:43 . 2009-01-12 19:43 <DIR> d-------- c:\program files\CCleaner
2009-01-12 19:42 . 2009-01-12 19:42 <DIR> d-------- c:\program files\GRETECH
2009-01-12 19:42 . 2009-01-12 19:42 <DIR> d-------- c:\documents and settings\Lazar\Application Data\GRETECH
2009-01-12 19:42 . 2009-01-12 19:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\GRETECH
2009-01-12 19:40 . 2009-01-12 19:40 0 --a------ c:\windows\nsreg.dat
2009-01-12 19:27 . 2009-01-12 19:27 <DIR> d-------- c:\documents and settings\Lazar\Application Data\HPAppData
2009-01-12 19:27 . 2009-01-12 19:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-01-12 19:25 . 2009-01-12 19:25 <DIR> d-------- c:\program files\Hewlett-Packard
2009-01-12 19:25 . 2009-01-12 19:25 <DIR> d-------- c:\program files\Common Files\HP
2009-01-12 19:25 . 2009-01-12 19:25 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-01-12 19:25 . 2009-01-12 19:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-01-12 19:25 . 2009-01-12 19:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-01-12 19:24 . 2009-01-12 19:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-01-12 19:24 . 2007-03-30 16:07 267,864 -ra------ c:\windows\system32\hpzids01.dll
2009-01-12 19:24 . 2007-03-28 14:01 117,760 --a------ c:\windows\system32\hpzll5ha.dll
2009-01-12 19:24 . 2007-03-08 05:20 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2009-01-12 19:24 . 2007-03-08 05:20 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2009-01-12 19:23 . 2007-03-17 17:11 569,344 -ra------ c:\windows\system32\hpotscl3.dll
2009-01-12 19:23 . 2007-03-08 05:20 364,544 -ra------ c:\windows\system32\hppldcoi.dll
2009-01-12 19:23 . 2007-03-08 05:20 309,760 -ra------ c:\windows\system32\difxapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 20:13 --------- d-----w c:\program files\GameFace Messenger
2009-01-12 20:12 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-12 20:12 --------- d-----w c:\program files\ASUS
2009-01-12 18:47 262,884 ----a-w c:\windows\IPUI_DivXG400.exe
2009-01-12 17:57 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-01-12 17:55 --------- d-----w c:\program files\WinFast
2009-01-12 17:53 --------- d-----w c:\program files\Common Files\Ahead
2009-01-12 17:52 --------- d-----w c:\documents and settings\Lazar\Application Data\Ahead
2009-01-12 17:51 --------- d-----w c:\program files\Nero
2009-01-12 17:46 --------- d-----w c:\program files\Common Files\Adobe
2009-01-12 17:44 --------- d-----w c:\program files\Marvell
2009-01-12 17:43 --------- d-----w c:\program files\Analog Devices
2009-01-12 17:39 --------- d-----w c:\program files\Intel
2009-01-12 17:35 --------- d-----w c:\program files\Windows Media Components
2009-01-12 17:35 --------- d-----w c:\program files\Common Files\Ulead Systems
2009-01-12 17:34 --------- d-----w c:\program files\Common Files\SONY Digital Images
2009-01-12 17:32 --------- d-----w c:\program files\Ulead Systems
2009-01-12 17:28 --------- d-----w c:\program files\VID_0E8F&PID_0003
2009-01-12 17:27 --------- d-----w c:\program files\VGA USB Camera
2009-01-12 17:27 --------- d-----w c:\program files\directx
2009-01-12 17:27 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-12 17:22 737,280 ----a-w c:\windows\iun6002.exe
2009-01-12 17:21 --------- d-----w c:\program files\ASUSTeK
2009-01-12 17:12 --------- d-----w c:\program files\microsoft frontpage
2006-10-11 08:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [2009-01-12 155896]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-09 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2006-10-30 69632]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-10-24 368640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-09-26 35328]
"DownloadAccelerator"="c:\progra~1\DAP\DAP.EXE" [2009-01-12 1119232]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-12 151597]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-01-12 406016]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2006-10-01 255552]
"nwiz"="nwiz.exe" [2005-12-09 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2009-01-12 146432]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-06-06 657168]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-01-12 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.asv2"= asusasv2.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= msaud32_divx.acm
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=

R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [2003-07-02 5248]
R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [2003-07-02 124160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-12 111184]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [2009-01-12 9446]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-12 20560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm
IE: Download &all with DAP - c:\progra~1\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Preuzmi sa FlashGet-om - c:\progra~1\FlashGet\jc_link.htm
IE: Preuzmi sve sa FlashGet-om - c:\progra~1\FlashGet\jc_all.htm
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Lazar\Application Data\Mozilla\Firefox\Profiles\5590utr6.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 22:03:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-13 22:04:58
ComboFix-quarantined-files.txt 2009-01-13 21:04:55

Pre-Run: 31,521,419,264 bytes free
Post-Run: 31,532,650,496 bytes free

277


Unapred zahvalan na pomoći.
[ kristi1 @ 14.01.2009. 09:24 ] @
Log je cist, uradi jos sledece
Start\ run\ kucaj Combofix /u ok
Sacekaj da se deinstalacija zavrsi.

Obrisano je sledece

Code:

C:\autorun.inf
C:\resycled
c:\resycled\boot.com
c:\windows\system32\hpowiax3.dll
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com
[ 93 Stefan @ 14.01.2009. 10:54 ] @
Nikako ne možeš da naučiš, za HijackThis logove imaš onu TOP Temu i samo postavi na one sajtove, a ComboFix samo pokreneš i on sve sam odradi, vidiš da ti je kristi1 napisao "obrisano je sledeće", a ne da ti moraš da se mučiš i sam nešto radiš. I samo zapamti šta treba da ukucaš u Run kad si završio sa ComboFix-om. Ti da bi znao to da analiziraš treba da poznaješ sistem i da znaš tačno gde se nalazi koji fajl, i pored toga da znaš da li je neki program čist, gde se nalaze njegovi fajlovi... I najvažnije je da moraš da nabubaš sve te fajlove napamet kako se pišu i da paziš na svako slovo (svchost je proces, virusi koriste scvhost...).
[ magna86 @ 14.01.2009. 16:14 ] @
Citat:
93 Stefan:
 Nikako ne možeš da naučiš, za HijackThis logove imaš onu TOP Temu i samo postavi na one sajtove, a ComboFix samo pokreneš i on sve sam odradi, vidiš da ti je kristi1 napisao "obrisano je sledeće", a ne da ti moraš da se mučiš i sam nešto radiš. I samo zapamti šta treba da ukucaš u Run kad si završio sa ComboFix-om. Ti da bi znao to da analiziraš treba da poznaješ sistem i da znaš tačno gde se nalazi koji fajl, i pored toga da znaš da li je neki program čist, gde se nalaze njegovi fajlovi... I najvažnije je da moraš da nabubaš sve te fajlove napamet kako se pišu i da paziš na svako slovo (svchost je proces, virusi koriste scvhost...).



hehe,mislis da je to tako jednostavno?
HJT se uci a oni sajtovi nisu 100% sigurni upravo zato sto svako pise svasta za linije
kod HJT linija bitno je da se proveri i CLSID a ne da se uzme zdravo za gotovo sta kaze analizator
CF je skripta a ne program,i on neodradjuje sve sam! vecinom odradi deo posla i ako se koristi nestrucno moze da osteti sistem
i nista se neuci napamet...
[ 93 Stefan @ 14.01.2009. 18:15 ] @
Dobro, sećam se da si mi pisao one skripte. Istina da mogu da se oštete razni programi kad nestručno lice piše skripte (za neupućene ne mislim na sebe) :)
To za te sajtove naravno, pola stvari koje mi nađe HJT ni nemaju u bazama, ali ipak bolje uz njihovu pomoć da se odradi čišćenje.
[ s.makic @ 15.01.2009. 11:47 ] @
Ukapirao sam da HiJackThis log i Combofix log služe da samo stručnjaci iz te oblasti mogu da analiziraju stanje, i ih ja kao laik nemogu koristiti za otklanjanje problema . Imam instalirana više antivirusna programa među njima AVG i Avast izvršio sam skeniranje kompletno sa svim programima i pokazuje mi da nema virusa, iz navedenih logova gospodin kristi 1 kaže da je log čist , međutim meni je u toku rada dva puta Avast je aktiviro alarm i pokazao virus na particiji c u template fascikli virus, oba puta sam startovao prebaci u kovčeg. Interesuje me ako je sve čisto jer tako pokazuju svi antivirusni programi koje imam odakle se pokrene ovaj virus. Hteo bih da naglasim da svi antivirusni programi koje koristim su besplatne verzije.
[ kristi1 @ 15.01.2009. 12:41 ] @
Ovako, ne mozes imati dva ili vise antivirusna programa na racunaru, odluci se samo za jedan, drugo ako hoces da uradimo jos jednu proveru postavices HijackThis log po sledecem uputstvu, i trece, sam si pustao ComboFix, znaci da verovatno nisi iskljucio AV program (u tvom slucaju dva) pa je pitanje kako je Cf odradio scan sistema i sta je sve prikazao.


Skini HiJackThis program:


Stavi ga u zaseban Folder na Desktop
Promeni naziv Foldera u ES2 i Programa u ES2.exe

* Pokreni HijackThis
* Izaberi opciju "Do a system scan and save the logfile"
* Na kraju skeniranja program ce izbaciti tekstualni log.
* taj log kopiraj ovde ( opcije copy / paste)

[ s.makic @ 15.01.2009. 22:28 ] @
Zaustavio sam Avast i AVG istalisao HiJackThis kao što mi je rečeno i evo loga posle skeniranja
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:03:00, on 16.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8446 bytes


evo i logo od Combofix
ComboFix 09-01-13.03 - Lazar 2009-01-15 23:58:37.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511.228 [GMT 1:00]
Running from: d:\programi\Bezbedonosni programi\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 000737-2] *On-access scanning disabled* (Outdated)

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
.

2009-01-15 22:23 . 2009-01-15 22:23 <DIR> d-------- c:\program files\Agent Chewer
2009-01-15 21:26 . 2009-01-15 21:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Oberon Media
2009-01-15 21:18 . 2009-01-15 21:18 876 --a------ c:\windows\$_hpcst$.hpc
2009-01-15 14:31 . 2009-01-15 14:31 <DIR> d-------- c:\program files\FlameRobin
2009-01-15 14:31 . 2009-01-15 14:31 <DIR> d-------- c:\program files\FirebirdClient
2009-01-15 14:30 . 2009-01-15 14:30 <DIR> d-------- c:\program files\MySQL
2009-01-15 14:29 . 2009-01-15 14:29 <DIR> d-------- c:\program files\HK-Software
2009-01-15 14:29 . 2007-09-05 20:34 569,344 --a------ c:\windows\system32\OdbcFb32.dll
2009-01-15 14:29 . 2005-01-09 17:46 29,637 --a------ c:\windows\system32\OdbcFb32.chm
2009-01-15 14:28 . 2009-01-15 14:28 <DIR> d-------- c:\program files\IBOConsole
2009-01-15 14:28 . 2009-01-15 14:28 <DIR> d-------- c:\documents and settings\Lazar\.iboconsole
2009-01-15 14:27 . 2009-01-15 14:27 <DIR> d-------- c:\program files\FirebirdClient 2.0
2009-01-15 14:26 . 2009-01-15 14:29 <DIR> d-------- c:\program files\Firebird
2009-01-15 14:26 . 2007-09-03 17:13 393,216 --a------ c:\windows\system32\GDS32.DLL
2009-01-15 14:23 . 2009-01-15 14:23 <DIR> d-------- c:\documents and settings\Lazar\Application Data\HK-Software
2009-01-15 14:20 . 2009-01-15 14:20 <DIR> d-------- C:\CSYSTEMS
2009-01-15 14:20 . 2009-01-15 14:20 7 --a------ c:\windows\INI2=No
2009-01-15 14:20 . 2009-01-15 14:20 7 --a------ c:\windows\INI1=No
2009-01-15 14:19 . 2009-01-15 14:19 <DIR> d-------- c:\program files\Microsoft
2009-01-15 13:52 . 2009-01-15 22:52 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-01-15 13:51 . 2009-01-15 22:52 <DIR> d-------- c:\windows\Internet Logs
2009-01-15 13:38 . 2009-01-15 13:38 <DIR> d-------- c:\program files\Lavasoft
2009-01-15 13:23 . 2009-01-15 13:23 <DIR> d-------- c:\program files\Hotkey CD Eject
2009-01-15 10:36 . 2009-01-15 10:53 521 --a------ c:\windows\system32\InTLub1.sys
2009-01-15 00:00 . 2009-01-15 00:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Aliasworlds
2009-01-14 23:41 . 2009-01-15 10:53 <DIR> d-------- c:\program files\Common Files\Sandlot Shared
2009-01-14 23:41 . 2009-01-15 10:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sandlot Games
2009-01-14 23:39 . 2009-01-14 23:39 <DIR> d-------- c:\documents and settings\Lazar\Application Data\Gaijin Ent
2009-01-14 23:37 . 2009-01-14 23:37 4,096 --a------ c:\windows\d3dx.dat
2009-01-14 23:30 . 2009-01-14 23:30 <DIR> d-------- c:\documents and settings\Lazar\Application Data\PlayFirst
2009-01-14 23:30 . 2009-01-14 23:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2009-01-14 23:21 . 2009-01-14 23:21 <DIR> d-------- c:\documents and settings\Lazar\Application Data\AdobeUM
2009-01-14 23:07 . 2009-01-15 22:52 2,560 --a------ c:\windows\_MSRSTRT.EXE
2009-01-14 22:54 . 2009-01-14 22:54 <DIR> d-------- c:\documents and settings\Lazar\Application Data\Malwarebytes
2009-01-14 22:54 . 2009-01-14 22:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-14 22:54 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 22:54 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-14 22:53 . 2009-01-14 22:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-14 16:22 . 2009-01-14 16:22 69 --a------ c:\windows\NeroDigital.ini
2009-01-14 01:59 . 2009-01-14 02:03 <DIR> d-------- c:\program files\Wise Disk Cleaner 3 Pro
2009-01-13 21:18 . 2009-01-13 21:18 <DIR> d-------- c:\program files\Trend Micro
2009-01-13 00:13 . 2009-01-13 00:13 <DIR> d-------- c:\program files\Morton Benson
2009-01-13 00:13 . 2009-01-13 00:13 <DIR> d-------- c:\documents and settings\Lazar\WINDOWS
2009-01-13 00:13 . 1997-03-24 17:42 314,368 --a------ c:\windows\IsUninst.exe
2009-01-13 00:05 . 2009-01-13 00:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2009-01-13 00:03 . 2009-01-13 00:03 <DIR> d-------- c:\documents and settings\Lazar\Application Data\funkitron
2009-01-12 23:40 . 2009-01-12 23:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-12 23:37 . 2009-01-13 00:06 <DIR> d-------- C:\YuRecnik
2009-01-12 23:36 . 2009-01-12 23:36 <DIR> d-------- c:\program files\PDFCreator
2009-01-12 23:36 . 2000-05-22 17:58 647,872 --a------ c:\windows\system32\MSCOMCT2.OCX
2009-01-12 23:36 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
2009-01-12 23:36 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2009-01-12 23:36 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
2009-01-12 22:52 . 2009-01-15 15:17 <DIR> d-------- c:\program files\AVPersonal
2009-01-12 22:51 . 2009-01-12 22:51 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-12 22:49 . 2009-01-12 22:49 <DIR> d-------- c:\program files\BillP Studios
2009-01-12 22:49 . 2009-01-12 22:49 <DIR> d-------- c:\documents and settings\Lazar\Application Data\WinPatrol
2009-01-12 22:47 . 2009-01-12 22:47 <DIR> d-------- c:\documents and settings\LocalService\Application Data\AVG7
2009-01-12 22:47 . 2009-01-15 10:33 <DIR> d-------- c:\documents and settings\Lazar\Application Data\AVG7
2009-01-12 22:47 . 2009-01-15 23:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg7
2009-01-12 22:45 . 2009-01-12 22:45 <DIR> d-------- c:\program files\IObit
2009-01-12 21:25 . 2009-01-12 21:33 <DIR> d-------- c:\program files\GameHouse Games II
2009-01-12 21:20 . 2009-01-12 21:20 <DIR> d-------- c:\windows\SSMaui Wowee
2009-01-12 21:20 . 1999-02-16 08:02 49,664 --a------ c:\windows\SSMaui Wowee.scr
2009-01-12 21:18 . 2004-09-20 16:00 802,816 --a------ c:\windows\FeedingFrenzy.scr
2009-01-12 21:17 . 2005-01-07 11:39 57,344 --a------ c:\windows\system32\Big Kahuna Reef.scr
2009-01-12 21:16 . 2009-01-12 21:23 <DIR> d-------- c:\program files\GameHouse Games Collection
2009-01-12 21:16 . 2005-08-03 13:48 389,120 --a------ c:\windows\Adventure Inlay.scr
2009-01-12 21:05 . 2003-03-18 22:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-01-12 21:04 . 2009-01-12 21:04 <DIR> d-------- c:\program files\AC3Filter
2009-01-12 21:04 . 2003-08-19 08:20 180,224 --a------ c:\windows\system32\ac3filter.cpl
2009-01-12 21:03 . 2009-01-12 21:03 <DIR> d-------- c:\program files\Alwil Software
2009-01-12 21:01 . 2009-01-12 21:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bluetooth
2009-01-12 20:56 . 2009-01-12 20:56 <DIR> d-------- c:\program files\Malicious Software Removal Tool
2009-01-12 20:52 . 2009-01-12 20:52 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-12 20:52 . 2006-05-12 05:03 6,144 --------- c:\windows\system32\kbdpash.dll
2009-01-12 20:52 . 2006-05-12 05:03 6,144 --------- c:\windows\system32\kbdnepr.dll
2009-01-12 20:52 . 2006-05-12 05:03 6,144 --------- c:\windows\system32\kbdiultn.dll
2009-01-12 20:52 . 2006-05-12 05:03 6,144 --------- c:\windows\system32\kbdbhc.dll
2009-01-12 20:51 . 2006-05-05 10:41 453,120 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-12 20:51 . 2006-06-01 19:47 163,840 -----c--- c:\windows\system32\dllcache\jgdw400.dll
2009-01-12 20:51 . 2006-06-01 19:47 27,648 -----c--- c:\windows\system32\dllcache\jgpl400.dll
2009-01-12 20:51 . 2005-06-15 11:43 18,200 --a------ c:\windows\system32\wups2.dll
2009-01-12 20:48 . 2006-04-19 12:50 17,152 -----c--- c:\windows\system32\dllcache\usbohci.sys
2009-01-12 20:47 . 2006-03-17 01:38 28,672 --------- c:\windows\system32\verclsid.exe
2009-01-12 20:34 . 2009-01-12 20:34 <DIR> d-------- c:\program files\Windows Journal Viewer
2009-01-12 20:32 . 2009-01-15 13:33 <DIR> d-------- c:\windows\Downloaded Installations
2009-01-12 20:32 . 2009-01-12 20:59 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-12 20:32 . 2009-01-12 20:32 <DIR> d-------- c:\program files\HighMAT CD Writing Wizard
2009-01-12 20:32 . 2005-01-28 13:44 5,525,504 --a------ c:\windows\system32\setb5.tmp
2009-01-12 20:30 . 2009-01-12 20:30 <DIR> d-------- c:\windows\system32\URTTEMP
2009-01-12 20:27 . 2009-01-12 20:28 <DIR> d-------- c:\program files\AutoPatcher
2009-01-12 20:21 . 2009-01-12 21:36 <DIR> d-------- C:\totalcmd
2009-01-12 20:21 . 2006-10-23 06:55 545 --a------ c:\windows\UC.PIF
2009-01-12 20:21 . 2006-10-23 06:55 545 --a------ c:\windows\RAR.PIF
2009-01-12 20:21 . 2006-10-23 06:55 545 --a------ c:\windows\PKZIP.PIF
2009-01-12 20:21 . 2006-10-23 06:55 545 --a------ c:\windows\PKUNZIP.PIF
2009-01-12 20:21 . 2006-10-23 06:55 545 --a------ c:\windows\NOCLOSE.PIF
2009-01-12 20:21 . 2006-10-23 06:55 545 --a------ c:\windows\LHA.PIF
2009-01-12 20:21 . 2006-10-23 06:55 545 --a------ c:\windows\ARJ.PIF
2009-01-12 20:21 . 2009-01-12 21:53 523 --a------ c:\windows\wincmd.ini
2009-01-12 20:20 . 2009-01-12 20:20 <DIR> d-------- c:\program files\CyberLink
2009-01-12 20:19 . 2009-01-12 20:19 <DIR> d-------- c:\program files\Google
2009-01-12 20:18 . 2009-01-12 20:18 <DIR> d-------- C:\audiograbber
2009-01-12 20:15 . 2009-01-12 20:15 <DIR> d--hs---- c:\windows\ftpcache
2009-01-12 20:10 . 2009-01-12 20:10 <DIR> d-------- c:\documents and settings\Lazar\Application Data\Acoustica
2009-01-12 20:10 . 2003-08-15 13:55 348,160 --a------ c:\windows\system32\eSellerateEngine.dll
2009-01-12 20:08 . 2009-01-12 20:08 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-12 20:08 . 2009-01-12 20:08 <DIR> d-------- c:\program files\aod
2009-01-12 20:07 . 2009-01-12 20:07 <DIR> d-------- c:\program files\Real
2009-01-12 20:07 . 2009-01-12 20:08 <DIR> d-------- c:\program files\Common Files\Real
2009-01-12 20:06 . 2009-01-12 23:44 <DIR> d-------- c:\program files\DAP
2009-01-12 20:06 . 2009-01-12 20:06 479,298 --a------ c:\windows\system32\wbocx.ocx
2009-01-12 20:06 . 2009-01-12 20:06 172,032 --a------ c:\windows\system32\AniGIF.ocx
2009-01-12 20:06 . 2009-01-12 20:06 50,688 --a------ c:\windows\system32\wbhelp2.dll
2009-01-12 20:03 . 2009-01-12 20:03 <DIR> d-------- c:\program files\Smart Projects
2009-01-12 19:59 . 2009-01-12 19:59 <DIR> d-------- c:\program files\RADVideo
2009-01-12 19:51 . 2009-01-12 21:12 <DIR> d-------- c:\program files\Winamp
2009-01-12 19:51 . 2009-01-12 19:51 <DIR> d-------- c:\program files\Media Player Classic
2009-01-12 19:51 . 2006-08-25 04:47 129,784 --------- c:\windows\system32\pxafs.dll
2009-01-12 19:51 . 2006-08-25 04:47 2,560 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-01-12 19:51 . 2006-08-25 04:47 2,432 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-01-12 19:50 . 2009-01-12 19:50 <DIR> d-------- c:\program files\QuickTime
2009-01-12 19:50 . 2009-01-12 19:50 <DIR> d-------- c:\program files\Apple Software Update
2009-01-12 19:49 . 2009-01-12 19:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 20:12 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-12 20:12 --------- d-----w c:\program files\ASUS
2009-01-12 18:47 262,884 ----a-w c:\windows\IPUI_DivXG400.exe
2009-01-12 17:57 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-01-12 17:55 --------- d-----w c:\program files\WinFast
2009-01-12 17:53 --------- d-----w c:\program files\Common Files\Ahead
2009-01-12 17:52 --------- d-----w c:\documents and settings\Lazar\Application Data\Ahead
2009-01-12 17:51 --------- d-----w c:\program files\Nero
2009-01-12 17:46 --------- d-----w c:\program files\Common Files\Adobe
2009-01-12 17:44 --------- d-----w c:\program files\Marvell
2009-01-12 17:43 --------- d-----w c:\program files\Analog Devices
2009-01-12 17:39 --------- d-----w c:\program files\Intel
2009-01-12 17:35 --------- d-----w c:\program files\Windows Media Components
2009-01-12 17:35 --------- d-----w c:\program files\Common Files\Ulead Systems
2009-01-12 17:34 --------- d-----w c:\program files\Common Files\SONY Digital Images
2009-01-12 17:32 --------- d-----w c:\program files\Ulead Systems
2009-01-12 17:28 --------- d-----w c:\program files\VID_0E8F&PID_0003
2009-01-12 17:27 --------- d-----w c:\program files\VGA USB Camera
2009-01-12 17:27 --------- d-----w c:\program files\directx
2009-01-12 17:27 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-12 17:22 737,280 ----a-w c:\windows\iun6002.exe
2009-01-12 17:21 --------- d-----w c:\program files\ASUSTeK
2009-01-12 17:12 --------- d-----w c:\program files\microsoft frontpage
2006-10-11 08:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-15_22.34.04,81 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-14 22:07:28 2,560 ----a-w c:\windows\_MSRSTRT.EXE
+ 2009-01-15 21:52:20 2,560 ----a-w c:\windows\_MSRSTRT.EXE
+ 2009-01-15 22:54:39 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_668.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [2009-01-12 155896]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-09 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2006-10-30 69632]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-10-24 368640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-09-26 35328]
"DownloadAccelerator"="c:\progra~1\DAP\DAP.EXE" [2009-01-12 1119232]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-12 151597]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2006-10-01 255552]
"nwiz"="nwiz.exe" [2005-12-09 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-06-06 657168]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-01-12 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.asv2"= asusasv2.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= msaud32_divx.acm
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [2003-07-02 5248]
R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [2003-07-02 124160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-12 111184]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s [?]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [2009-01-12 9446]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-12 20560]
R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - SASDIFSV
*Deregistered* - SASENUM
*Deregistered* - SASKUTIL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm
IE: Download &all with DAP - c:\progra~1\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Preuzmi sa FlashGet-om
IE: Preuzmi sve sa FlashGet-om
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Lazar\Application Data\Mozilla\Firefox\Profiles\5590utr6.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 00:00:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-01-16 0:01:15
ComboFix-quarantined-files.txt 2009-01-15 23:01:12
ComboFix2.txt 2009-01-15 22:41:07
ComboFix3.txt 2009-01-15 21:35:11
ComboFix4.txt 2009-01-14 22:03:41

Pre-Run: 33.671.057.408 bytes free
Post-Run: 33,663,922,176 bytes free

278


[Ovu poruku je menjao s.makic dana 16.01.2009. u 00:07 GMT+1]
[ s.makic @ 17.01.2009. 19:35 ] @
Loga koji sam dobio skeniranjem HijackThis sam analizirao preko neta na sajtovima koji su dati na ovom forumu na temu „Automatska analiza HijackThis loga preko interneta“ , uporedio sam te analize i deo za koje mi je prikazano da su naj kritičniji čekirao sam i pritisnuo Fix checked. Međutim , kad sam CD automatski se nijedan nije podigo i otvorio, pokazao mi je sledeću grešku

E:\ Only part of a ReadProcessMemory or WriteProcessMemory request was completed.

Instalisao sve instalacione CD koje su mi došli uz kompjuter otvaranjem preko Open, međutim idalje kad ubacim CD nijedan se automatski ne otvori već moram da idem preko My computer stim sto sad mogu startovanjem E:\ . Ni CD na kojima je Microsoft ofiss ne podigne se automatski. Dali bi hteo neko da mi pomogne kako da ispravim ovaj problem da mi se CD automatski podignu prilikom ubacivanja u kompjuter.
Hteo bih da naglasim da treba vrlo pažljivo postupati i sa savetima datim od stručnih sajtova jasam, pokušao da rešim jedan problem a napravio sam drzgi koji nikako nemogu da rešim.


[Ovu poruku je menjao s.makic dana 17.01.2009. u 20:52 GMT+1]
[ Davor Stanković @ 17.01.2009. 20:02 ] @
Ako sam ja tebe dobro shvatio, hoces da ti se pokrene auto run kada ubacis CD/DVD u racunar...

Ako si na to mislio, ides run i kucas services.msc i nadjes proces pod nazivom Shell Hardware Detection
i ides desni klik i properties i onda oznacis samo enable(started) i to je to .)

Dalje, automatska analiza Hijack this loga preko neta nije potpuno pouzdana i uvijek su moguce greske, tako da se ne mozes samo pouzdati u te sajtove...
[ s.makic @ 17.01.2009. 23:30 ] @
Da hteo sam da se pokrene auto run kada ubacis CD/DVD u racunar, znači u zavisnosti štaje na DVD/CD ako je prazan nudi opciju narezivanja , ako je medija fil nudi dvd plejer i td., tako mi je radio kompjuter , uradio sam kao što mi je rečeno išo sam na run i kucao services.msc i našo proces pod nazivom Shell Hardware Detection desni klik i properties oznacno je enable(started). U Description stoji: Provides notifications for AutoPlay hardware events.
Pokušao sam da povratim pređašnje stanje korišćenjem alatke oporavak sistema vračanjem u predhodno stanje, međutim ništa.
Posle skeniranja sa HijackThis izbrisao sam sledeće stvari:
Logfile of Trend Micro HijackThis v2.0.2
C:\PROGRA~1\DAP\DAP.EXE

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

Neznam šta je od ovoga poremetilo kompjuter kako to da vratim da bi mi kompjuter radio kao pre.
Hvala na pomoći unapred.
[ magna86 @ 18.01.2009. 00:16 ] @
bravo...pobrisao si sve legitimne stvari
nista od ovog sto si napisao nisu maliciozne linije...ali nista
pokreni HJT izaberi trecu opciju
View list of backups
moli boga da je becupovao
SVE to vrati nazad
[ s.makic @ 18.01.2009. 16:14 ] @
Nažalost nije becupovao, ove stavke izbrisao sam jer je stajalo:
Bad - Remove almost always
dali postoji drugi način kako da važne stvari povrati. Ja sam pokušao vračanjem u stanje pre brisanja korišćenjem alatke oporavak sistema ali ništa. Instalisao sam sve instalacione CD koji mi došli uz kompjuter, al nezana da li sam ispravio grešu. Al i dalje pri ubacivanju CD/DVD u kompjuter automatski ne startuju, pokrečem ih preko My computer ali i tada se otvaraju sporije nego pre. Dasli ima neko ideju kako ovo da ispravim, a također me interesuje dali bi u krajnjem slučaju da se izvrši ponovna instalacija Windowsa XP ispravila ovo.
[ s.makic @ 18.01.2009. 22:35 ] @
Dali bi mogo neki stručnjak da mi pomogene da mi da na osnovu dosad navedenog savet kako da ispravim ovaj problem. U Shell Hardware Detection stoji „Provides notifications for AutoPlay hardware events“ . Što u prevodu znači da bi imao AutoPlay treba da instaliram provajdera koji će to obezbediti, a kojeg sam ja izbrisao . Ja nisam stručan i ne znam koj je to tpovajder, dali iz gore navedenih podataka može da se vidi koji je to provajder i ako može dali neko zna gde bi mogo da ga skinem. Unapred hvala na savetu.
[ s.makic @ 19.01.2009. 23:34 ] @
Idalje pokušavam da dobijem rešenje na ovaj moj problem. Pokušao sam preko Google da pronađem rešenje našao sam da su i drugi imali isti problem, da su ga rešili postavljanjem parametara na određene vrednosti i da im je proradilo, međutim kod mene su ti parametri na tim vrednostima ali i dalje kad ubacim CD ništa se ne otvara a zelim da mi se otvori prozor sa opcijama da li hocu da pustim plejer vidim foldere, pogledamslike i slicno.
Proverio sam servis Shell Hardware Detection (Provides notifications for AutoPlay hardware events) startovan je i postavljen na automatic startup.
U redzistriju HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom kljucu Autorun zadata mu je vrednost 1.
Dali neko zna zbog čega onda ovo neradi.


[Ovu poruku je menjao s.makic dana 20.01.2009. u 23:45 GMT+1]
[ Phikret @ 28.01.2009. 23:13 ] @
Ljudi da li su ovi zlocudni


Citat:
2009-01-26 17:57 . 2009-01-26 17:57 27,136 --a------ c:\windows\system32\wmk3820.exe
2009-01-26 17:57 . 2009-01-26 17:57 27,136 --a------ c:\windows\system32\uyd5574.exe
2009-01-26 17:57 . 2009-01-26 17:57 27,136 --a------ c:\windows\system32\smu8320.exe
2009-01-26 17:57 . 2009-01-26 17:57 27,136 --a------ c:\windows\system32\pya1244.exe
2009-01-26 17:57 . 2009-01-26 17:57 27,136 --a------ c:\windows\system32\gvb984.exe
2009-01-26 17:57 . 2009-01-26 17:57 27,136 --a------ c:\windows\system32\dym3019.exe
2009-01-26 17:57 . 2009-01-26 17:57 27,136 --a------ c:\windows\system32\csf3473.exe
2009-01-26 17:57 . 2009-01-26 17:57 27,136 --a------ c:\windows\system32\bjx1872.exe
2009-01-26 17:57 . 2009-01-26 17:57 27,136 --a------ c:\windows\system32\avk1374.exe
2009-01-26 17:57 . 2009-01-26 17:57 20,543 --a---


Ovo gore mi je izbacio ComboFix nakon ciscenja (obrisao cetiri fajla ali sam zaboravio koako se zovu. Jedan je bio errox2.exe cini mi se. Nakon toga sam opet pokrenuo CoboFix i izgubio sam taj log prethodni na zalost.). Evo dole HJT log fajla.



Imam neki system32/x Avast mi stalno javlja ali ne uspevam da ga ocistim poslednjom verzijom ComboFixa! Avast mu ne moze nista. POkusao sam i sa QuickSmash-om i opet nista. Mozda ga on i izbrise ali se ponovo vrati!

Evo loga HJT pa mi javite jesam li za infuziju!


Citat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:37 AM, on 29.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\WINDOWS\system32\wscntfy.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\VMSnap23.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Phikret\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Phikret\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Phikret\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Phikret\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Phikret\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Phikret\Desktop\HJT\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IFXSPMGT] c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NoGarbage] C:\Program Files\Avramovic Web Solutions\NoGarbage\NoGarbage.exe
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ Avast ] C:\WINDOWS\system32\avk1374.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E09AXLRD_311150750] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE" -m
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AutorunsDisabled
O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program Files\Executive Software\Diskeeper\ESIRegister.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1229547441156
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30299.www3.hp.com/edia.../install/gtdownhp.cab?1,0,0,94
O17 - HKLM\System\CCS\Services\Tcpip\..\{64B44E52-EC0B-42AF-90B7-2DFB5B6FFD61}: NameServer = 212.62.32.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - c:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe

--
End of file - 14213 bytes



Ovo je nakon ciscenja pomocu ComboFixa.
[ EKVAS @ 29.01.2009. 22:29 ] @
ako moze pomoc, nisam bas u ovoj struci ali trudim se da mi svi racunari ostanu citavi

slican problem kao prvi post, samo sto cim ukljucim modem adsl , zablokira racunar, nekako sam se izborio sa svim virusima
i sad sam odradio combo fix, po uputima, ako neko moze da da dijagnozu, ima li jos sta u racunaru

(za sad radi ok)

hvala

ComboFix 09-01-21.04 - Administrator 2009-01-30 9:14:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.248 [GMT 11:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
.

2009-01-30 08:31 . 2009-01-30 08:31 <DIR> d-------- c:\program files\Alwil Software
2009-01-29 20:02 . 2009-01-29 20:03 <DIR> d-------- c:\program files\Crawler
2009-01-28 03:24 . 2009-01-28 03:32 <DIR> d-------- c:\program files\All Sound Recorder XP
2009-01-28 03:24 . 2004-06-02 16:51 1,839,104 --a------ c:\windows\system32\NCTAudioFile2.dll
2009-01-28 03:24 . 2004-05-20 14:03 1,036,288 --a------ c:\windows\system32\NCTAudioInformation2.dll
2009-01-28 03:24 . 2004-06-04 16:07 724,992 --a------ c:\windows\system32\NCTAudioEditor2.dll
2009-01-28 03:24 . 2004-05-20 14:06 450,560 --a------ c:\windows\system32\NCTAudioTransform2.dll
2009-01-28 03:24 . 2004-06-04 16:05 315,392 --a------ c:\windows\system32\NCTAudioPlayer2.dll
2009-01-28 03:24 . 2004-05-20 14:05 307,200 --a------ c:\windows\system32\NCTAudioRecord2.dll
2009-01-27 08:20 . 2009-01-27 08:20 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-01-27 05:53 . 2009-01-27 05:53 <DIR> d-------- c:\users\Administrator\Application Data\streamripper
2009-01-26 01:03 . 2009-01-27 05:32 68 --a------ c:\windows\iltwain.ini
2009-01-26 00:39 . 2009-01-27 05:33 86 --a------ c:\windows\system32\ToleSec.ini
2009-01-22 04:43 . 2009-01-22 04:43 <DIR> d-------- c:\program files\SimAQUARIUM2
2009-01-22 04:43 . 2003-05-23 11:01 3,463,656 --a------ c:\windows\SimAQUARIUM2 Tank-1.scr
2009-01-22 04:43 . 2009-01-22 04:45 984 --a------ c:\windows\ssconf2.bin
2009-01-22 04:42 . 2009-01-29 19:57 <DIR> d-------- c:\users\All Users\Application Data\Laconic Software
2009-01-12 21:19 . 2009-01-12 21:19 <DIR> d-------- c:\users\Administrator\Bluetooth Software
2009-01-12 21:09 . 2009-01-12 21:09 <DIR> d-------- c:\program files\WIDCOMM
2009-01-12 20:36 . 2009-01-12 20:36 106,557 --a------ c:\windows\system32\btw_ci.dll
2009-01-12 20:11 . 2009-01-12 20:11 <DIR> d-------- c:\users\Administrator\Application Data\Blitware
2009-01-12 20:10 . 2009-01-12 20:11 <DIR> d-------- c:\program files\Driver Robot
2009-01-07 21:37 . 2009-01-07 21:37 <DIR> d-------- c:\program files\Common Files\L&H
2009-01-06 19:54 . 2009-01-06 19:54 79 --a------ c:\windows\wvlayer
2009-01-06 19:39 . 2009-01-06 19:39 <DIR> d-------- c:\users\Administrator\wvannot
2009-01-06 19:37 . 2009-01-06 19:37 335,872 --------- c:\windows\Setup1.exe
2009-01-06 19:37 . 2009-01-06 19:37 73,216 --a------ c:\windows\ST6UNST.EXE
2009-01-03 12:42 . 2009-01-03 12:42 6,166,040 --a------ c:\windows\system32\Cute-Dog-Screensaver.scr
2009-01-03 12:29 . 2009-01-23 03:46 <DIR> d-------- c:\program files\RelevantKnowledge
2009-01-03 12:29 . 2009-01-03 12:29 <DIR> d-------- c:\program files\3D Aqua Screensaver
2009-01-03 12:29 . 2000-07-15 00:00 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2009-01-03 12:29 . 2006-08-04 09:20 90,112 --a------ c:\windows\3DAqua2.scr
2009-01-03 12:29 . 2009-01-03 12:29 63 --a------ c:\windows\3DAqua2.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-29 21:47 --------- d-----w c:\users\Administrator\Application Data\Skype
2009-01-29 21:46 --------- d-----w c:\users\Administrator\Application Data\skypePM
2009-01-29 09:01 --------- d-----w c:\users\Administrator\Application Data\BitTorrent
2009-01-29 08:59 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-29 08:59 --------- d-----w c:\program files\NCH Software
2009-01-29 08:57 --------- d-----w c:\program files\Nextech
2009-01-29 08:56 --------- d-----w c:\program files\Winamp
2009-01-28 08:24 --------- d-----w c:\program files\Mv2Player
2009-01-27 18:57 --------- d-----w c:\users\Administrator\Application Data\BSplayer
2009-01-27 18:54 --------- d-----w c:\users\Administrator\Application Data\DNA
2009-01-27 18:50 --------- d-----w c:\program files\DNA
2009-01-27 01:34 --------- d-----w c:\program files\AdVantage
2009-01-21 17:59 --------- d-----w c:\program files\DivX
2009-01-07 10:38 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-18 06:40 --------- d-----w c:\program files\Opera
2008-12-09 08:20 --------- d---a-w c:\users\All Users\Application Data\TEMP
2008-12-08 12:08 33,824 ----a-w c:\windows\system32\drivers\oreans32.sys
2008-08-03 10:46 32 ----a-w c:\users\All Users\Application Data\ezsid.dat
2001-05-09 23:04 162,304 ----a-w c:\program files\UNWISE.EXE
2008-08-01 08:29 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-08-01 08:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-08-01 08:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080120080802\index.dat
2008-08-01 08:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2007-05-22 06:42 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\system32\user32.dll

2007-05-22 06:46 818688 92995334f993e6e49c25c6d02ec04401 c:\windows\system32\wininet.dll

2007-05-22 06:47 360704 1a5fb58fc6e970a308719a4ea49eb8b5 c:\windows\system32\drivers\tcpip.sys

2007-05-22 07:27 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba c:\windows\system32\ntkrnlpa.exe

2007-05-22 06:41 2321792 fbce44cce9d83687a4c68c955fb11e12 c:\windows\system32\ntoskrnl.exe

2007-05-22 06:40 1033216 42d32722b805d7df42d30487a0bcbd78 c:\windows\explorer.exe

2007-05-22 06:42 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\system32\spoolsv.exe

2007-05-22 06:42 295424 c29a5286e64d97385178452d5f307b98 c:\windows\system32\termsrv.dll

2007-05-22 06:40 985600 16f21882c96ee0136a92e867da94215c c:\windows\system32\kernel32.dll
.
((((((((((((((((((((((((((((( snapshot@2008-11-07_22.24.39.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-12 10:09:24 33,982 ----a-r c:\windows\Installer\{3F4EC965-28EF-45C3-B063-04B25D4E9679}\ARPPRODUCTICON.exe
- 2008-08-01 11:18:19 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-01-07 10:43:39 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-08-01 11:18:19 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-07 10:43:39 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-08-01 11:18:19 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-01-07 10:43:39 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-08-01 11:18:19 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-07 10:43:39 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-08-01 11:18:19 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-07 10:43:39 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-08-01 11:18:19 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-01-07 10:43:39 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-08-01 11:18:19 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-01-07 10:43:39 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-08-01 11:18:19 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-07 10:43:39 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-08-01 11:18:19 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-01-07 10:43:39 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-08-01 11:18:19 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-01-07 10:43:39 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-08-01 11:18:19 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-01-07 10:43:39 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-08-01 11:18:19 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-01-07 10:43:39 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-08-01 11:18:19 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-07 10:43:39 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-07 10:32:16 135,168 ----a-r c:\windows\Installer\{901E081A-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-07 10:39:04 167,936 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-01-07 10:39:04 2,560 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-01-07 10:39:04 81,920 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-01-07 10:39:03 34,304 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-01-07 10:39:04 8,192 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-01-07 10:39:04 3,584 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-01-07 10:39:04 114,688 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-01-07 10:39:04 16,384 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-01-07 10:39:04 30,720 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-01-07 10:39:04 22,528 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-01-07 10:39:03 45,056 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-01-07 10:39:03 90,112 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2000-08-30 21:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-30 21:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2004-07-06 02:37:44 7,168 ----a-w c:\windows\system32\akscoinst.dll
+ 2007-09-06 09:09:49 801,144 ----a-w c:\windows\system32\aswBoot.exe
+ 2001-01-21 16:25:24 32,768 ----a-w c:\windows\system32\ATHPRXY.DLL
+ 2007-09-06 09:00:07 95,608 ----a-w c:\windows\system32\AvastSS.scr
+ 2005-08-29 04:55:52 131,137 ----a-w c:\windows\system32\bt2k_ins.dll
+ 2005-08-29 05:02:06 73,728 ----a-w c:\windows\system32\BtAudioHelper.dll
+ 2005-08-29 05:02:28 135,168 ----a-w c:\windows\system32\btbigbmp.dll
+ 2005-08-29 04:49:42 159,744 ----a-w c:\windows\system32\btbip.dll
+ 2005-08-29 05:04:38 610,304 ----a-w c:\windows\system32\BTChooser.dll
+ 2005-08-29 05:12:42 413,755 ----a-w c:\windows\system32\btcss.dll
+ 2005-08-29 04:55:48 36,864 ----a-w c:\windows\system32\btdev.dll
+ 2005-08-29 05:05:50 114,688 ----a-w c:\windows\system32\bthcrp.dll
+ 2005-08-29 05:06:46 126,976 ----a-w c:\windows\system32\bthcrpui.dll
+ 2005-08-29 04:55:36 454,656 ----a-w c:\windows\system32\btins.dll
+ 2005-08-29 04:53:56 65,536 ----a-w c:\windows\system32\BTNCopy.dll
+ 2005-10-08 14:20:56 1,048,653 ----a-w c:\windows\system32\BTNeighborhood.dll
+ 2005-08-29 05:03:32 122,880 ----a-w c:\windows\system32\btosif.dll
+ 2005-08-29 05:07:48 159,744 ----a-w c:\windows\system32\btosif_notes.dll
+ 2005-08-29 05:08:02 200,704 ----a-w c:\windows\system32\btosif_ol.dll
+ 2005-08-29 05:08:34 139,264 ----a-w c:\windows\system32\btosif_olx.dll
+ 2005-08-29 05:07:06 90,112 ----a-w c:\windows\system32\btprn2k.dll
+ 2005-08-29 04:54:24 3,129,344 ----a-w c:\windows\system32\btrez.dll
+ 2005-08-29 04:54:02 90,112 ----a-w c:\windows\system32\btrezxp.dll
+ 2005-08-29 05:12:50 200,704 ----a-w c:\windows\system32\btsec.dll
+ 2005-08-29 05:04:12 208,896 ----a-w c:\windows\system32\btsendto.dll
+ 2005-08-29 05:11:30 73,728 ----a-w c:\windows\system32\btsendto_ie.dll
+ 2005-08-29 05:09:02 49,152 ----a-w c:\windows\system32\btsendto_notes.dll
+ 2005-08-29 05:10:54 172,032 ----a-w c:\windows\system32\btsendto_office.dll
+ 2005-08-29 05:10:16 73,728 ----a-w c:\windows\system32\btsendto_wab.dll
+ 2005-08-29 05:16:24 237,568 ----a-w c:\windows\system32\btwhidcs.dll
+ 2005-08-29 05:22:22 90,112 ----a-w c:\windows\system32\BtWiaExt.dll
+ 2005-08-29 05:15:20 843,776 ----a-w c:\windows\system32\BtWizard.dll
+ 2005-08-29 05:05:12 45,056 ----a-w c:\windows\system32\btwpimif.dll
+ 2005-08-29 05:02:24 102,400 ----a-w c:\windows\system32\BTXPPanel.dll
+ 2005-08-29 05:02:10 24,576 ----a-w c:\windows\system32\BtXpShell.dll
+ 2007-09-12 07:27:24 511,328 ----a-w c:\windows\system32\capicom.dll
+ 2005-08-09 23:16:58 50,176 ----a-w c:\windows\system32\CSH.DLL
- 2008-09-16 00:12:00 294,912 ----a-w c:\windows\system32\dpu10.dll
+ 2004-09-03 17:33:33 290,816 ----a-w c:\windows\system32\dpu10.dll
- 2008-09-16 00:12:00 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
+ 2004-09-03 17:37:38 602,112 ----a-w c:\windows\system32\dpuGUI10.dll
+ 2004-09-01 15:49:16 335,872 ----a-w c:\windows\system32\dpus10.dll
+ 2004-09-01 15:49:16 53,248 ----a-w c:\windows\system32\dpv10.dll
+ 2007-09-06 09:00:53 26,624 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2005-07-20 07:08:26 104,576 ----a-w c:\windows\system32\drivers\aksclass.sys
+ 2005-07-20 07:08:26 327,808 ----a-w c:\windows\system32\drivers\akshasp.sys
+ 2005-07-20 07:08:28 100,096 ----a-w c:\windows\system32\drivers\aksusb.sys
+ 2007-09-06 09:05:25 92,848 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2007-09-06 09:05:10 94,416 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2007-09-06 09:03:02 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2007-09-06 09:02:20 42,912 ----a-w c:\windows\system32\drivers\aswTdi.sys
+ 2002-11-15 01:15:08 148,794 ----a-w c:\windows\system32\drivers\bcbthub.sys
+ 2005-08-29 05:01:38 428,269 ----a-w c:\windows\system32\drivers\btaudio.sys
+ 2005-08-29 06:45:34 853,258 ----a-w c:\windows\system32\drivers\btkrnl.sys
+ 2005-08-29 04:55:18 30,363 ----a-w c:\windows\system32\drivers\btport.sys
+ 2005-08-29 04:51:48 148,360 ----a-w c:\windows\system32\drivers\btwdndis.sys
+ 2005-08-29 04:54:36 64,344 ----a-w c:\windows\system32\drivers\btwusb.sys
- 2004-08-03 12:59:56 36,352 ----a-w c:\windows\system32\drivers\disk.sys
+ 2004-08-03 11:59:56 36,352 ----a-w c:\windows\system32\drivers\disk.sys
+ 2007-03-28 09:29:12 131,944 ----a-w c:\windows\system32\drivers\symsnap.sys
- 2007-04-09 20:27:40 59,392 ----a-w c:\windows\system32\drivers\usbhub.sys
+ 2007-04-09 09:27:40 59,392 ----a-w c:\windows\system32\drivers\usbhub.sys
- 2004-08-03 12:58:46 15,104 ----a-w c:\windows\system32\drivers\usbscan.sys
+ 2004-08-03 11:58:46 15,104 ----a-w c:\windows\system32\drivers\usbscan.sys
+ 2007-03-28 09:29:10 37,864 ----a-w c:\windows\system32\drivers\v2imount.sys
+ 2007-03-28 09:23:50 14,072 ----a-w c:\windows\system32\drivers\vproeventmonitor.sys
+ 2007-03-28 09:49:42 128,104 ----a-w c:\windows\system32\drivers\WimFltr.sys
- 2008-11-07 11:22:15 126,912 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-11 03:01:08 132,480 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 00:56:44 4,096 ----a-w c:\windows\system32\ksuser.dll
+ 2004-08-03 13:56:44 4,096 ----a-w c:\windows\system32\ksuser.dll
+ 2001-11-14 02:56:00 1,802,240 ----a-w c:\windows\system32\lcppn21.dll
+ 1998-10-01 01:00:38 520,128 ----a-w c:\windows\system32\MAPI.DLL
+ 1998-03-25 13:00:00 38,160 ----a-w c:\windows\system32\MAPISRVR.EXE
- 2004-08-04 00:56:44 1,392,671 ----a-w c:\windows\system32\msvbvm60.dll
+ 2004-02-22 12:00:00 1,386,496 ----a-w c:\windows\system32\msvbvm60.dll
+ 2000-06-01 20:51:02 84,480 ----a-w c:\windows\system32\NSCMPS.DLL
+ 2000-06-01 20:51:50 34,240 ----a-w c:\windows\system32\NSERROR.DLL
+ 1998-12-08 07:53:58 212,480 ----a-w c:\windows\system32\PCDLIB32.DLL
- 2001-08-17 12:36:30 5,632 ----a-w c:\windows\system32\ptpusb.dll
+ 2001-08-17 11:36:30 5,632 ----a-w c:\windows\system32\ptpusb.dll
- 2004-08-03 14:56:46 159,232 ----a-w c:\windows\system32\ptpusd.dll
+ 2004-08-03 13:56:46 159,232 ----a-w c:\windows\system32\ptpusd.dll
+ 2004-09-01 15:49:17 3,375,104 ----a-w c:\windows\system32\qt-mt331.dll
+ 2005-08-29 04:54:36 64,344 ----a-w c:\windows\system32\ReinstallBackups\0002\DriverFiles\btwusb.sys
+ 2004-08-31 22:11:34 245,408 ----a-w c:\windows\system32\unicows.dll
+ 1998-06-17 13:00:00 89,360 ----a-w c:\windows\system32\VB5DB.DLL
+ 2005-10-08 14:20:32 581,693 ----a-w c:\windows\system32\wbtapi.dll
+ 2005-08-29 04:49:28 573,440 ----a-w c:\windows\system32\WidcommSdk.dll
- 2008-11-07 11:22:58 53,248 ----a-w c:\windows\temp\catchme.dll
+ 2009-01-29 22:19:05 53,248 ----a-w c:\windows\temp\catchme.dll
+ 2009-01-29 22:17:59 16,384 ----atw c:\windows\temp\Perflib_Perfdata_608.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]
2008-09-11 22:43 1780248 --a------ c:\program files\Mininova\tbMini.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMini.dll" [2008-09-11 1780248]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F592709F-FF4A-4862-B659-4AFABDA56312}"= "c:\program files\Mininova\tbMini.dll" [2008-09-11 1780248]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-12-06 167368]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2007-05-22 169984]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-05-22 c:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll

[HKLM\~\startupfolder\C:^Users^Administrator^Start Menu^Programs^Startup^Joost.lnk]
path=c:\users\Administrator\Start Menu\Programs\Startup\Joost.lnk
backup=c:\windows\pss\Joost.lnkStartup

[HKLM\~\startupfolder\C:^Users^Administrator^Start Menu^Programs^Startup^PicoPhone.lnk]
path=c:\users\Administrator\Start Menu\Programs\Startup\PicoPhone.lnk
backup=c:\windows\pss\PicoPhone.lnkStartup

[HKLM\~\startupfolder\C:^Users^Administrator^Start Menu^Programs^Startup^Visual Task Tips.lnk]
path=c:\users\Administrator\Start Menu\Programs\Startup\Visual Task Tips.lnk
backup=c:\windows\pss\Visual Task Tips.lnkStartup

[HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\users\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\users\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 03:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
--a------ 2008-07-14 17:30 884176 c:\program files\AdVantage\AdVantage.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2006-12-06 12:37 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-12-17 05:50 342848 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 11:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
--a------ 2007-08-20 19:42 495616 c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-07 21:48 155648 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-07 16:08 21686568 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-09-13 03:45 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\program files\\relevantknowledge\\rlvknlg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2008-08-02 16640]
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2008-08-02 26752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AAVMKER4
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWTDI
*NewlyCreated* - ASWUPDSV
*NewlyCreated* - AVAST!_ANTIVIRUS
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11645919-868e-11dd-b419-00508d75912a}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
.
Contents of the 'Scheduled Tasks' folder

2009-01-12 c:\windows\Tasks\DriverRobot.job
- c:\program files\Driver Robot\DriverRobot.exe [2009-01-10 05:26]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/star
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-30 09:19:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Crypserv.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
.
**************************************************************************
.
Completion time: 2009-01-30 9:20:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-29 22:20:40

Pre-Run: 5,508,112,384 bytes free
Post-Run: 5,836,435,456 bytes free

387
[ djerro @ 25.05.2010. 18:21 ] @
Moze pomoc?Windows update neradi,error 80072efe.Avira posle svakog updatea trazi restart kompa(do sada nije trazila).Combofix je naso aktivnost rotkita,ali se on uporno vraca... evo logo od HiJackthis i Combofix.Hvala.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:16:32 PM, on 5/25/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\vmnat.exe
C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TC UP\PLUGINS\Media\Notepad++\notepad++.exe
C:\Program Files\MODEM Mobile Connection\MODEM Mobile Connection.exe
C:\Program Files\Flock\flock.exe
C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\stpass.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet download manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet download manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet download manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet download manager\IEExt.htm
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8E46CA6-EC36-4AB6-B6D2-5E7EC5452466}: NameServer = 195.178.38.3 195.178.38.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: Windows7FirewallService - Sphinx Software - C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe

--
End of file - 6139 bytes











ComboFix 10-05-19.08 - Djerrro 05/25/2010 18:53:20.7.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1984.1310 [GMT 2:00]
Running from: c:\users\Djerrro\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.

2010-05-25 17:00 . 2010-05-25 17:00 -------- d-----w- c:\users\Djerrro\AppData\Local\temp
2010-05-25 17:00 . 2010-05-25 17:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-25 17:00 . 2010-05-25 17:00 -------- d-----w- c:\users\Neso i Sanja\AppData\Local\temp
2010-05-25 17:00 . 2010-05-25 17:00 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-05-25 17:00 . 2010-05-25 17:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-25 17:00 . 2010-05-25 17:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-05-25 17:00 . 2010-05-25 17:00 -------- d-----w- c:\users\__vmware_user__\AppData\Local\temp
2010-05-25 16:04 . 2010-05-25 16:04 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-05-25 16:04 . 2010-05-25 16:04 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-05-25 16:04 . 2010-05-25 16:04 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-05-25 16:04 . 2010-05-25 16:04 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-05-25 15:55 . 2010-05-25 15:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-24 15:52 . 2010-05-24 15:52 -------- d-----w- c:\users\Djerrro\AppData\Roaming\WinPatrol
2010-05-24 15:52 . 2009-06-10 21:42 24 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Autoexec.bat
2010-05-24 15:52 . 2009-06-10 21:42 10 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Config.sys
2010-05-23 19:48 . 2010-05-25 15:57 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TeraCopy
2010-05-23 19:48 . 2010-05-23 19:48 -------- d-----w- c:\program files\TeraCopy
2010-05-23 15:04 . 2010-05-23 15:04 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ABBYY
2010-05-23 14:59 . 2010-05-23 14:59 -------- d-----w- c:\program files\Common Files\ABBYY
2010-05-23 14:57 . 2010-05-23 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\ABBYY
2010-05-23 14:57 . 2010-05-23 16:35 -------- d-----w- c:\program files\ABBYY FineReader 10
2010-05-23 14:57 . 2010-05-23 14:57 -------- d-----w- c:\programdata\ABBYY
2010-05-23 13:43 . 2010-05-23 13:43 -------- d-----w- C:\Team17
2010-05-22 07:48 . 2010-05-22 07:48 -------- d-----w- c:\users\Djerrro\AppData\Roaming\EAST Technologies
2010-05-22 06:44 . 2010-05-22 12:55 47360 ----a-w- c:\users\Djerrro\AppData\Roaming\pcouffin.sys
2010-05-22 06:44 . 2010-05-22 06:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-22 06:41 . 2010-05-22 06:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Scooter Software
2010-05-21 20:57 . 2010-05-22 12:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Vso
2010-05-21 17:55 . 2010-02-26 14:26 220024 ----a-w- c:\windows\system32\sigcheck.exe
2010-05-20 18:40 . 2010-05-20 18:40 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Alzex
2010-05-19 19:02 . 2010-05-19 19:02 -------- d-----w- c:\windows\GameSave Manager
2010-05-19 16:53 . 2010-05-19 16:53 -------- d-----w- c:\programdata\complexbackup
2010-05-19 16:52 . 2010-05-19 16:52 -------- d-----w- c:\programdata\backup
2010-05-19 16:15 . 2010-05-19 16:15 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-19 16:15 . 2010-05-19 16:15 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-05-19 16:15 . 2010-05-19 16:15 35552 ----a-w- c:\windows\system32\wups.dll
2010-05-19 16:14 . 2010-05-19 16:14 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-05-19 16:14 . 2010-05-19 16:14 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-19 16:14 . 2010-05-19 16:14 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-05-19 16:14 . 2010-05-19 16:14 44768 ----a-w- c:\windows\system32\wups2.dll
2010-05-19 16:14 . 2010-05-19 16:14 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-19 16:14 . 2010-05-19 16:14 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-05-19 16:13 . 2010-05-24 17:02 -------- d-----w- c:\windows\system32\catroot2
2010-05-19 02:30 . 2010-05-19 02:30 -------- d-----w- c:\windows\Standalone System Sweeper
2010-05-18 18:22 . 2010-05-18 18:22 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Kaspersky Lab
2010-05-18 18:08 . 2010-05-18 18:08 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-17 17:38 . 2010-05-22 15:46 -------- d-----w- c:\program files\Google
2010-05-17 15:00 . 2010-05-25 16:00 -------- d-----w- c:\program files\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Local\Flock
2010-05-16 10:03 . 2010-05-16 10:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PE Explorer
2010-05-15 20:55 . 2010-05-15 20:55 -------- d-----w- c:\programdata\Everstrike
2010-05-15 20:55 . 2010-05-15 20:55 -------- d-----w- c:\program files\Universal Shield 4.3
2010-05-14 15:55 . 2010-05-14 15:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SeriousBit
2010-05-14 15:51 . 2007-01-05 15:55 116736 ----a-w- c:\windows\system32\RestoratorContextMenu.dll
2010-05-14 15:51 . 2010-05-14 15:51 -------- d-----w- c:\program files\Restorator 2009
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\programdata\TechSmith
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\program files\TechSmith
2010-05-13 18:59 . 2010-05-13 18:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-13 18:41 . 2010-05-13 18:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TechSmith
2010-05-13 17:02 . 2010-05-13 17:02 -------- d-----w- c:\users\Djerrro\AppData\Local\assembly
2010-05-13 16:22 . 2010-05-13 16:22 -------- d-----w- c:\users\Djerrro\AppData\Local\TechSmith
2010-05-12 19:24 . 2010-05-12 19:25 -------- d-----w- c:\programdata\SFlash
2010-05-12 19:20 . 2010-05-12 19:21 -------- d-----w- c:\programdata\Visual Watermark
2010-05-12 15:19 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-10 18:01 . 2009-09-09 14:43 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-05-10 18:01 . 2010-05-10 18:01 214448 ----a-w- c:\users\Djerrro\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-10 18:01 . 2010-05-10 18:08 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDM
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Internet download manager
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Softvnn
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Password Generator Professional
2010-05-09 19:49 . 2010-05-09 19:49 -------- d-----w- c:\users\Djerrro\AppData\Local\Office
2010-05-09 19:25 . 2010-05-09 20:12 -------- d-----w- c:\program files\FileZillaPortable
2010-05-08 20:27 . 2010-05-08 20:27 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PgcEdit
2010-05-08 20:06 . 2010-05-23 18:45 -------- d-----w- c:\program files\Trillian
2010-05-08 19:58 . 2010-05-08 19:58 -------- d-----w- c:\users\Djerrro\AppData\Local\BuildAGadget Content
2010-05-08 10:04 . 2010-05-08 10:09 -------- d-----w- c:\program files\HyperSnap 6
2010-05-07 22:27 . 2010-05-07 22:27 -------- d-----w- c:\program files\BTMPro
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Souptoys
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\programdata\Souptoys
2010-05-05 19:06 . 2010-05-05 19:06 -------- d-----w- c:\windows\system32\RightClickFiles
2010-05-05 17:08 . 2010-05-14 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\Runscanner.net
2010-05-05 17:01 . 2010-05-05 17:07 8107 ----a-w- c:\windows\w7dsd.reg
2010-05-05 17:01 . 2010-05-05 17:07 8089 ----a-w- c:\windows\w7dse.reg
2010-05-05 17:01 . 2010-05-05 17:01 233888 ----a-w- c:\windows\system32\DreamScene.dll
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__\AppData\Roaming\Winamp
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__
2010-05-03 12:24 . 2010-05-03 15:42 -------- d-----w- c:\program files\Winamp
2010-05-03 12:24 . 2010-05-03 12:30 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Winamp
2010-05-02 18:35 . 2010-05-18 15:58 -------- d-----w- c:\users\Djerrro\AppData\Local\ElevatedDiagnostics
2010-05-02 16:57 . 2010-05-12 20:12 -------- d-----w- c:\users\Djerrro\AppData\Local\Paint.NET
2010-05-02 11:15 . 2010-05-02 11:15 -------- d-----w- C:\PFiles
2010-05-02 10:52 . 2010-05-02 10:52 -------- d-----w- c:\program files\Windows Movie Maker 6.0
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\drivers\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\wbem\sr-Latn-CS
2010-05-01 22:13 . 2010-05-01 22:13 -------- d-----w- c:\program files\MSECache
2010-05-01 20:16 . 2010-05-20 16:32 -------- d-----w- c:\users\Neso i Sanja
2010-05-01 19:58 . 2010-05-07 19:09 -------- d-----w- c:\users\Djerrro\Destkop
2010-05-01 18:19 . 2010-05-01 18:19 -------- d-----w- c:\users\Djerrro\AppData\Roaming\HateML
2010-05-01 14:23 . 2010-05-01 14:23 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ArcticLine
2010-05-01 14:10 . 2010-05-01 14:10 4575232 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\gert.tls.dll
2010-05-01 13:46 . 2010-05-01 13:46 -------- d-----w- c:\windows\Sun
2010-05-01 13:30 . 2010-05-01 13:30 -------- d-----w- c:\program files\Common Files\Java
2010-05-01 13:29 . 2010-05-01 13:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 13:29 . 2010-05-01 13:29 -------- d-----w- c:\program files\Java
2010-05-01 09:49 . 2010-05-01 09:49 -------- d-----w- c:\programdata\TreeCardGames
2010-05-01 09:49 . 2010-05-01 09:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SolSuite
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-04-30 19:49 . 2010-05-01 14:11 -------- d-----w- c:\windows\PCHEALTH
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft.NET
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-30 19:48 . 2010-04-30 19:48 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-04-30 19:47 . 2010-04-30 19:47 -------- d-----w- c:\users\Djerrro\AppData\Local\Microsoft Help
2010-04-30 19:47 . 2010-05-02 08:32 -------- d-----w- c:\programdata\Microsoft Help
2010-04-30 19:01 . 2010-04-30 19:01 -------- d-----w- c:\users\Djerrro\AppData\Local\PreEmptive Solutions
2010-04-30 17:52 . 2010-05-22 14:07 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Thinstall
2010-04-30 17:46 . 2010-04-30 17:46 -------- d-----w- c:\users\Djerrro\AppData\Roaming\translateclient
2010-04-30 17:34 . 2010-05-24 19:52 -------- d-----w- c:\program files\Everything-1.2.1.451a
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-29 18:44 . 2010-05-08 09:46 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDMComp
2010-04-29 18:31 . 2010-05-01 13:42 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Trillian
2010-04-29 18:06 . 2010-04-29 18:07 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IcoFX
2010-04-29 15:26 . 2010-04-29 15:26 -------- d-----w- c:\users\Djerrro\AppData\Local\GHISLER
2010-04-29 15:22 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 13:43 . 2010-04-26 15:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-12 15:19 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-08 12:14 . 2010-05-08 12:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-02 08:46 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-04-30 20:09 . 2010-04-30 20:09 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-30 20:09 . 2010-04-30 20:09 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-04-30 20:09 . 2010-04-30 20:09 -------- d-----w- c:\program files\Interplay
2010-04-27 14:57 . 2010-04-27 14:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-26 20:20 . 2010-04-26 20:20 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\program files\Vimicro
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\users\Djerrro\AppData\Roaming\InstallShield
2010-04-26 19:17 . 2010-04-26 17:22 -------- d-----w- c:\programdata\Mozilla Firefox
2010-04-26 15:38 . 2010-04-26 15:38 -------- d-----w- c:\program files\Realtek
2010-04-12 08:44 . 2010-04-12 08:44 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2010-04-01 15:56 . 2010-04-26 17:22 155648 ----a-w- c:\programdata\Mozilla Firefox\softokn3.dll
2010-04-01 15:56 . 2010-04-26 17:22 98304 ----a-w- c:\programdata\Mozilla Firefox\nssdbm3.dll
2010-04-01 15:56 . 2010-04-26 17:22 249856 ----a-w- c:\programdata\Mozilla Firefox\freebl3.dll
2010-03-08 21:33 . 2010-04-26 17:01 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 12:48 . 2010-03-05 12:48 4254224 ----a-w- c:\windows\system32\qtp-mt334.dll
2010-03-05 12:48 . 2010-03-05 12:48 385544 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2010-03-05 12:48 . 2010-03-05 12:48 249872 ----a-w- c:\windows\system32\prgiso.dll
2010-03-05 12:48 . 2010-03-05 12:48 34392 ----a-w- c:\windows\system32\drivers\UimBus.sys
2010-03-05 12:48 . 2010-03-05 12:48 261416 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2010-02-27 12:07 . 2010-04-26 17:01 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07 . 2010-04-26 17:01 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-09-26 05:42 556416 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUpdateCheck"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-07-04 12:16 49152 ----a-w- c:\windows\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-09-30 09:15 387584 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-20 11:14 26192680 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 14:15 49152 ----a-w- c:\windows\vmsnap3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2009-10-22 02:59 129584 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows7FirewallControl"=c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-23 879104]
R3 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-19 1050440]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-03-18 475136]
R3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\Drivers\usbVM303.sys [2007-03-16 1474560]
R4 TJYJRIYL;TJYJRIYL;c:\users\Djerrro\AppData\Local\Temp\TJYJRIYL.exe [x]
R4 WUEZUW;WUEZUW;c:\users\Djerrro\AppData\Local\Temp\WUEZUW.exe [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-03-05 40560]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-22 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 372736]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files\Internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet download manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
.
------- File Associations -------
.
.scr=scr
.txt=txt
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85F20D01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84e4caa0
QueryNameProcedure -> 0x84e4cc30
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-05-25 19:03:36
ComboFix-quarantined-files.txt 2010-05-25 17:03

Pre-Run: 84,122,361,856 bytes free
Post-Run: 84,062,248,960 bytes free

- - End Of File - - C39B39966C779EEBB80D77D0A70D940C
[ magna86 @ 26.05.2010. 09:52 ] @
Pozdrav djerro.

Dobrodosao na Forum

1. Combofix se nikad ne pokrece na svoju ruku.
Zasto?
Uputstvo za koriscenje:
http://www.elitesecurity.org/t...e-programa-HijackThis-ComboFix
i komentar autora Combofix-a zasto ga ne pokretati.
http://www.techsupportforum.com/1829551-post6.html
ovo u stvari vazi za sve

2. Mogao si otvoristi novu temu ;) ..nema veze
3. Combofix je pokretan dva puta. Potreban mi je uvid u prvi log. Postavi mi C:/Combofix.txt

4.Skini AVZ program sa ovog linka na Desktop
http://devbuilds.kaspersky-labs.com/devbuilds/AVZ/avz4.zip

Raspakuj arhivu u neki Folder.
Pokreni AVZ dvoklikom na ovu ikonicu


idi na File / Custom Scripts;

*otvorice ti se novi prozor. tamo kopiraj sledece

Citat:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('c:\users\Djerrro\AppData\Local\Temp\TJYJRIYL.exe','');
QuarantineFile('c:\users\Djerrro\AppData\Local\Temp\WUEZUW.exe','');
StopService('TJYJRIYL');
StopService('WUEZUW');
DeleteService('TJYJRIYL');
DeleteService('WUEZUW');
DeleteFile('c:\users\Djerrro\AppData\Local\Temp\TJYJRIYL.exe');
DeleteFile('c:\users\Djerrro\AppData\Local\Temp\WUEZUW.exe');
BC_ImportDeletedList;
BC_Activate;
ExecuteSysClean;
RebootWindows(true);
end.


*Klikni na Run i sacekaj da skripta zavrsi.




6. Skini DDS Program na Desktop
http://download.bleepingcomputer.com/sUBs/dds.com

Dvoklikom pokreni dds.scr

Kad zavrsi, DDS ce otvoriti dva loga:
1. DDS.txt
2. Attach.txt

Oba izvestaja sacuvaj na Desktop.
Kopiraj mi DDS.txt
[ djerro @ 26.05.2010. 16:59 ] @
Pozdrav!Hvala na savetima.Prvi logo nepostoji,jer kad sam pokrenuo combofix,posle nekog vremena doslo je do plavog ekrana:
==================================================
Dump File : 052510-22354-01.dmp
Crash Time : 5/25/2010 6:47:37 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x82e57010
Parameter 3 : 0x8ab1b524
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+23e010
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16539 (win7_gdr.100226-1909)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\minidump\052510-22354-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
==================================================

Odradio sam sta si rekao evo loga:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Djerrro at 17:33:28.80 on Wed 05/26/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1984.1337 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\FLOCK\FLOCK.EXE
C:\Users\Djerrro\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uPolicies-explorer: NoUpdateCheck = 0 (0x0)
uPolicies-explorer: RestrictCpl = 0 (0x0)
uPolicies-explorer: DisallowCpl = 0 (0x0)
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-explorer: PreventItemCreationInUsersFilesFolder = 0 (0x0)
uPolicies-explorer: NoReadingPane = 0 (0x0)
uPolicies-explorer: NoPreviewPane = 0 (0x0)
uPolicies-explorer: DontSetAutoplayCheckbox = 0 (0x0)
uPolicies-explorer: NoCustomizeWebView = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: DisableThumbnails = 0 (0x0)
uPolicies-explorer: DisableThumbnailsOnNetworkFolders = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 0 (0x0)
uPolicies-explorer: NoCustomizeThisFolder = 0 (0x0)
uPolicies-explorer: NoWebView = 0 (0x0)
uPolicies-explorer: DontShowSuperHidden = 0 (0x0)
uPolicies-explorer: NoOnlinePrintsWizard = 0 (0x0)
uPolicies-explorer: NoPublishingWizard = 0 (0x0)
uPolicies-explorer: AlwaysShowClassicMenu = 0 (0x0)
uPolicies-explorer: ClearRecentProgForNewUserInStartMenu = 0 (0x0)
uPolicies-explorer: NoUserFolderInStartMenu = 0 (0x0)
uPolicies-explorer: NoSearchComputerLinkInStartMenu = 0 (0x0)
uPolicies-explorer: NoSearchProgramsInStartMenu = 0 (0x0)
uPolicies-explorer: NoSearchInternetInStartMenu = 0 (0x0)
uPolicies-explorer: NoSearchFilesInStartMenu = 0 (0x0)
uPolicies-explorer: NoSearchCommInStartMenu = 0 (0x0)
uPolicies-explorer: NoSMConfigurePrograms = 0 (0x0)
uPolicies-explorer: NoSMMyPictures = 0 (0x0)
uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
uPolicies-explorer: NoHelp = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-explorer: NoDisconnect = 0 (0x0)
uPolicies-explorer: NoNtSecurity = 0 (0x0)
uPolicies-explorer: GreyMSIAds = 0 (0x0)
uPolicies-explorer: ForceMaxRecentDocs = 0 (0x0)
uPolicies-explorer: NoStartMenuMyGames = 0 (0x0)
uPolicies-explorer: NoSMBalloonTip = 0 (0x0)
uPolicies-explorer: NoSMBalloonTips = 0 (0x0)
uPolicies-explorer: HideSCAVolume = 0 (0x0)
uPolicies-explorer: HideSCANetwork = 0 (0x0)
uPolicies-explorer: HideSCAPower = 0 (0x0)
uPolicies-explorer: HideSCABattery = 0 (0x0)
uPolicies-explorer: TaskbarNoNotification = 0 (0x0)
uPolicies-explorer: NoTaskGrouping = 0 (0x0)
uPolicies-explorer: TaskbarNoThumbnail = 0 (0x0)
uPolicies-explorer: TaskbarLockAll = 0 (0x0)
uPolicies-explorer: TaskbarNoResize = 0 (0x0)
uPolicies-explorer: TaskbarNoAddRemoveToolbar = 0 (0x0)
uPolicies-explorer: TaskbarNoDragToolbar = 0 (0x0)
uPolicies-explorer: TaskbarNoRedock = 0 (0x0)
uPolicies-explorer: RestrictWelcomeCenter = 0 (0x0)
uPolicies-explorer: NoWebServices = 0 (0x0)
uPolicies-explorer: NoFileUrl = 0 (0x0)
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
uPolicies-explorer: NoInplaceSharing = 0 (0x0)
uPolicies-explorer: UseFoldersInStartMenu = 0 (0x0)
uPolicies-explorer: TurnOffSPIAnimations = 0 (0x0)
uPolicies-explorer: PromptRunasInstallNetPath = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoThumbnailCache = 0 (0x0)
uPolicies-explorer: ForceCopyAclwithFile = 0 (0x0)
uPolicies-explorer: StartRunNoHOMEPATH = 0 (0x0)
uPolicies-system: HideLogonScripts = 0 (0x0)
mPolicies-explorer: UseDefaultTile = 0 (0x0)
mPolicies-explorer: NoWelcomeScreen = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
mPolicies-system: HideShutdownScripts = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-4-28 40560]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-1-13 15872]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-26 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-26 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-26 60936]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760]
R2 Windows7FirewallService;Windows7FirewallService;c:\program files\windows7firewallcontrol\Windows7FirewallService.exe [2010-4-26 372736]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2010-2-7 879104]
S3 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\common files\abbyy\finereader\10.00\licensing\pe\NetworkLicenseServer.exe [2009-12-10 814344]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-9-30 116736]
S3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-4-19 1050440]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-25 10064]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2010-4-26 475136]
S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [2010-4-26 1474560]

============== File Associations ===============

.scr=scr
.txt=txt

=============== Created Last 30 ================

2010-05-25 17:03:42 0 d-sh--w- C:\$RECYCLE.BIN
2010-05-25 16:47:22 239009429 ----a-w- c:\windows\MEMORY.DMP
2010-05-25 16:04:43 0 d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-05-25 16:04:43 0 d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-05-25 16:04:42 0 d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-05-25 16:04:42 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-05-25 15:55:33 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-24 15:52:32 0 d-----w- c:\users\djerrro\appdata\roaming\WinPatrol
2010-05-23 19:48:59 0 d-----w- c:\users\djerrro\appdata\roaming\TeraCopy
2010-05-23 19:48:36 0 d-----w- c:\program files\TeraCopy
2010-05-23 15:04:22 0 d-----w- c:\users\djerrro\appdata\roaming\ABBYY
2010-05-23 14:59:00 0 d-----w- c:\program files\common files\ABBYY
2010-05-23 14:57:18 0 d-----w- c:\programdata\ABBYY
2010-05-23 14:57:18 0 d-----w- c:\program files\ABBYY FineReader 10
2010-05-23 13:54:54 83 ----a-w- c:\windows\wwp.INI
2010-05-23 13:43:56 0 d-----w- C:\Team17
2010-05-22 07:48:44 0 d-----w- c:\users\djerrro\appdata\roaming\EAST Technologies
2010-05-22 06:44:57 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-22 06:44:57 47360 ----a-w- c:\users\djerrro\appdata\roaming\pcouffin.sys
2010-05-22 06:41:09 0 d-----w- c:\users\djerrro\appdata\roaming\Scooter Software
2010-05-21 17:55:58 220024 ----a-w- c:\windows\system32\sigcheck.exe
2010-05-20 18:40:59 0 d-----w- c:\users\djerrro\appdata\roaming\Alzex
2010-05-20 16:11:38 98816 ----a-w- c:\windows\sed.exe
2010-05-20 16:11:38 77312 ----a-w- c:\windows\MBR.exe
2010-05-20 16:11:38 256512 ----a-w- c:\windows\PEV.exe
2010-05-20 16:11:38 161792 ----a-w- c:\windows\SWREG.exe
2010-05-19 19:02:06 0 d-----w- c:\windows\GameSave Manager
2010-05-19 16:53:42 0 d-----w- c:\programdata\complexbackup
2010-05-19 16:52:58 0 d-----w- c:\programdata\backup
2010-05-19 16:15:07 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-19 16:14:58 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-05-19 16:14:58 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-19 16:14:49 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-19 16:13:38 0 d-----w- c:\windows\system32\catroot2
2010-05-19 02:30:36 0 d-----w- c:\windows\Standalone System Sweeper
2010-05-18 18:22:16 0 d-----w- c:\users\djerrro\appdata\roaming\Kaspersky Lab
2010-05-18 18:08:27 0 d-----w- c:\program files\Kaspersky Lab
2010-05-17 15:00:37 0 d-----w- c:\program files\Flock
2010-05-16 20:14:52 0 d-----w- c:\users\djerrro\appdata\roaming\Flock
2010-05-16 10:03:50 0 d-----w- c:\users\djerrro\appdata\roaming\PE Explorer
2010-05-15 20:55:26 0 d-----w- c:\programdata\Everstrike
2010-05-15 20:55:24 0 d-----w- c:\program files\Universal Shield 4.3
2010-05-14 15:55:19 0 d-----w- c:\users\djerrro\appdata\roaming\SeriousBit
2010-05-14 15:51:48 116736 ----a-w- c:\windows\system32\RestoratorContextMenu.dll
2010-05-14 15:51:46 0 d-----w- c:\program files\Restorator 2009
2010-05-13 19:00:50 0 d-----w- c:\programdata\TechSmith
2010-05-13 18:59:07 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-13 18:41:15 0 d-----w- c:\users\djerrro\appdata\roaming\TechSmith
2010-05-12 19:24:53 0 d-----w- c:\programdata\SFlash
2010-05-12 19:20:09 0 d-----w- c:\programdata\Visual Watermark
2010-05-12 17:31:40 218 ----a-w- c:\users\djerrro\.recently-used.xbel
2010-05-12 15:19:00 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-10 18:01:48 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-05-10 18:01:14 0 d-----w- c:\users\djerrro\appdata\roaming\IDM
2010-05-10 18:01:05 0 d-----w- c:\program files\Softvnn
2010-05-10 18:01:05 0 d-----w- c:\program files\Internet download manager
2010-05-10 16:00:23 0 d-----w- c:\users\djerrro\appdata\roaming\Password Generator Professional
2010-05-09 19:25:03 0 d-----w- c:\program files\FileZillaPortable
2010-05-08 20:27:21 0 d-----w- c:\users\djerrro\appdata\roaming\PgcEdit
2010-05-08 12:14:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-08 10:04:17 0 d-----w- c:\program files\HyperSnap 6
2010-05-07 22:27:40 0 d-----w- c:\program files\BTMPro
2010-05-06 18:39:10 0 d-----w- c:\users\djerrro\appdata\roaming\Souptoys
2010-05-06 18:39:10 0 d-----w- c:\programdata\Souptoys
2010-05-05 19:06:36 0 d-----w- c:\windows\system32\RightClickFiles
2010-05-05 17:01:26 8107 ----a-w- c:\windows\w7dsd.reg
2010-05-05 17:01:26 8089 ----a-w- c:\windows\w7dse.reg
2010-05-05 17:01:26 233888 ----a-w- c:\windows\system32\DreamScene.dll
2010-05-02 11:15:37 0 d-----w- C:\PFiles
2010-05-02 10:52:31 0 d-----w- c:\program files\Windows Movie Maker 6.0
2010-05-02 08:46:29 0 d-----w- c:\windows\sr-Latn-CS
2010-05-02 08:46:25 0 d-----w- c:\windows\system32\drivers\sr-Latn-CS
2010-05-02 08:46:24 0 d-----w- c:\windows\system32\wbem\sr-Latn-CS
2010-05-01 22:13:26 0 d-----w- c:\program files\MSECache
2010-05-01 19:58:21 0 d-----w- c:\users\djerrro\Destkop
2010-05-01 18:19:01 0 d-----w- c:\users\djerrro\appdata\roaming\HateML
2010-05-01 14:23:19 0 d-----w- c:\users\djerrro\appdata\roaming\ArcticLine
2010-05-01 13:30:14 0 d-----w- c:\programdata\Sun
2010-05-01 13:29:47 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 10:24:53 83 ----a-w- c:\windows\wininit.ini
2010-05-01 09:49:19 0 d-----w- c:\programdata\TreeCardGames
2010-05-01 09:49:17 0 d-----w- c:\users\djerrro\appdata\roaming\SolSuite
2010-04-30 21:11:56 0 ----a-w- c:\windows\LiveBilliards,2.INI
2010-04-30 21:10:33 0 ----a-w- c:\windows\LiveBilliards,1.INI
2010-04-30 20:09:14 0 d-----w- c:\program files\Interplay
2010-04-30 19:49:31 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-04-30 19:49:15 0 d-----w- c:\windows\PCHEALTH
2010-04-30 19:49:15 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-30 19:48:16 0 d-----w- c:\program files\Microsoft Analysis Services
2010-04-30 19:47:45 0 d-----w- c:\programdata\Microsoft Help
2010-04-30 17:52:39 0 d-----w- c:\users\djerrro\appdata\roaming\Thinstall
2010-04-30 17:46:21 0 d-----w- c:\users\djerrro\appdata\roaming\translateclient
2010-04-30 17:34:00 0 d-----w- c:\program files\Everything-1.2.1.451a
2010-04-29 18:47:18 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-29 18:31:53 0 d-----w- c:\users\djerrro\appdata\roaming\Trillian
2010-04-29 18:06:59 0 d-----w- c:\users\djerrro\appdata\roaming\IcoFX
2010-04-29 15:22:20 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-29 15:22:04 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-29 15:22:04 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-29 15:21:57 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-29 14:32:16 69 ----a-w- c:\windows\NeroDigital.ini
2010-04-28 19:38:02 0 d-----w- c:\programdata\wipe
2010-04-28 18:58:46 0 d-----w- c:\programdata\Paragon
2010-04-28 18:46:23 0 d-----w- c:\programdata\explauncher
2010-04-28 18:46:21 0 d-----w- c:\programdata\launcher
2010-04-28 18:43:57 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-04-28 18:43:00 0 d-----w- c:\program files\Paragon Software
2010-04-28 18:03:00 0 d-----w- c:\users\djerrro\appdata\roaming\WebcamMax
2010-04-28 18:02:36 1053056 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys
2010-04-28 17:58:00 0 d-----w- c:\programdata\FLEXnet
2010-04-28 17:51:18 0 d-----w- c:\program files\common files\Macrovision Shared
2010-04-28 17:40:53 0 d-----w- c:\users\djerrro\appdata\roaming\inkscape
2010-04-28 17:23:05 0 d-----w- c:\programdata\Apple Computer
2010-04-28 17:22:36 0 d-----w- c:\programdata\Apple
2010-04-27 20:36:43 31 ----a-w- c:\windows\RHWDWIN.INI
2010-04-27 20:23:18 0 d-----w- c:\windows\XSxS
2010-04-27 19:58:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2010-04-27 19:58:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2010-04-27 19:58:45 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2010-04-27 19:58:45 258048 ----a-w- c:\windows\system32\imagXR7.dll
2010-04-27 19:58:45 1757184 ----a-w- c:\windows\system32\imagX7.dll
2010-04-27 19:58:44 0 d-----w- c:\programdata\Nero
2010-04-27 19:58:44 0 d-----w- c:\program files\Nero
2010-04-27 19:50:08 0 d-----w- c:\users\djerrro\appdata\roaming\XnView
2010-04-27 19:42:31 0 d-----w- c:\users\djerrro\appdata\roaming\HEXelon
2010-04-27 18:44:04 0 d-----w- c:\program files\VideoLAN
2010-04-27 18:23:42 0 d-----w- c:\program files\PowerISO
2010-04-27 14:57:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-27 08:45:45 82 ----a-w- c:\windows\mafosav.INI
2010-04-27 00:51:07 0 d-----w- c:\windows\Panther
2010-04-26 20:36:05 0 d-----w- c:\users\djerrro\.rainlendar2
2010-04-26 20:35:59 0 d-----w- c:\program files\Rainlendar2
2010-04-26 20:32:32 152848 ----a-w- c:\windows\system32\comdlg32.OCX
2010-04-26 20:32:32 124688 ----a-w- c:\windows\system32\mswinsck.ocx
2010-04-26 20:32:32 1081616 ----a-w- c:\windows\system32\mscomctl.OCX
2010-04-26 20:20:13 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-04-26 20:11:53 0 d-----w- c:\program files\WhereIsIt
2010-04-26 20:10:44 0 d-----w- c:\program files\SysTracer
2010-04-26 20:09:10 0 d-----w- c:\program files\Your Uninstaller 2010
2010-04-26 20:08:28 0 d-----w- c:\program files\Mario Forever
2010-04-26 19:59:11 0 d-----w- c:\program files\Webteh
2010-04-26 19:51:40 0 d-----w- c:\users\djerrro\appdata\roaming\BSplayer PRO
2010-04-26 19:39:34 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-04-26 19:39:34 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-04-26 19:39:29 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-04-26 19:39:25 395824 ----a-w- c:\windows\system32\vmnat.exe
2010-04-26 19:39:25 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-04-26 19:39:24 36400 ----a-r- c:\windows\system32\drivers\vmnetbridge.sys
2010-04-26 19:39:24 18736 ----a-r- c:\windows\system32\drivers\vmnet.sys
2010-04-26 19:39:23 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-04-26 19:39:17 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-04-26 19:39:12 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys
2010-04-26 19:38:25 0 d-----w- c:\program files\VMware
2010-04-26 19:30:32 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-04-26 19:29:48 0 d-----w- c:\program files\common files\VMware
2010-04-26 19:29:14 0 d-----w- c:\programdata\VMware
2010-04-26 19:25:13 0 d-----w- c:\program files\Vimicro
2010-04-26 19:18:02 0 d-----w- c:\users\djerrro\appdata\roaming\Avira
2010-04-26 19:16:31 0 d-----w- c:\windows\Profiles
2010-04-26 19:16:30 0 d---a-w- c:\programdata\TEMP
2010-04-26 19:16:30 0 d-----w- c:\users\djerrro\appdata\roaming\URSoft
2010-04-26 19:11:37 0 d-----r- C:\Sandbox
2010-04-26 18:22:26 2716 ----a-w- c:\windows\Sandboxie.ini
2010-04-26 18:22:19 0 d-----w- c:\program files\Sandboxie
2010-04-26 18:14:16 0 d-----w- c:\windows\system32\appmgmt
2010-04-26 18:03:21 0 d-----r- c:\program files\Skype
2010-04-26 18:03:17 0 d-----w- c:\programdata\Skype
2010-04-26 18:02:53 0 d-----w- c:\program files\Trend Micro
2010-04-26 17:57:36 0 d-----w- c:\program files\TC UP
2010-04-26 17:48:49 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-26 17:48:48 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-26 17:48:48 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-04-26 17:48:38 0 d-----w- c:\users\djerrro\appdata\roaming\TuneUp Software
2010-04-26 17:48:34 0 d-----w- c:\program files\TuneUp Utilities 2010
2010-04-26 17:48:21 0 d-----w- c:\programdata\TuneUp Software
2010-04-26 17:22:50 0 d-----w- c:\programdata\Mozilla Firefox
2010-04-26 17:07:05 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-26 17:05:05 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-04-26 17:05:05 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-04-26 17:05:04 507568 ----a-w- c:\windows\system32\winload.exe
2010-04-26 17:05:04 442920 ----a-w- c:\windows\system32\winresume.exe
2010-04-26 17:05:04 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-04-26 17:04:02 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-04-26 17:04:02 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-04-26 17:04:02 417792 ----a-w- c:\windows\system32\msdri.dll
2010-04-26 17:04:02 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-04-26 17:02:48 2614272 ----a-w- c:\windows\explorer.exe
2010-04-26 17:02:47 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-04-26 17:02:30 369152 ----a-w- c:\windows\system32\secproc.dll
2010-04-26 17:02:30 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-04-26 17:02:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-04-26 17:02:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-04-26 17:02:29 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-04-26 17:02:29 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-04-26 17:02:29 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-04-26 17:02:29 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-04-26 17:00:51 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-26 17:00:41 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-26 17:00:41 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-26 17:00:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-26 16:57:24 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-26 16:49:16 0 d-----w- c:\program files\SystemExplorerPortable
2010-04-26 16:39:41 0 d-----w- c:\users\djerrro\appdata\roaming\Malwarebytes
2010-04-26 16:29:45 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-04-26 16:29:44 0 d-----w- c:\windows\system32\SupportAppXL
2010-04-26 16:29:36 0 d-----w- c:\program files\MODEM Mobile Connection
2010-04-26 16:26:03 0 d-----w- c:\programdata\NVIDIA
2010-04-26 16:25:32 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-26 16:25:28 0 d-----w- C:\NVIDIA
2010-04-26 16:12:48 0 d-----w- c:\users\djerrro\appdata\roaming\DMCache
2010-04-26 16:05:22 0 d-----w- c:\programdata\DFX
2010-04-26 16:05:21 0 d-----w- c:\program files\DFX
2010-04-26 16:05:21 0 d-----w- c:\program files\common files\DFX
2010-04-26 16:03:26 0 d-----w- c:\program files\common files\PX Storage Engine
2010-04-26 15:58:40 0 d-----w- c:\programdata\WhereIsIt
2010-04-26 15:56:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-26 15:56:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 15:56:38 0 d-----w- c:\programdata\Malwarebytes
2010-04-26 15:56:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 15:45:41 0 d-----w- c:\programdata\Adobe
2010-04-26 15:40:55 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-26 15:40:54 0 d-----w- c:\programdata\Avira
2010-04-26 15:40:54 0 d-----w- c:\program files\Avira
2010-04-26 15:38:04 0 d-----w- c:\program files\Realtek

==================== Find3M ====================

2010-04-30 20:09:35 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-30 20:09:35 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-04-12 08:44:34 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 12:48:28 4254224 ----a-w- c:\windows\system32\qtp-mt334.dll
2010-03-05 12:48:14 249872 ----a-w- c:\windows\system32\prgiso.dll
2010-02-27 12:07:48 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07:48 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:34:07.19 ===============

[ magna86 @ 26.05.2010. 17:11 ] @

Ok. To bi bilo to. Kako ti sad radi komp?

Jos nesto sitno da proverim...
Ponovo pokreni Combofix i odradi skeniranje. Dobijeni log kopiraj ovde.
[ djerro @ 26.05.2010. 18:30 ] @
Isto.Nista novo.

ComboFix 10-05-19.08 - Djerrro 05/26/2010 19:13:40.8.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1984.1309 [GMT 2:00]
Running from: c:\users\Djerrro\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))
.

2010-05-26 17:20 . 2010-05-26 17:20 -------- d-----w- c:\users\Djerrro\AppData\Local\temp
2010-05-26 17:20 . 2010-05-26 17:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-26 17:20 . 2010-05-26 17:20 -------- d-----w- c:\users\Neso i Sanja\AppData\Local\temp
2010-05-26 17:20 . 2010-05-26 17:20 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-05-26 17:20 . 2010-05-26 17:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-26 17:20 . 2010-05-26 17:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-05-26 17:20 . 2010-05-26 17:20 -------- d-----w- c:\users\__vmware_user__\AppData\Local\temp
2010-05-25 17:15 . 2010-05-25 17:15 388096 ----a-r- c:\users\Djerrro\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-25 16:04 . 2010-05-25 16:04 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-05-25 16:04 . 2010-05-25 16:04 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-05-25 16:04 . 2010-05-25 16:04 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-05-25 16:04 . 2010-05-25 16:04 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-05-25 15:55 . 2010-05-25 18:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-24 15:52 . 2010-05-24 15:52 -------- d-----w- c:\users\Djerrro\AppData\Roaming\WinPatrol
2010-05-24 15:52 . 2009-06-10 21:42 24 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Autoexec.bat
2010-05-24 15:52 . 2009-06-10 21:42 10 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Config.sys
2010-05-23 19:48 . 2010-05-26 16:24 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TeraCopy
2010-05-23 19:48 . 2010-05-23 19:48 -------- d-----w- c:\program files\TeraCopy
2010-05-23 15:04 . 2010-05-23 15:04 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ABBYY
2010-05-23 14:59 . 2010-05-23 14:59 -------- d-----w- c:\program files\Common Files\ABBYY
2010-05-23 14:57 . 2010-05-23 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\ABBYY
2010-05-23 14:57 . 2010-05-23 16:35 -------- d-----w- c:\program files\ABBYY FineReader 10
2010-05-23 14:57 . 2010-05-23 14:57 -------- d-----w- c:\programdata\ABBYY
2010-05-23 13:43 . 2010-05-23 13:43 -------- d-----w- C:\Team17
2010-05-22 07:48 . 2010-05-22 07:48 -------- d-----w- c:\users\Djerrro\AppData\Roaming\EAST Technologies
2010-05-22 06:44 . 2010-05-22 12:55 47360 ----a-w- c:\users\Djerrro\AppData\Roaming\pcouffin.sys
2010-05-22 06:44 . 2010-05-22 06:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-22 06:41 . 2010-05-22 06:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Scooter Software
2010-05-21 20:57 . 2010-05-22 12:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Vso
2010-05-21 17:55 . 2010-02-26 14:26 220024 ----a-w- c:\windows\system32\sigcheck.exe
2010-05-20 18:40 . 2010-05-20 18:40 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Alzex
2010-05-19 19:02 . 2010-05-19 19:02 -------- d-----w- c:\windows\GameSave Manager
2010-05-19 16:53 . 2010-05-19 16:53 -------- d-----w- c:\programdata\complexbackup
2010-05-19 16:52 . 2010-05-19 16:52 -------- d-----w- c:\programdata\backup
2010-05-19 16:15 . 2010-05-19 16:15 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-19 16:15 . 2010-05-19 16:15 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-05-19 16:15 . 2010-05-19 16:15 35552 ----a-w- c:\windows\system32\wups.dll
2010-05-19 16:14 . 2010-05-19 16:14 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-05-19 16:14 . 2010-05-19 16:14 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-19 16:14 . 2010-05-19 16:14 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-05-19 16:14 . 2010-05-19 16:14 44768 ----a-w- c:\windows\system32\wups2.dll
2010-05-19 16:14 . 2010-05-19 16:14 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-19 16:14 . 2010-05-19 16:14 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-05-19 16:13 . 2010-05-26 17:13 -------- d-----w- c:\windows\system32\catroot2
2010-05-19 02:30 . 2010-05-19 02:30 -------- d-----w- c:\windows\Standalone System Sweeper
2010-05-18 18:22 . 2010-05-18 18:22 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Kaspersky Lab
2010-05-18 18:08 . 2010-05-18 18:08 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-17 17:38 . 2010-05-22 15:46 -------- d-----w- c:\program files\Google
2010-05-17 15:00 . 2010-05-26 16:55 -------- d-----w- c:\program files\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Local\Flock
2010-05-16 10:03 . 2010-05-16 10:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PE Explorer
2010-05-15 20:55 . 2010-05-15 20:55 -------- d-----w- c:\programdata\Everstrike
2010-05-15 20:55 . 2010-05-15 20:55 -------- d-----w- c:\program files\Universal Shield 4.3
2010-05-14 15:55 . 2010-05-14 15:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SeriousBit
2010-05-14 15:51 . 2007-01-05 15:55 116736 ----a-w- c:\windows\system32\RestoratorContextMenu.dll
2010-05-14 15:51 . 2010-05-14 15:51 -------- d-----w- c:\program files\Restorator 2009
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\programdata\TechSmith
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\program files\TechSmith
2010-05-13 18:59 . 2010-05-13 18:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-13 18:41 . 2010-05-13 18:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TechSmith
2010-05-13 17:02 . 2010-05-13 17:02 -------- d-----w- c:\users\Djerrro\AppData\Local\assembly
2010-05-13 16:22 . 2010-05-13 16:22 -------- d-----w- c:\users\Djerrro\AppData\Local\TechSmith
2010-05-12 19:24 . 2010-05-12 19:25 -------- d-----w- c:\programdata\SFlash
2010-05-12 19:20 . 2010-05-12 19:21 -------- d-----w- c:\programdata\Visual Watermark
2010-05-12 15:19 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-10 18:01 . 2009-09-09 14:43 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-05-10 18:01 . 2010-05-10 18:01 214448 ----a-w- c:\users\Djerrro\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-10 18:01 . 2010-05-10 18:08 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDM
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Internet download manager
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Softvnn
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Password Generator Professional
2010-05-09 19:49 . 2010-05-09 19:49 -------- d-----w- c:\users\Djerrro\AppData\Local\Office
2010-05-09 19:25 . 2010-05-09 20:12 -------- d-----w- c:\program files\FileZillaPortable
2010-05-08 20:27 . 2010-05-08 20:27 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PgcEdit
2010-05-08 20:06 . 2010-05-23 18:45 -------- d-----w- c:\program files\Trillian
2010-05-08 19:58 . 2010-05-08 19:58 -------- d-----w- c:\users\Djerrro\AppData\Local\BuildAGadget Content
2010-05-08 10:04 . 2010-05-08 10:09 -------- d-----w- c:\program files\HyperSnap 6
2010-05-07 22:27 . 2010-05-07 22:27 -------- d-----w- c:\program files\BTMPro
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Souptoys
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\programdata\Souptoys
2010-05-05 19:06 . 2010-05-05 19:06 -------- d-----w- c:\windows\system32\RightClickFiles
2010-05-05 17:08 . 2010-05-14 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\Runscanner.net
2010-05-05 17:01 . 2010-05-05 17:07 8107 ----a-w- c:\windows\w7dsd.reg
2010-05-05 17:01 . 2010-05-05 17:07 8089 ----a-w- c:\windows\w7dse.reg
2010-05-05 17:01 . 2010-05-05 17:01 233888 ----a-w- c:\windows\system32\DreamScene.dll
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__\AppData\Roaming\Winamp
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__
2010-05-03 12:24 . 2010-05-03 15:42 -------- d-----w- c:\program files\Winamp
2010-05-03 12:24 . 2010-05-03 12:30 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Winamp
2010-05-02 18:35 . 2010-05-18 15:58 -------- d-----w- c:\users\Djerrro\AppData\Local\ElevatedDiagnostics
2010-05-02 16:57 . 2010-05-12 20:12 -------- d-----w- c:\users\Djerrro\AppData\Local\Paint.NET
2010-05-02 11:15 . 2010-05-02 11:15 -------- d-----w- C:\PFiles
2010-05-02 10:52 . 2010-05-02 10:52 -------- d-----w- c:\program files\Windows Movie Maker 6.0
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\drivers\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\wbem\sr-Latn-CS
2010-05-01 22:13 . 2010-05-01 22:13 -------- d-----w- c:\program files\MSECache
2010-05-01 20:16 . 2010-05-20 16:32 -------- d-----w- c:\users\Neso i Sanja
2010-05-01 19:58 . 2010-05-07 19:09 -------- d-----w- c:\users\Djerrro\Destkop
2010-05-01 18:19 . 2010-05-01 18:19 -------- d-----w- c:\users\Djerrro\AppData\Roaming\HateML
2010-05-01 14:23 . 2010-05-01 14:23 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ArcticLine
2010-05-01 14:10 . 2010-05-01 14:10 4575232 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\gert.tls.dll
2010-05-01 13:46 . 2010-05-01 13:46 -------- d-----w- c:\windows\Sun
2010-05-01 13:30 . 2010-05-01 13:30 -------- d-----w- c:\program files\Common Files\Java
2010-05-01 13:29 . 2010-05-01 13:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 13:29 . 2010-05-01 13:29 -------- d-----w- c:\program files\Java
2010-05-01 09:49 . 2010-05-01 09:49 -------- d-----w- c:\programdata\TreeCardGames
2010-05-01 09:49 . 2010-05-01 09:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SolSuite
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-04-30 19:49 . 2010-05-01 14:11 -------- d-----w- c:\windows\PCHEALTH
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft.NET
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-30 19:48 . 2010-04-30 19:48 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-04-30 19:47 . 2010-04-30 19:47 -------- d-----w- c:\users\Djerrro\AppData\Local\Microsoft Help
2010-04-30 19:47 . 2010-05-02 08:32 -------- d-----w- c:\programdata\Microsoft Help
2010-04-30 19:01 . 2010-04-30 19:01 -------- d-----w- c:\users\Djerrro\AppData\Local\PreEmptive Solutions
2010-04-30 17:52 . 2010-05-25 18:42 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Thinstall
2010-04-30 17:46 . 2010-04-30 17:46 -------- d-----w- c:\users\Djerrro\AppData\Roaming\translateclient
2010-04-30 17:34 . 2010-05-24 19:52 -------- d-----w- c:\program files\Everything-1.2.1.451a
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-29 18:44 . 2010-05-08 09:46 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDMComp
2010-04-29 18:31 . 2010-05-01 13:42 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Trillian
2010-04-29 18:06 . 2010-04-29 18:07 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IcoFX
2010-04-29 15:26 . 2010-04-29 15:26 -------- d-----w- c:\users\Djerrro\AppData\Local\GHISLER

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 17:07 . 2010-04-26 16:29 -------- d-----w- c:\program files\MODEM Mobile Connection
2010-05-26 17:06 . 2010-04-26 15:22 -------- d-----w- c:\users\Djerrro\AppData\Roaming\uTorrent
2010-05-26 16:17 . 2010-04-26 16:12 -------- d-----w- c:\users\Djerrro\AppData\Roaming\DMCache
2010-05-23 13:43 . 2010-04-26 15:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-23 13:43 . 2010-04-26 15:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-15 18:55 . 2010-04-26 15:17 -------- d-----w- c:\programdata\Win7codecs
2010-05-15 14:25 . 2010-04-26 15:22 -------- d-----w- c:\program files\uTorrent
2010-05-12 15:19 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 09:21 . 2010-04-26 16:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-08 12:29 . 2010-04-26 16:26 -------- d-----w- c:\programdata\NVIDIA
2010-05-08 12:14 . 2010-05-08 12:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-03 15:42 . 2010-04-26 16:05 -------- d-----w- c:\program files\DFX
2010-05-02 16:06 . 2010-04-26 15:25 -------- d-----w- c:\program files\Windows7FirewallControl
2010-05-02 08:46 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-05-01 08:39 . 2010-04-26 15:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-30 20:09 . 2010-04-30 20:09 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-30 20:09 . 2010-04-30 20:09 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-04-30 20:09 . 2010-04-30 20:09 -------- d-----w- c:\program files\Interplay
2010-04-30 19:51 . 2010-04-26 15:48 108824 ----a-w- c:\users\Djerrro\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-29 13:39 . 2010-04-26 15:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-04-26 15:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 17:53 . 2010-04-26 15:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-28 15:07 . 2010-04-26 16:49 -------- d-----w- c:\program files\SystemExplorerPortable
2010-04-27 14:57 . 2010-04-27 14:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-26 20:20 . 2010-04-26 20:20 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-04-26 20:11 . 2010-04-26 15:58 -------- d-----w- c:\programdata\WhereIsIt
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\program files\Vimicro
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\users\Djerrro\AppData\Roaming\InstallShield
2010-04-26 19:17 . 2010-04-26 17:22 -------- d-----w- c:\programdata\Mozilla Firefox
2010-04-26 17:08 . 2010-04-26 15:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-26 16:39 . 2010-04-26 16:39 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Malwarebytes
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\programdata\DFX
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\users\Guest\AppData\Roaming\Winamp
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\users\Administrator\AppData\Roaming\Winamp
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\program files\Common Files\DFX
2010-04-26 16:03 . 2010-04-26 16:03 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-04-26 15:56 . 2010-04-26 15:56 -------- d-----w- c:\programdata\Malwarebytes
2010-04-26 15:47 . 2010-04-26 15:47 0 ----a-w- c:\windows\nsreg.dat
2010-04-26 15:40 . 2010-04-26 15:40 -------- d-----w- c:\programdata\Avira
2010-04-26 15:40 . 2010-04-26 15:40 -------- d-----w- c:\program files\Avira
2010-04-26 15:38 . 2010-04-26 15:38 -------- d-----w- c:\program files\Realtek
2010-04-26 15:27 . 2010-04-26 15:27 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Win7codecs
2010-04-26 15:27 . 2010-04-26 15:27 -------- d-----w- c:\program files\Win7codecs
2010-04-12 08:44 . 2010-04-12 08:44 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2010-04-01 15:56 . 2010-04-26 17:22 155648 ----a-w- c:\programdata\Mozilla Firefox\softokn3.dll
2010-04-01 15:56 . 2010-04-26 17:22 98304 ----a-w- c:\programdata\Mozilla Firefox\nssdbm3.dll
2010-04-01 15:56 . 2010-04-26 17:22 249856 ----a-w- c:\programdata\Mozilla Firefox\freebl3.dll
2010-03-08 21:33 . 2010-04-26 17:01 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 12:48 . 2010-03-05 12:48 4254224 ----a-w- c:\windows\system32\qtp-mt334.dll
2010-03-05 12:48 . 2010-03-05 12:48 385544 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2010-03-05 12:48 . 2010-03-05 12:48 249872 ----a-w- c:\windows\system32\prgiso.dll
2010-03-05 12:48 . 2010-03-05 12:48 34392 ----a-w- c:\windows\system32\drivers\UimBus.sys
2010-03-05 12:48 . 2010-03-05 12:48 261416 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2010-03-01 07:05 . 2010-04-26 15:40 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-27 12:07 . 2010-04-26 17:01 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07 . 2010-04-26 17:01 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 07:32 . 2010-04-26 17:00 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-26 17:00 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-26 17:00 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-05-25_17.01.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-26 17:55 . 2010-05-26 17:14 27406 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-05-26 17:14 42532 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-26 15:40 . 2010-05-26 17:05 28520 c:\windows\System32\drivers\ssmdrv.sys
- 2010-04-26 15:40 . 2010-05-25 15:23 28520 c:\windows\System32\drivers\ssmdrv.sys
+ 2010-04-26 23:56 . 2010-05-26 17:12 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-26 23:56 . 2010-05-25 16:52 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-26 23:56 . 2010-05-25 16:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-26 23:56 . 2010-05-26 17:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-05-25 16:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-05-26 17:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-01 10:18 . 2010-05-25 16:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-01 10:18 . 2010-05-26 17:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-01 10:18 . 2010-05-25 16:50 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-01 10:18 . 2010-05-26 17:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-01 10:18 . 2010-05-25 16:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-01 10:18 . 2010-05-26 17:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-26 15:41 . 2010-05-26 17:14 8434 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1696113728-3900944564-1100707938-1000_UserData.bin
+ 2010-05-26 17:12 . 2010-05-26 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-25 16:52 . 2010-05-25 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-26 17:12 . 2010-05-26 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-05-25 16:52 . 2010-05-25 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-26 15:24 . 2010-05-26 16:03 127550 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-09-26 05:42 556416 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUpdateCheck"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-07-04 12:16 49152 ----a-w- c:\windows\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-09-30 09:15 387584 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-20 11:14 26192680 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 14:15 49152 ----a-w- c:\windows\vmsnap3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2009-10-22 02:59 129584 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows7FirewallControl"=c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-23 879104]
R3 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-19 1050440]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-03-18 475136]
R3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\Drivers\usbVM303.sys [2007-03-16 1474560]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-03-05 40560]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-22 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 372736]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files\Internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet download manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
.
------- File Associations -------
.
.scr=scr
.txt=txt
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85EC3D01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84e4caa0
QueryNameProcedure -> 0x84e4cc30
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-05-26 19:23:37
ComboFix-quarantined-files.txt 2010-05-26 17:23
ComboFix2.txt 2010-05-25 17:03

Pre-Run: 78,542,966,784 bytes free
Post-Run: 78,482,759,680 bytes free

- - End Of File - - 77C3D78D5BB1F57B024CC283B0DB6EA4
[ magna86 @ 26.05.2010. 20:23 ] @
hm..moguca TDL3 infekcija

Skini program DeFogger na Desktop
http://www.jpshortstuff.247fixes.com/Defogger.exe

Pokreni DeFogger
Pojavice se MsgBox na kome ces kliknuti na taster Disable
Ponovo ce se pojaviti MsgBox na kome ces kliknuti na Yes


Sacekaj da program DeFogger zavrsi ,najverovatnije ce doci do restarta komjutera.

Posle ovoga ponovo pokreni Combofix i postavi mi svez log

[ djerro @ 27.05.2010. 17:26 ] @
Odradio sam.Pokrenuo Defogger,nije restertovao komp kad je zavrsio.Pokrenuo Combo i na pola plavi ekran....

==================================================
Dump File : 052710-23696-01.dmp
Crash Time : 5/27/2010 5:59:05 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000009
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x82ca5f95
Caused By Driver : halmacpi.dll
Caused By Address : halmacpi.dll+5924
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\minidump\052710-23696-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
==================================================
Nista,opet sam ga pokrenuo,skenirao ja dobrih pola sata.Evo loga:


ComboFix 10-05-26.03 - Djerrro 05/27/2010 18:05:04.9.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1984.1308 [GMT 2:00]
Running from: c:\users\Djerrro\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-04-27 to 2010-05-27 )))))))))))))))))))))))))))))))
.

2010-05-27 16:15 . 2010-05-27 16:16 -------- d-----w- c:\users\Djerrro\AppData\Local\temp
2010-05-27 16:15 . 2010-05-27 16:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-27 16:15 . 2010-05-27 16:15 -------- d-----w- c:\users\Neso i Sanja\AppData\Local\temp
2010-05-27 16:15 . 2010-05-27 16:15 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-05-27 16:15 . 2010-05-27 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-27 16:15 . 2010-05-27 16:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-05-27 16:15 . 2010-05-27 16:15 -------- d-----w- c:\users\__vmware_user__\AppData\Local\temp
2010-05-25 17:15 . 2010-05-25 17:15 388096 ----a-r- c:\users\Djerrro\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-25 16:04 . 2010-05-25 16:04 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-05-25 15:55 . 2010-05-25 18:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-24 15:52 . 2010-05-24 15:52 -------- d-----w- c:\users\Djerrro\AppData\Roaming\WinPatrol
2010-05-24 15:52 . 2009-06-10 21:42 24 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Autoexec.bat
2010-05-24 15:52 . 2009-06-10 21:42 10 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Config.sys
2010-05-23 19:48 . 2010-05-27 15:51 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TeraCopy
2010-05-23 19:48 . 2010-05-23 19:48 -------- d-----w- c:\program files\TeraCopy
2010-05-23 15:04 . 2010-05-23 15:04 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ABBYY
2010-05-23 14:59 . 2010-05-23 14:59 -------- d-----w- c:\program files\Common Files\ABBYY
2010-05-23 14:57 . 2010-05-23 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\ABBYY
2010-05-23 14:57 . 2010-05-23 16:35 -------- d-----w- c:\program files\ABBYY FineReader 10
2010-05-23 14:57 . 2010-05-23 14:57 -------- d-----w- c:\programdata\ABBYY
2010-05-23 13:43 . 2010-05-23 13:43 -------- d-----w- C:\Team17
2010-05-22 07:48 . 2010-05-22 07:48 -------- d-----w- c:\users\Djerrro\AppData\Roaming\EAST Technologies
2010-05-22 06:44 . 2010-05-22 12:55 47360 ----a-w- c:\users\Djerrro\AppData\Roaming\pcouffin.sys
2010-05-22 06:44 . 2010-05-22 06:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-22 06:41 . 2010-05-22 06:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Scooter Software
2010-05-21 20:57 . 2010-05-22 12:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Vso
2010-05-21 17:55 . 2010-02-26 14:26 220024 ----a-w- c:\windows\system32\sigcheck.exe
2010-05-20 18:40 . 2010-05-20 18:40 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Alzex
2010-05-19 19:02 . 2010-05-19 19:02 -------- d-----w- c:\windows\GameSave Manager
2010-05-19 16:53 . 2010-05-19 16:53 -------- d-----w- c:\programdata\complexbackup
2010-05-19 16:52 . 2010-05-19 16:52 -------- d-----w- c:\programdata\backup
2010-05-19 16:15 . 2010-05-19 16:15 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-19 16:15 . 2010-05-19 16:15 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-05-19 16:15 . 2010-05-19 16:15 35552 ----a-w- c:\windows\system32\wups.dll
2010-05-19 16:14 . 2010-05-19 16:14 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-05-19 16:14 . 2010-05-19 16:14 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-19 16:14 . 2010-05-19 16:14 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-05-19 16:14 . 2010-05-19 16:14 44768 ----a-w- c:\windows\system32\wups2.dll
2010-05-19 16:14 . 2010-05-19 16:14 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-19 16:14 . 2010-05-19 16:14 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-05-19 16:13 . 2010-05-26 17:13 -------- d-----w- c:\windows\system32\catroot2
2010-05-19 02:30 . 2010-05-19 02:30 -------- d-----w- c:\windows\Standalone System Sweeper
2010-05-18 18:22 . 2010-05-18 18:22 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Kaspersky Lab
2010-05-18 18:08 . 2010-05-18 18:08 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-17 17:38 . 2010-05-22 15:46 -------- d-----w- c:\program files\Google
2010-05-17 15:00 . 2010-05-27 15:15 -------- d-----w- c:\program files\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Local\Flock
2010-05-16 10:03 . 2010-05-16 10:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PE Explorer
2010-05-15 20:55 . 2010-05-15 20:55 -------- d-----w- c:\programdata\Everstrike
2010-05-15 20:55 . 2010-05-15 20:55 -------- d-----w- c:\program files\Universal Shield 4.3
2010-05-14 15:55 . 2010-05-14 15:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SeriousBit
2010-05-14 15:51 . 2007-01-05 15:55 116736 ----a-w- c:\windows\system32\RestoratorContextMenu.dll
2010-05-14 15:51 . 2010-05-14 15:51 -------- d-----w- c:\program files\Restorator 2009
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\programdata\TechSmith
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\program files\TechSmith
2010-05-13 18:59 . 2010-05-13 18:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-13 18:41 . 2010-05-13 18:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TechSmith
2010-05-13 17:02 . 2010-05-13 17:02 -------- d-----w- c:\users\Djerrro\AppData\Local\assembly
2010-05-13 16:22 . 2010-05-13 16:22 -------- d-----w- c:\users\Djerrro\AppData\Local\TechSmith
2010-05-12 19:24 . 2010-05-12 19:25 -------- d-----w- c:\programdata\SFlash
2010-05-12 19:20 . 2010-05-12 19:21 -------- d-----w- c:\programdata\Visual Watermark
2010-05-12 15:19 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-10 18:01 . 2009-09-09 14:43 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-05-10 18:01 . 2010-05-10 18:01 214448 ----a-w- c:\users\Djerrro\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-10 18:01 . 2010-05-10 18:08 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDM
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Internet download manager
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Softvnn
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Password Generator Professional
2010-05-09 19:49 . 2010-05-09 19:49 -------- d-----w- c:\users\Djerrro\AppData\Local\Office
2010-05-09 19:25 . 2010-05-09 20:12 -------- d-----w- c:\program files\FileZillaPortable
2010-05-08 20:27 . 2010-05-08 20:27 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PgcEdit
2010-05-08 20:06 . 2010-05-26 18:33 -------- d-----w- c:\program files\Trillian
2010-05-08 19:58 . 2010-05-08 19:58 -------- d-----w- c:\users\Djerrro\AppData\Local\BuildAGadget Content
2010-05-07 22:27 . 2010-05-07 22:27 -------- d-----w- c:\program files\BTMPro
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Souptoys
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\programdata\Souptoys
2010-05-05 19:06 . 2010-05-05 19:06 -------- d-----w- c:\windows\system32\RightClickFiles
2010-05-05 17:08 . 2010-05-14 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\Runscanner.net
2010-05-05 17:01 . 2010-05-05 17:07 8107 ----a-w- c:\windows\w7dsd.reg
2010-05-05 17:01 . 2010-05-05 17:07 8089 ----a-w- c:\windows\w7dse.reg
2010-05-05 17:01 . 2010-05-05 17:01 233888 ----a-w- c:\windows\system32\DreamScene.dll
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__\AppData\Roaming\Winamp
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__
2010-05-03 12:24 . 2010-05-03 15:42 -------- d-----w- c:\program files\Winamp
2010-05-03 12:24 . 2010-05-03 12:30 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Winamp
2010-05-02 18:35 . 2010-05-18 15:58 -------- d-----w- c:\users\Djerrro\AppData\Local\ElevatedDiagnostics
2010-05-02 16:57 . 2010-05-12 20:12 -------- d-----w- c:\users\Djerrro\AppData\Local\Paint.NET
2010-05-02 11:15 . 2010-05-02 11:15 -------- d-----w- C:\PFiles
2010-05-02 10:52 . 2010-05-02 10:52 -------- d-----w- c:\program files\Windows Movie Maker 6.0
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\drivers\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\wbem\sr-Latn-CS
2010-05-01 22:13 . 2010-05-01 22:13 -------- d-----w- c:\program files\MSECache
2010-05-01 20:16 . 2010-05-20 16:32 -------- d-----w- c:\users\Neso i Sanja
2010-05-01 19:58 . 2010-05-07 19:09 -------- d-----w- c:\users\Djerrro\Destkop
2010-05-01 18:19 . 2010-05-01 18:19 -------- d-----w- c:\users\Djerrro\AppData\Roaming\HateML
2010-05-01 14:23 . 2010-05-01 14:23 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ArcticLine
2010-05-01 14:10 . 2010-05-01 14:10 4575232 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\gert.tls.dll
2010-05-01 13:46 . 2010-05-01 13:46 -------- d-----w- c:\windows\Sun
2010-05-01 13:30 . 2010-05-01 13:30 -------- d-----w- c:\program files\Common Files\Java
2010-05-01 13:29 . 2010-05-01 13:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 13:29 . 2010-05-01 13:29 -------- d-----w- c:\program files\Java
2010-05-01 09:49 . 2010-05-01 09:49 -------- d-----w- c:\programdata\TreeCardGames
2010-05-01 09:49 . 2010-05-01 09:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SolSuite
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-04-30 19:49 . 2010-05-01 14:11 -------- d-----w- c:\windows\PCHEALTH
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft.NET
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-30 19:48 . 2010-04-30 19:48 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-04-30 19:47 . 2010-04-30 19:47 -------- d-----w- c:\users\Djerrro\AppData\Local\Microsoft Help
2010-04-30 19:47 . 2010-05-02 08:32 -------- d-----w- c:\programdata\Microsoft Help
2010-04-30 19:01 . 2010-04-30 19:01 -------- d-----w- c:\users\Djerrro\AppData\Local\PreEmptive Solutions
2010-04-30 17:52 . 2010-05-25 18:42 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Thinstall
2010-04-30 17:46 . 2010-04-30 17:46 -------- d-----w- c:\users\Djerrro\AppData\Roaming\translateclient
2010-04-30 17:34 . 2010-05-24 19:52 -------- d-----w- c:\program files\Everything-1.2.1.451a
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-29 18:44 . 2010-05-08 09:46 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDMComp
2010-04-29 18:31 . 2010-05-01 13:42 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Trillian
2010-04-29 18:06 . 2010-04-29 18:07 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IcoFX
2010-04-29 15:26 . 2010-04-29 15:26 -------- d-----w- c:\users\Djerrro\AppData\Local\GHISLER
2010-04-29 15:22 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-29 15:22 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-29 15:22 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-29 15:21 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-27 16:04 . 2010-04-26 19:29 -------- d-----w- c:\programdata\VMware
2010-05-27 15:45 . 2010-04-26 16:29 -------- d-----w- c:\program files\MODEM Mobile Connection
2010-05-27 15:37 . 2010-04-26 16:12 -------- d-----w- c:\users\Djerrro\AppData\Roaming\DMCache
2010-05-27 15:25 . 2010-04-26 15:22 -------- d-----w- c:\users\Djerrro\AppData\Roaming\uTorrent
2010-05-26 18:30 . 2010-04-26 19:32 -------- d-----w- c:\users\Djerrro\AppData\Roaming\VMware
2010-05-26 15:04 . 2010-04-26 18:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Skype
2010-05-25 17:52 . 2010-04-26 18:02 -------- d-----w- c:\program files\Trend Micro
2010-05-23 13:43 . 2010-04-26 15:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-23 13:43 . 2010-04-26 15:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-16 20:25 . 2010-04-26 17:57 -------- d-----w- c:\program files\TC UP
2010-05-15 18:55 . 2010-04-26 15:17 -------- d-----w- c:\programdata\Win7codecs
2010-05-15 14:25 . 2010-04-26 15:22 -------- d-----w- c:\program files\uTorrent
2010-05-15 13:35 . 2010-04-26 20:10 -------- d-----w- c:\program files\SysTracer
2010-05-12 15:19 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 09:21 . 2010-04-26 16:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-08 12:29 . 2010-04-26 16:26 -------- d-----w- c:\programdata\NVIDIA
2010-05-08 12:14 . 2010-05-08 12:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-03 15:42 . 2010-04-26 16:05 -------- d-----w- c:\program files\DFX
2010-05-02 16:06 . 2010-04-26 15:25 -------- d-----w- c:\program files\Windows7FirewallControl
2010-05-02 08:46 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-05-01 08:39 . 2010-04-26 15:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-30 20:09 . 2010-04-30 20:09 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-30 20:09 . 2010-04-30 20:09 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-04-30 20:09 . 2010-04-30 20:09 -------- d-----w- c:\program files\Interplay
2010-04-30 19:51 . 2010-04-26 15:48 108824 ----a-w- c:\users\Djerrro\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-29 13:39 . 2010-04-26 15:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-04-26 15:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 17:53 . 2010-04-26 15:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-28 15:07 . 2010-04-26 16:49 -------- d-----w- c:\program files\SystemExplorerPortable
2010-04-28 11:54 . 2010-04-26 19:51 -------- d-----w- c:\users\Djerrro\AppData\Roaming\BSplayer PRO
2010-04-27 14:57 . 2010-04-27 14:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-26 20:36 . 2010-04-26 20:35 -------- d-----w- c:\program files\Rainlendar2
2010-04-26 20:20 . 2010-04-26 20:20 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-04-26 20:12 . 2010-04-26 20:11 -------- d-----w- c:\program files\WhereIsIt
2010-04-26 20:11 . 2010-04-26 15:58 -------- d-----w- c:\programdata\WhereIsIt
2010-04-26 20:09 . 2010-04-26 20:09 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-04-26 20:08 . 2010-04-26 20:08 -------- d-----w- c:\program files\Mario Forever
2010-04-26 19:59 . 2010-04-26 19:59 -------- d-----w- c:\program files\Webteh
2010-04-26 19:40 . 2010-04-26 19:31 909320 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-04-26 19:40 . 2010-04-26 19:31 625200 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-04-26 19:38 . 2010-04-26 19:38 -------- d-----w- c:\program files\VMware
2010-04-26 19:37 . 2010-04-26 19:31 958000 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-04-26 19:37 . 2010-04-26 19:31 922672 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-04-26 19:37 . 2010-04-26 19:31 760368 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-04-26 19:37 . 2010-04-26 19:31 703024 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-04-26 19:37 . 2010-04-26 19:31 569344 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-04-26 19:37 . 2010-04-26 19:31 360448 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-04-26 19:37 . 2010-04-26 19:31 331776 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-04-26 19:37 . 2010-04-26 19:31 731696 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-04-26 19:29 . 2010-04-26 19:29 -------- d-----w- c:\program files\Common Files\VMware
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\program files\Vimicro
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\users\Djerrro\AppData\Roaming\InstallShield
2010-04-26 19:18 . 2010-04-26 19:18 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Avira
2010-04-26 19:17 . 2010-04-26 17:22 -------- d-----w- c:\programdata\Mozilla Firefox
2010-04-26 19:16 . 2010-04-26 19:16 -------- d-----w- c:\users\Djerrro\AppData\Roaming\URSoft
2010-04-26 19:15 . 2010-04-26 18:03 -------- d-----r- c:\program files\Skype
2010-04-26 18:22 . 2010-04-26 18:22 -------- d-----w- c:\program files\Sandboxie
2010-04-26 18:03 . 2010-04-26 18:03 -------- d-----w- c:\program files\Common Files\Skype
2010-04-26 18:03 . 2010-04-26 18:03 -------- d-----w- c:\programdata\Skype
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TuneUp Software
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\programdata\TuneUp Software
2010-04-26 17:08 . 2010-04-26 15:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-26 16:39 . 2010-04-26 16:39 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Malwarebytes
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\programdata\DFX
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\users\Guest\AppData\Roaming\Winamp
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\users\Administrator\AppData\Roaming\Winamp
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\program files\Common Files\DFX
2010-04-26 16:03 . 2010-04-26 16:03 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-04-26 15:56 . 2010-04-26 15:56 -------- d-----w- c:\programdata\Malwarebytes
2010-04-26 15:47 . 2010-04-26 15:47 0 ----a-w- c:\windows\nsreg.dat
2010-04-26 15:40 . 2010-04-26 15:40 -------- d-----w- c:\programdata\Avira
2010-04-26 15:40 . 2010-04-26 15:40 -------- d-----w- c:\program files\Avira
2010-04-26 15:38 . 2010-04-26 15:38 -------- d-----w- c:\program files\Realtek
2010-04-26 15:27 . 2010-04-26 15:27 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Win7codecs
2010-04-26 15:27 . 2010-04-26 15:27 -------- d-----w- c:\program files\Win7codecs
2010-04-19 11:48 . 2010-04-26 17:48 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-19 11:42 . 2010-04-26 17:48 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-04-19 11:42 . 2010-04-26 17:48 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-12 08:44 . 2010-04-12 08:44 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2010-04-01 15:56 . 2010-04-26 17:22 155648 ----a-w- c:\programdata\Mozilla Firefox\softokn3.dll
2010-04-01 15:56 . 2010-04-26 17:22 98304 ----a-w- c:\programdata\Mozilla Firefox\nssdbm3.dll
2010-04-01 15:56 . 2010-04-26 17:22 249856 ----a-w- c:\programdata\Mozilla Firefox\freebl3.dll
2010-03-08 21:33 . 2010-04-26 17:01 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 12:48 . 2010-03-05 12:48 4254224 ----a-w- c:\windows\system32\qtp-mt334.dll
2010-03-05 12:48 . 2010-03-05 12:48 385544 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2010-03-05 12:48 . 2010-03-05 12:48 249872 ----a-w- c:\windows\system32\prgiso.dll
2010-03-05 12:48 . 2010-03-05 12:48 34392 ----a-w- c:\windows\system32\drivers\UimBus.sys
2010-03-05 12:48 . 2010-03-05 12:48 261416 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2010-03-01 07:05 . 2010-04-26 15:40 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-27 12:07 . 2010-04-26 17:01 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07 . 2010-04-26 17:01 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 07:32 . 2010-04-26 17:00 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-26 17:00 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-26 17:00 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-05-25_17.01.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-26 17:55 . 2010-05-27 16:06 27558 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-05-27 16:06 42700 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-26 15:40 . 2010-05-26 17:05 28520 c:\windows\System32\drivers\ssmdrv.sys
- 2010-04-26 15:40 . 2010-05-25 15:23 28520 c:\windows\System32\drivers\ssmdrv.sys
+ 2010-04-26 23:56 . 2010-05-27 16:04 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-26 23:56 . 2010-05-25 16:52 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-26 23:56 . 2010-05-25 16:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-26 23:56 . 2010-05-27 16:04 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-05-25 16:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-05-27 16:04 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-01 10:18 . 2010-05-25 16:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-01 10:18 . 2010-05-27 16:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-01 10:18 . 2010-05-25 16:50 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-01 10:18 . 2010-05-27 16:02 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-01 10:18 . 2010-05-25 16:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-01 10:18 . 2010-05-27 16:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-26 15:41 . 2010-05-27 16:00 8442 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1696113728-3900944564-1100707938-1000_UserData.bin
+ 2010-05-27 16:04 . 2010-05-27 16:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-25 16:52 . 2010-05-25 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-27 16:04 . 2010-05-27 16:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-05-25 16:52 . 2010-05-25 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-26 15:24 . 2010-05-27 11:48 138916 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-09-26 05:42 556416 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUpdateCheck"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-07-04 12:16 49152 ----a-w- c:\windows\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-09-30 09:15 387584 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-20 11:14 26192680 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 14:15 49152 ----a-w- c:\windows\vmsnap3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2009-10-22 02:59 129584 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows7FirewallControl"=c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-23 879104]
R3 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-19 1050440]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-03-18 475136]
R3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\Drivers\usbVM303.sys [2007-03-16 1474560]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-03-05 40560]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-22 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 372736]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files\Internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet download manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
.
------- File Associations -------
.
.scr=scr
.txt=txt
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85FD0D01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84e4caa0
QueryNameProcedure -> 0x84e4cc30
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-05-27 18:18:42
ComboFix-quarantined-files.txt 2010-05-27 16:18
ComboFix2.txt 2010-05-26 17:23
ComboFix3.txt 2010-05-25 17:03

Pre-Run: 78,299,770,880 bytes free
Post-Run: 78,106,066,944 bytes free

- - End Of File - - 5486B8297DFBE83A9D3A0824F2CC452D
[ magna86 @ 27.05.2010. 21:06 ] @
nema ovde nicega...cist PC.Zasto dobijas BSOD ...pa ili zbog loseg instaliranog drajvera (ili rootkit-a) ili zbog neispravnog drajvera.
proverili smo i odstranili postojace rootkit-ove...

evo sta kaze minidump.
Citat:

Crash Time : 5/27/2010 5:59:05 PM
Caused By Driver : halmacpi.dll
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System


BSOD ti najverovatnije prijavljuje gresku sa ovim kodom :S <-- nisam 100% siguran
Code:
0x0000000a 0x00000009 0x00000002 0x00000000 0x82ca5f95


sorry, ali ovo vise nije za zastitu ;)

1. --> Deinstaliraj AVZ ovako

* Pokreni AVZ
* Idi na File >> Standard Scripts;
* Otvorice se prozor. Izaberi opciju 6 ( Execute Selected Scripts; ) i idi na Yes
* Dobices ovo obavestenje Script Executed;
* Izadji iz programa i obrisi folder u kom se nalazi AVZ

.........................................

2. --> Deinstaliraj Combofix

Idi na Start >> Run
tako kopiraj sledece

Citat:
Combofix /Uninstall


Ok. Dobices obavestenje da je Combofix deinstaliran

.........................................

3.--> Pokreni DeFogger i idi na Re-enable;
Pojavice se MsgBox na kome ces kliknuti na Yes
[ djerro @ 28.05.2010. 16:29 ] @
Nije mi jasno zasto Combofix svaki put kad ga pokrenem pronadje aktivnost rootkita.Neznam,pogledat cu jos malo za vikend.Probati na nadjem problem.Ako provalim sta je postavit cu ovde,ako ne,ponovo dizem sistem.U svakom slucaju hvala na pomoci i vremenu...Pozdrav !!!

[Ovu poruku je menjao djerro dana 30.05.2010. u 12:32 GMT+1]
[ magna86 @ 28.05.2010. 17:35 ] @
ma nemoguce...svaki put?
U pocetku da,naravno ,ali sad nebi smeo da ti javlja nista. PC ti je cist...i logovi su cisti...

uostalom...ajd ovako...

Skini OTL sa ovog linka na Desktop
http://oldtimer.geekstogo.com/OTL.exe

Pokreni ga i idi na Run Scan
Po zavrsetku otvorice ti dva loga (oba ce automacki sacuvati na Desktop-u)
meni koripaj OTL.Txt


a ti posle toga odmah odradi i scan sa Dr.Web Live CD-om.

Prvo skini Active@ ISO Burner na Desktop
program ce omoguciti da narezes Dr.Web na CD i da bude butabilan.
samo instaliraj program i on radi prakticno automacki.
objasnjenje kako program radi mozes procitati http://www.ntfs.com/iso_burner_free.htm

Skines image Dr.Web sa ovog linka:
http://www.freedrweb.com/livecd/

how to (tutorijal) --> procitaj
http://www.freedrweb.com/livecd/how_it_works/

Ubaci CD u zarazen racunar.
butuj sa CD-a , odradi update Dr.Web-a ( ako bude trebalo) i ostavi ga da skenira.
Skeniranje ce trajati i do 4 sata.


[ djerro @ 28.05.2010. 21:03 ] @
Sta da ti kazem!?Procitao sam tvoj post,izbrisao Combofix,skinuo novu verziju,pokrenuo i :"Combofix has detected the presence of rootkit activity and needs to reboot the machine."Restart,skeniranje....Logo:

ComboFix 10-05-26.03 - Djerrro 05/28/2010 21:26:42.10.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1984.1322 [GMT 2:00]
Running from: c:\users\Djerrro\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-28 )))))))))))))))))))))))))))))))
.

2010-05-28 19:33 . 2010-05-28 19:34 -------- d-----w- c:\users\Djerrro\AppData\Local\temp
2010-05-28 19:33 . 2010-05-28 19:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-28 19:33 . 2010-05-28 19:33 -------- d-----w- c:\users\Neso i Sanja\AppData\Local\temp
2010-05-28 19:33 . 2010-05-28 19:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-05-28 19:33 . 2010-05-28 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-28 19:33 . 2010-05-28 19:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-05-28 19:33 . 2010-05-28 19:33 -------- d-----w- c:\users\__vmware_user__\AppData\Local\temp
2010-05-28 15:13 . 2010-05-28 15:13 25957 ----a-w- c:\users\Djerrro\AppData\Roaming\IDM\DwnlData\Djerrro\Dropbox-200.8.64_337\Dropbox-200.8.64.exe
2010-05-27 19:30 . 2010-05-27 19:30 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Proxima Software
2010-05-25 17:15 . 2010-05-25 17:15 388096 ----a-r- c:\users\Djerrro\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-25 15:55 . 2010-05-25 18:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-24 15:52 . 2010-05-24 15:52 -------- d-----w- c:\users\Djerrro\AppData\Roaming\WinPatrol
2010-05-24 15:52 . 2009-06-10 21:42 24 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Autoexec.bat
2010-05-24 15:52 . 2009-06-10 21:42 10 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Config.sys
2010-05-23 19:48 . 2010-05-28 19:20 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TeraCopy
2010-05-23 19:48 . 2010-05-23 19:48 -------- d-----w- c:\program files\TeraCopy
2010-05-23 15:04 . 2010-05-23 15:04 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ABBYY
2010-05-23 14:59 . 2010-05-23 14:59 -------- d-----w- c:\program files\Common Files\ABBYY
2010-05-23 14:57 . 2010-05-23 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\ABBYY
2010-05-23 14:57 . 2010-05-23 16:35 -------- d-----w- c:\program files\ABBYY FineReader 10
2010-05-23 14:57 . 2010-05-23 14:57 -------- d-----w- c:\programdata\ABBYY
2010-05-23 13:43 . 2010-05-23 13:43 -------- d-----w- C:\Team17
2010-05-22 07:48 . 2010-05-22 07:48 -------- d-----w- c:\users\Djerrro\AppData\Roaming\EAST Technologies
2010-05-22 06:44 . 2010-05-22 12:55 47360 ----a-w- c:\users\Djerrro\AppData\Roaming\pcouffin.sys
2010-05-22 06:44 . 2010-05-22 06:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-22 06:41 . 2010-05-22 06:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Scooter Software
2010-05-21 20:57 . 2010-05-22 12:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Vso
2010-05-21 17:55 . 2010-02-26 14:26 220024 ----a-w- c:\windows\system32\sigcheck.exe
2010-05-20 18:40 . 2010-05-20 18:40 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Alzex
2010-05-19 16:53 . 2010-05-19 16:53 -------- d-----w- c:\programdata\complexbackup
2010-05-19 16:52 . 2010-05-19 16:52 -------- d-----w- c:\programdata\backup
2010-05-19 16:15 . 2010-05-19 16:15 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-19 16:15 . 2010-05-19 16:15 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-05-19 16:15 . 2010-05-19 16:15 35552 ----a-w- c:\windows\system32\wups.dll
2010-05-19 16:14 . 2010-05-19 16:14 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-05-19 16:14 . 2010-05-19 16:14 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-19 16:14 . 2010-05-19 16:14 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-05-19 16:14 . 2010-05-19 16:14 44768 ----a-w- c:\windows\system32\wups2.dll
2010-05-19 16:14 . 2010-05-19 16:14 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-19 16:14 . 2010-05-19 16:14 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-05-19 16:13 . 2010-05-26 17:13 -------- d-----w- c:\windows\system32\catroot2
2010-05-19 02:30 . 2010-05-19 02:30 -------- d-----w- c:\windows\Standalone System Sweeper
2010-05-18 18:22 . 2010-05-18 18:22 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Kaspersky Lab
2010-05-18 18:08 . 2010-05-18 18:08 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-17 17:38 . 2010-05-22 15:46 -------- d-----w- c:\program files\Google
2010-05-17 15:00 . 2010-05-28 19:09 -------- d-----w- c:\program files\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Local\Flock
2010-05-16 10:03 . 2010-05-16 10:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PE Explorer
2010-05-15 20:55 . 2010-05-15 20:55 -------- d-----w- c:\programdata\Everstrike
2010-05-15 20:55 . 2010-05-15 20:55 -------- d-----w- c:\program files\Universal Shield 4.3
2010-05-14 15:55 . 2010-05-14 15:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SeriousBit
2010-05-14 15:51 . 2007-01-05 15:55 116736 ----a-w- c:\windows\system32\RestoratorContextMenu.dll
2010-05-14 15:51 . 2010-05-14 15:51 -------- d-----w- c:\program files\Restorator 2009
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\programdata\TechSmith
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\program files\TechSmith
2010-05-13 18:59 . 2010-05-13 18:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-13 18:41 . 2010-05-13 18:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TechSmith
2010-05-13 17:02 . 2010-05-13 17:02 -------- d-----w- c:\users\Djerrro\AppData\Local\assembly
2010-05-13 16:22 . 2010-05-13 16:22 -------- d-----w- c:\users\Djerrro\AppData\Local\TechSmith
2010-05-12 19:24 . 2010-05-12 19:25 -------- d-----w- c:\programdata\SFlash
2010-05-12 19:20 . 2010-05-12 19:21 -------- d-----w- c:\programdata\Visual Watermark
2010-05-12 15:19 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-10 18:01 . 2009-09-09 14:43 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-05-10 18:01 . 2010-05-10 18:01 214448 ----a-w- c:\users\Djerrro\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-10 18:01 . 2010-05-10 18:08 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDM
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Internet download manager
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Softvnn
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Password Generator Professional
2010-05-09 19:49 . 2010-05-09 19:49 -------- d-----w- c:\users\Djerrro\AppData\Local\Office
2010-05-09 19:25 . 2010-05-09 20:12 -------- d-----w- c:\program files\FileZillaPortable
2010-05-08 20:27 . 2010-05-08 20:27 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PgcEdit
2010-05-08 20:06 . 2010-05-26 18:33 -------- d-----w- c:\program files\Trillian
2010-05-08 19:58 . 2010-05-08 19:58 -------- d-----w- c:\users\Djerrro\AppData\Local\BuildAGadget Content
2010-05-07 22:27 . 2010-05-07 22:27 -------- d-----w- c:\program files\BTMPro
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Souptoys
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\programdata\Souptoys
2010-05-05 19:06 . 2010-05-05 19:06 -------- d-----w- c:\windows\system32\RightClickFiles
2010-05-05 17:08 . 2010-05-14 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\Runscanner.net
2010-05-05 17:01 . 2010-05-05 17:07 8107 ----a-w- c:\windows\w7dsd.reg
2010-05-05 17:01 . 2010-05-05 17:07 8089 ----a-w- c:\windows\w7dse.reg
2010-05-05 17:01 . 2010-05-05 17:01 233888 ----a-w- c:\windows\system32\DreamScene.dll
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__\AppData\Roaming\Winamp
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__
2010-05-03 12:24 . 2010-05-03 15:42 -------- d-----w- c:\program files\Winamp
2010-05-03 12:24 . 2010-05-03 12:30 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Winamp
2010-05-02 18:35 . 2010-05-18 15:58 -------- d-----w- c:\users\Djerrro\AppData\Local\ElevatedDiagnostics
2010-05-02 16:57 . 2010-05-12 20:12 -------- d-----w- c:\users\Djerrro\AppData\Local\Paint.NET
2010-05-02 11:15 . 2010-05-02 11:15 -------- d-----w- C:\PFiles
2010-05-02 10:52 . 2010-05-02 10:52 -------- d-----w- c:\program files\Windows Movie Maker 6.0
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\drivers\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\wbem\sr-Latn-CS
2010-05-01 22:13 . 2010-05-01 22:13 -------- d-----w- c:\program files\MSECache
2010-05-01 20:16 . 2010-05-20 16:32 -------- d-----w- c:\users\Neso i Sanja
2010-05-01 19:58 . 2010-05-07 19:09 -------- d-----w- c:\users\Djerrro\Destkop
2010-05-01 18:19 . 2010-05-01 18:19 -------- d-----w- c:\users\Djerrro\AppData\Roaming\HateML
2010-05-01 14:23 . 2010-05-01 14:23 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ArcticLine
2010-05-01 14:10 . 2010-05-01 14:10 4575232 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\gert.tls.dll
2010-05-01 13:46 . 2010-05-01 13:46 -------- d-----w- c:\windows\Sun
2010-05-01 13:30 . 2010-05-01 13:30 -------- d-----w- c:\program files\Common Files\Java
2010-05-01 13:29 . 2010-05-01 13:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 13:29 . 2010-05-01 13:29 -------- d-----w- c:\program files\Java
2010-05-01 09:49 . 2010-05-01 09:49 -------- d-----w- c:\programdata\TreeCardGames
2010-05-01 09:49 . 2010-05-01 09:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SolSuite
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-04-30 19:49 . 2010-05-01 14:11 -------- d-----w- c:\windows\PCHEALTH
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft.NET
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-30 19:48 . 2010-04-30 19:48 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-04-30 19:47 . 2010-04-30 19:47 -------- d-----w- c:\users\Djerrro\AppData\Local\Microsoft Help
2010-04-30 19:47 . 2010-05-02 08:32 -------- d-----w- c:\programdata\Microsoft Help
2010-04-30 19:01 . 2010-04-30 19:01 -------- d-----w- c:\users\Djerrro\AppData\Local\PreEmptive Solutions
2010-04-30 17:52 . 2010-05-25 18:42 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Thinstall
2010-04-30 17:46 . 2010-04-30 17:46 -------- d-----w- c:\users\Djerrro\AppData\Roaming\translateclient
2010-04-30 17:34 . 2010-05-28 15:35 -------- d-----w- c:\program files\Everything-1.2.1.451a
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-29 18:44 . 2010-05-08 09:46 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDMComp
2010-04-29 18:31 . 2010-05-01 13:42 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Trillian
2010-04-29 18:06 . 2010-04-29 18:07 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IcoFX
2010-04-29 15:26 . 2010-04-29 15:26 -------- d-----w- c:\users\Djerrro\AppData\Local\GHISLER
2010-04-29 15:22 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-29 15:22 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-29 15:22 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-29 15:21 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 19:26 . 2010-04-26 19:29 -------- d-----w- c:\programdata\VMware
2010-05-28 19:19 . 2010-04-26 16:29 -------- d-----w- c:\program files\MODEM Mobile Connection
2010-05-28 17:13 . 2010-04-26 19:32 -------- d-----w- c:\users\Djerrro\AppData\Roaming\VMware
2010-05-28 16:12 . 2010-04-26 18:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Skype
2010-05-28 16:00 . 2010-04-28 11:36 -------- d-----w- c:\users\Djerrro\AppData\Roaming\skypePM
2010-05-28 15:17 . 2010-04-26 16:12 -------- d-----w- c:\users\Djerrro\AppData\Roaming\DMCache
2010-05-28 15:05 . 2010-04-26 15:22 -------- d-----w- c:\users\Djerrro\AppData\Roaming\uTorrent
2010-05-25 17:52 . 2010-04-26 18:02 -------- d-----w- c:\program files\Trend Micro
2010-05-23 13:43 . 2010-04-26 15:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-23 13:43 . 2010-04-26 15:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-16 20:25 . 2010-04-26 17:57 -------- d-----w- c:\program files\TC UP
2010-05-16 20:22 . 2010-04-27 19:50 -------- d-----w- c:\users\Djerrro\AppData\Roaming\XnView
2010-05-16 18:07 . 2010-04-27 18:44 -------- d-----w- c:\users\Djerrro\AppData\Roaming\vlc
2010-05-15 18:55 . 2010-04-26 15:17 -------- d-----w- c:\programdata\Win7codecs
2010-05-15 14:25 . 2010-04-26 15:22 -------- d-----w- c:\program files\uTorrent
2010-05-15 13:35 . 2010-04-26 20:10 -------- d-----w- c:\program files\SysTracer
2010-05-12 15:19 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 09:21 . 2010-04-26 16:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-08 12:29 . 2010-04-26 16:26 -------- d-----w- c:\programdata\NVIDIA
2010-05-08 12:14 . 2010-05-08 12:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-03 15:42 . 2010-04-26 16:05 -------- d-----w- c:\program files\DFX
2010-05-02 16:06 . 2010-04-26 15:25 -------- d-----w- c:\program files\Windows7FirewallControl
2010-05-02 08:46 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-05-01 08:39 . 2010-04-26 15:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-30 20:44 . 2010-04-28 17:23 -------- d-----w- c:\programdata\Apple Computer
2010-04-30 20:09 . 2010-04-30 20:09 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-30 20:09 . 2010-04-30 20:09 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-04-30 20:09 . 2010-04-30 20:09 -------- d-----w- c:\program files\Interplay
2010-04-30 19:51 . 2010-04-26 15:48 108824 ----a-w- c:\users\Djerrro\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-29 13:39 . 2010-04-26 15:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-04-26 15:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 18:58 . 2010-04-28 18:58 -------- d-----w- c:\programdata\Paragon
2010-04-28 18:46 . 2010-04-28 18:46 -------- d-----w- c:\programdata\explauncher
2010-04-28 18:46 . 2010-04-28 18:46 -------- d-----w- c:\programdata\launcher
2010-04-28 18:43 . 2010-04-28 18:43 25214 ----a-r- c:\users\Djerrro\AppData\Roaming\Thinstall\VB Decompiler Pro\%SystemRoot%\Installer\{AF58CE7A-B48F-4DDF-8FB7-838DDC22D63C}\RunProductNameDskt_985F828E0E98429F9C05EF3BDE7568F7.exe
2010-04-28 18:43 . 2010-04-28 18:43 -------- d-----w- c:\program files\Paragon Software
2010-04-28 18:03 . 2010-04-28 18:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\WebcamMax
2010-04-28 17:58 . 2010-04-28 17:58 -------- d-----w- c:\programdata\FLEXnet
2010-04-28 17:53 . 2010-04-26 15:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-28 17:52 . 2010-04-28 17:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-28 17:51 . 2010-04-28 17:51 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-28 17:40 . 2010-04-28 17:40 -------- d-----w- c:\users\Djerrro\AppData\Roaming\inkscape
2010-04-28 17:38 . 2010-04-27 19:42 -------- d-----w- c:\users\Djerrro\AppData\Roaming\HEXelon
2010-04-28 17:23 . 2010-04-28 17:23 -------- d-----w- c:\program files\QuickTime
2010-04-28 17:22 . 2010-04-28 17:22 -------- d-----w- c:\program files\Common Files\Apple
2010-04-28 17:22 . 2010-04-28 17:22 -------- d-----w- c:\programdata\Apple
2010-04-28 15:07 . 2010-04-26 16:49 -------- d-----w- c:\program files\SystemExplorerPortable
2010-04-28 11:54 . 2010-04-26 19:51 -------- d-----w- c:\users\Djerrro\AppData\Roaming\BSplayer PRO
2010-04-27 19:59 . 2010-04-27 19:59 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Nero
2010-04-27 19:58 . 2010-04-27 19:58 -------- d-----w- c:\program files\Nero
2010-04-27 19:58 . 2010-04-27 19:58 -------- d-----w- c:\program files\Common Files\Nero
2010-04-27 19:58 . 2010-04-27 19:58 -------- d-----w- c:\programdata\Nero
2010-04-27 18:44 . 2010-04-27 18:44 -------- d-----w- c:\program files\VideoLAN
2010-04-27 18:23 . 2010-04-27 18:23 -------- d-----w- c:\program files\PowerISO
2010-04-27 14:57 . 2010-04-27 14:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-26 20:36 . 2010-04-26 20:35 -------- d-----w- c:\program files\Rainlendar2
2010-04-26 20:20 . 2010-04-26 20:20 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-04-26 20:12 . 2010-04-26 20:11 -------- d-----w- c:\program files\WhereIsIt
2010-04-26 20:11 . 2010-04-26 15:58 -------- d-----w- c:\programdata\WhereIsIt
2010-04-26 20:09 . 2010-04-26 20:09 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-04-26 20:08 . 2010-04-26 20:08 -------- d-----w- c:\program files\Mario Forever
2010-04-26 19:59 . 2010-04-26 19:59 -------- d-----w- c:\program files\Webteh
2010-04-26 19:40 . 2010-04-26 19:31 909320 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-04-26 19:40 . 2010-04-26 19:31 625200 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-04-26 19:38 . 2010-04-26 19:38 -------- d-----w- c:\program files\VMware
2010-04-26 19:37 . 2010-04-26 19:31 958000 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-04-26 19:37 . 2010-04-26 19:31 922672 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-04-26 19:37 . 2010-04-26 19:31 760368 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-04-26 19:37 . 2010-04-26 19:31 703024 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-04-26 19:37 . 2010-04-26 19:31 569344 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-04-26 19:37 . 2010-04-26 19:31 360448 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-04-26 19:37 . 2010-04-26 19:31 331776 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-04-26 19:37 . 2010-04-26 19:31 731696 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-04-26 19:29 . 2010-04-26 19:29 -------- d-----w- c:\program files\Common Files\VMware
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\program files\Vimicro
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\users\Djerrro\AppData\Roaming\InstallShield
2010-04-26 19:18 . 2010-04-26 19:18 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Avira
2010-04-26 19:17 . 2010-04-26 17:22 -------- d-----w- c:\programdata\Mozilla Firefox
2010-04-26 19:16 . 2010-04-26 19:16 -------- d-----w- c:\users\Djerrro\AppData\Roaming\URSoft
2010-04-26 19:15 . 2010-04-26 18:03 -------- d-----r- c:\program files\Skype
2010-04-26 18:22 . 2010-04-26 18:22 -------- d-----w- c:\program files\Sandboxie
2010-04-26 18:03 . 2010-04-26 18:03 -------- d-----w- c:\program files\Common Files\Skype
2010-04-26 18:03 . 2010-04-26 18:03 -------- d-----w- c:\programdata\Skype
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TuneUp Software
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\programdata\TuneUp Software
2010-04-26 17:08 . 2010-04-26 15:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-26 16:39 . 2010-04-26 16:39 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Malwarebytes
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\programdata\DFX
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\users\Guest\AppData\Roaming\Winamp
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\users\Administrator\AppData\Roaming\Winamp
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\program files\Common Files\DFX
2010-04-26 16:03 . 2010-04-26 16:03 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-04-26 15:56 . 2010-04-26 15:56 -------- d-----w- c:\programdata\Malwarebytes
2010-04-26 15:47 . 2010-04-26 15:47 0 ----a-w- c:\windows\nsreg.dat
2010-04-26 15:40 . 2010-04-26 15:40 -------- d-----w- c:\programdata\Avira
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-09-26 05:42 556416 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUpdateCheck"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-07-04 12:16 49152 ----a-w- c:\windows\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-09-30 09:15 387584 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-20 11:14 26192680 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 14:15 49152 ----a-w- c:\windows\vmsnap3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2009-10-22 02:59 129584 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows7FirewallControl"=c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-23 879104]
R3 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-19 1050440]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-03-18 475136]
R3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\Drivers\usbVM303.sys [2007-03-16 1474560]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-03-05 40560]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-22 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 372736]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files\Internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet download manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
.
------- File Associations -------
.
.txt=txt
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85FB0D01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84e4caa0
QueryNameProcedure -> 0x84e4cc30
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-05-28 21:36:49
ComboFix-quarantined-files.txt 2010-05-28 19:36

Pre-Run: 77,003,878,400 bytes free
Post-Run: 76,954,554,368 bytes free

- - End Of File - - F3454EEC2CEE980D15221D52A1E03285

A evo ti i drugi logo:


OTL logfile created on: 5/28/2010 9:44:31 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Djerrro\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109.30 Gb Total Space | 71.74 Gb Free Space | 65.63% Space Free | Partition Type: NTFS
Drive D: | 188.69 Gb Total Space | 91.46 Gb Free Space | 48.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJERRRO-PC
Current User Name: Djerrro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/05/28 21:42:46 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Djerrro\Desktop\OTL.exe
PRC - [2010/05/15 00:00:00 | 002,370,712 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\stpass.exe
PRC - [2010/04/26 18:50:47 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/04/09 14:32:02 | 000,372,736 | ---- | M] (Sphinx Software) -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/04 17:39:21 | 000,116,024 | ---- | M] (Flock, Inc.) -- C:\Program Files\Flock\flock.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/08/22 12:31:06 | 005,148,672 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2009/07/14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/16 18:33:10 | 007,547,424 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2008/07/16 15:42:58 | 005,827,584 | ---- | M] () -- C:\Program Files\MODEM Mobile Connection\MODEM Mobile Connection.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/05/28 21:42:46 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Djerrro\Desktop\OTL.exe
MOD - [2009/11/30 20:14:36 | 001,514,264 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\spCapBtn.dll
MOD - [2009/11/30 20:14:36 | 000,459,008 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\spPCAct.dll
MOD - [2009/07/14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/03/26 21:35:40 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet download manager\idmmkb.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/04/28 19:51:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/26 19:48:46 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/04/26 18:50:47 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/19 13:45:44 | 001,050,440 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/04/19 13:42:36 | 000,030,024 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/04/09 14:32:02 | 000,372,736 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/12/10 23:04:22 | 000,814,344 | ---- | M] (ABBYY) [On_Demand | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)
SRV - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/09/30 11:15:52 | 000,065,024 | ---- | M] (tzuk) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/09/26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/07/14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/05/26 19:05:51 | 000,028,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/05 14:48:14 | 000,385,544 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/03/05 14:48:12 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2010/03/05 14:48:12 | 000,034,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/25 11:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/22 05:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 05:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 05:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 05:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 04:59:48 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport)
DRV - [2009/10/22 03:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 00:13:36 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2009/10/22 00:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 00:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/30 11:15:52 | 000,116,736 | ---- | M] (tzuk) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/09/27 23:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/16 18:14:18 | 002,375,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/03 14:55:26 | 000,076,800 | ---- | M] (© Everstrike Software) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\US4Vista.sys -- (US30Sys)
DRV - [2008/07/15 11:39:10 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/07/14 01:16:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/07/14 01:16:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/01/23 13:18:58 | 000,879,104 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007/03/18 18:06:32 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav303.sys -- (vvftav303)
DRV - [2007/03/16 16:24:50 | 001,474,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC0303) VIMICRO USB PC Camera (ZC0301PLH)
DRV - [2006/01/13 15:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vd_filedisk.sys -- (VD_FileDisk)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.rs/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.5
FF - prefs.js..extensions.enabledItems: translator@zoli.bod:1.0.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.7
FF - prefs.js..extensions.enabledItems: omiazad@msn.com:1.0.5
FF - prefs.js..extensions.enabledItems: smileys@yourdomain.com:1.3.3
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.2
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.4.2
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.3
FF - prefs.js..extensions.enabledItems: {d7ba87f4-c901-47b7-af80-18d75313aad1}:1.3.0


FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files\Flock\components [2010/05/17 18:30:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/05/24 18:27:35 | 000,000,000 | ---D | M]

[2010/05/16 22:14:55 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Extensions
[2010/05/16 22:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010/05/28 11:28:07 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions
[2010/05/08 10:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/05/08 10:03:45 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/05/25 14:38:51 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2010/04/30 12:34:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/17 21:29:53 | 000,000,000 | ---D | M] (facebookchatbar) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{d7ba87f4-c901-47b7-af80-18d75313aad1}
[2010/04/27 20:06:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/11 19:36:11 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/04/27 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\omiazad@msn.com
[2010/05/12 16:11:42 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\smarterwiki@wikiatic.com
[2010/04/27 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\smileys@yourdomain.com
[2010/04/27 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\tabscope@xuldev.org
[2010/04/27 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\translator@zoli.bod

O1 HOSTS File: ([2010/05/20 18:29:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet download manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [av
[ magna86 @ 29.05.2010. 21:48 ] @
1. OTL log nije ceo...postavi log uz poruku.

2. Otvori Notepad i kopiraj tekst koji se nalazi ispod:

Citat:
Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Klikni na File\Save as i sacuvaj tekst kao CFScript na Desktop



Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix.exe
To ce startovati ComboFix, mozda ce doci do restarta sistema (to je normalno)
Kada zavrsi,pojavice se log (C:\ComboFix.txt) koji ces kopirati ovde.

Javi sad stanje.

3...kasnije odaradi ovo sa Dr.Web-om

[Ovu poruku je menjao magna86 dana 30.05.2010. u 01:04 GMT+1]
[ djerro @ 30.05.2010. 11:27 ] @
Evo logo,sad je valjda ceo:

OTL logfile created on: 5/28/2010 9:44:31 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Djerrro\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109.30 Gb Total Space | 71.74 Gb Free Space | 65.63% Space Free | Partition Type: NTFS
Drive D: | 188.69 Gb Total Space | 91.46 Gb Free Space | 48.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJERRRO-PC
Current User Name: Djerrro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/05/28 21:42:46 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Djerrro\Desktop\OTL.exe
PRC - [2010/05/15 00:00:00 | 002,370,712 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\stpass.exe
PRC - [2010/04/26 18:50:47 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/04/09 14:32:02 | 000,372,736 | ---- | M] (Sphinx Software) -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/04 17:39:21 | 000,116,024 | ---- | M] (Flock, Inc.) -- C:\Program Files\Flock\flock.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/08/22 12:31:06 | 005,148,672 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2009/07/14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/16 18:33:10 | 007,547,424 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2008/07/16 15:42:58 | 005,827,584 | ---- | M] () -- C:\Program Files\MODEM Mobile Connection\MODEM Mobile Connection.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/05/28 21:42:46 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Djerrro\Desktop\OTL.exe
MOD - [2009/11/30 20:14:36 | 001,514,264 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\spCapBtn.dll
MOD - [2009/11/30 20:14:36 | 000,459,008 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\spPCAct.dll
MOD - [2009/07/14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/03/26 21:35:40 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet download manager\idmmkb.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/04/28 19:51:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/26 19:48:46 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/04/26 18:50:47 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/19 13:45:44 | 001,050,440 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/04/19 13:42:36 | 000,030,024 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/04/09 14:32:02 | 000,372,736 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/12/10 23:04:22 | 000,814,344 | ---- | M] (ABBYY) [On_Demand | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)
SRV - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/09/30 11:15:52 | 000,065,024 | ---- | M] (tzuk) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/09/26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/07/14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/05/26 19:05:51 | 000,028,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/05 14:48:14 | 000,385,544 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/03/05 14:48:12 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2010/03/05 14:48:12 | 000,034,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/25 11:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/22 05:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 05:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 05:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 05:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 04:59:48 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport)
DRV - [2009/10/22 03:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 00:13:36 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2009/10/22 00:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 00:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/30 11:15:52 | 000,116,736 | ---- | M] (tzuk) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/09/27 23:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/16 18:14:18 | 002,375,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/03 14:55:26 | 000,076,800 | ---- | M] (© Everstrike Software) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\US4Vista.sys -- (US30Sys)
DRV - [2008/07/15 11:39:10 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/07/14 01:16:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/07/14 01:16:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/01/23 13:18:58 | 000,879,104 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007/03/18 18:06:32 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav303.sys -- (vvftav303)
DRV - [2007/03/16 16:24:50 | 001,474,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC0303) VIMICRO USB PC Camera (ZC0301PLH)
DRV - [2006/01/13 15:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vd_filedisk.sys -- (VD_FileDisk)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.rs/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.5
FF - prefs.js..extensions.enabledItems: translator@zoli.bod:1.0.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.7
FF - prefs.js..extensions.enabledItems: omiazad@msn.com:1.0.5
FF - prefs.js..extensions.enabledItems: smileys@yourdomain.com:1.3.3
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.2
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.4.2
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.3
FF - prefs.js..extensions.enabledItems: {d7ba87f4-c901-47b7-af80-18d75313aad1}:1.3.0


FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files\Flock\components [2010/05/17 18:30:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/05/24 18:27:35 | 000,000,000 | ---D | M]

[2010/05/16 22:14:55 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Extensions
[2010/05/16 22:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010/05/28 11:28:07 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions
[2010/05/08 10:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/05/08 10:03:45 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/05/25 14:38:51 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2010/04/30 12:34:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/17 21:29:53 | 000,000,000 | ---D | M] (facebookchatbar) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{d7ba87f4-c901-47b7-af80-18d75313aad1}
[2010/04/27 20:06:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/11 19:36:11 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/04/27 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\omiazad@msn.com
[2010/05/12 16:11:42 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\smarterwiki@wikiatic.com
[2010/04/27 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\smileys@yourdomain.com
[2010/04/27 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\tabscope@xuldev.org
[2010/04/27 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\translator@zoli.bod

O1 HOSTS File: ([2010/05/20 18:29:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet download manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUpdateCheck = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PreventItemCreationInUsersFilesFolder = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoReadingPane = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPreviewPane = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeWebView = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnails = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeThisFolder = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebView = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontShowSuperHidden = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AlwaysShowClassicMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentProgForNewUserInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserFolderInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchComputerLinkInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchProgramsInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchInternetInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchFilesInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchCommInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarLockAll = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoResize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoAddRemoveToolbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoDragToolbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoRedock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInplaceSharing = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseFoldersInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TurnOffSPIAnimations = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\WindowsUpdate: DisableWindowsUpdateAccess = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet download manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet download manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet download manager\IEExt.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6...tall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6...tall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6...tall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/05/28 21:42:40 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Djerrro\Desktop\OTL.exe
[2010/05/28 21:36:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/28 21:36:52 | 000,000,000 | ---D | C] -- C:\Users\Neso i Sanja\AppData\Local\temp
[2010/05/28 21:20:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/27 21:30:02 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Proxima Software
[2010/05/25 17:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/05/25 17:54:41 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\spybotSD
[2010/05/24 17:52:32 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\WinPatrol
[2010/05/23 21:48:59 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\TeraCopy
[2010/05/23 21:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2010/05/23 21:12:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/23 17:04:22 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\ABBYY
[2010/05/23 16:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ABBYY
[2010/05/23 16:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 10
[2010/05/23 16:57:18 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\ABBYY
[2010/05/23 16:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2010/05/23 15:43:56 | 000,000,000 | ---D | C] -- C:\Team17
[2010/05/22 19:29:36 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\Ervin
[2010/05/22 16:27:36 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Documents\ConvertXToDVD
[2010/05/22 13:33:52 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Documents\Personal Finances
[2010/05/22 09:48:44 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\EAST Technologies
[2010/05/22 09:47:28 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\East-Tec Eraser 2010
[2010/05/22 08:44:57 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Djerrro\AppData\Roaming\pcouffin.sys
[2010/05/22 08:41:09 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Scooter Software
[2010/05/21 22:57:39 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Vso
[2010/05/21 19:55:58 | 000,220,024 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\sigcheck.exe
[2010/05/20 20:40:59 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Alzex
[2010/05/20 20:32:44 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\USB_by_veto
[2010/05/20 18:11:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/20 18:11:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/20 18:11:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/20 18:11:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/19 18:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\complexbackup
[2010/05/19 18:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\backup
[2010/05/19 18:15:07 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/05/19 18:15:07 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/05/19 18:15:07 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/05/19 18:14:58 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/05/19 18:14:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/05/19 18:14:49 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/05/19 18:14:49 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/05/19 18:13:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010/05/19 04:30:36 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper
[2010/05/18 21:27:58 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\CardRecovery
[2010/05/18 20:22:16 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Kaspersky Lab
[2010/05/18 20:08:33 | 000,000,000 | --SD | C] -- C:\Users\Djerrro\Documents\Passwords Database
[2010/05/18 20:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/05/17 19:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/17 17:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Flock
[2010/05/16 22:14:52 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Flock
[2010/05/16 22:14:52 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\Flock
[2010/05/16 18:09:02 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Documents\DriverGenius
[2010/05/16 12:03:50 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\PE Explorer
[2010/05/16 10:31:36 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\advancedmysqlinjenctioninjoomla
[2010/05/15 22:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Everstrike
[2010/05/15 22:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Universal Shield 4.3
[2010/05/14 21:18:06 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\Kurs za pc servisere
[2010/05/14 21:17:53 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\Nadogradnja i popravka PC-ja
[2010/05/14 17:55:19 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\SeriousBit
[2010/05/14 17:51:48 | 000,116,736 | ---- | C] (bome.com) -- C:\Windows\System32\RestoratorContextMenu.dll
[2010/05/14 17:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Restorator 2009
[2010/05/13 21:01:11 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Documents\Snagit
[2010/05/13 21:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/05/13 21:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/05/13 20:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/13 20:41:15 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\TechSmith
[2010/05/13 19:02:27 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\assembly
[2010/05/13 18:22:34 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\TechSmith
[2010/05/13 17:38:36 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Documents\Outlook Files
[2010/05/12 21:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SFlash
[2010/05/12 21:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Visual Watermark
[2010/05/10 21:11:27 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Documents\ABIX
[2010/05/10 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\net limit
[2010/05/10 20:01:48 | 000,210,352 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\idmmbc.dll
[2010/05/10 20:01:14 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\IDM
[2010/05/10 20:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Softvnn
[2010/05/10 20:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Internet download manager
[2010/05/10 18:00:23 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Password Generator Professional
[2010/05/09 21:49:36 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\Office
[2010/05/09 21:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\FileZillaPortable
[2010/05/08 22:27:21 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\PgcEdit
[2010/05/08 22:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trillian
[2010/05/08 21:58:35 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\BuildAGadget Content
[2010/05/08 00:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\BTMPro
[2010/05/06 20:39:10 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Souptoys
[2010/05/06 20:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Souptoys
[2010/05/05 21:06:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\RightClickFiles
[2010/05/05 19:08:04 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\Runscanner.net
[2010/05/05 19:01:26 | 000,233,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DreamScene.dll
[2010/05/03 14:24:39 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Winamp
[2010/05/03 14:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/05/02 20:35:47 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\ElevatedDiagnostics
[2010/05/02 18:57:07 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\Paint.NET
[2010/05/02 13:15:37 | 000,000,000 | ---D | C] -- C:\PFiles
[2010/05/02 12:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Movie Maker 6.0
[2010/05/02 10:46:29 | 000,000,000 | ---D | C] -- C:\Windows\sr-Latn-CS
[2010/05/02 10:46:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sr-Latn-CS
[2010/05/02 10:43:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\portcls.sys.mui
[2010/05/02 10:43:50 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\serscan.sys.mui
[2010/05/02 10:43:49 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\ataport.sys.mui
[2010/05/02 10:43:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\amdide.sys.mui
[2010/05/02 10:43:48 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\tcpip.sys.mui
[2010/05/02 10:43:46 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\scfilter.sys.mui
[2010/05/02 10:43:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\bthport.sys.mui
[2010/05/02 10:43:33 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\hidbth.sys.mui
[2010/05/02 10:43:33 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\BTHUSB.SYS.mui
[2010/05/02 10:43:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\bthenum.sys.mui
[2010/05/02 00:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/05/01 21:58:21 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Destkop
[2010/05/01 20:19:01 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\HateML
[2010/05/01 16:23:19 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\ArcticLine
[2010/05/01 15:46:16 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/05/01 15:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/01 15:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/01 15:29:47 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/01 15:29:47 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/01 15:29:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/01 15:29:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/01 15:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/01 11:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TreeCardGames
[2010/05/01 11:49:17 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\SolSuite
[2010/04/30 22:09:39 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LMRTREND.dll
[2010/04/30 22:09:38 | 000,217,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\strmdll.dll
[2010/04/30 22:09:38 | 000,182,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft3.dll
[2010/04/30 22:09:38 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\System32\tm20dec.ax
[2010/04/30 22:09:37 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unam4ie.exe
[2010/04/30 22:09:36 | 001,088,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\danim.dll
[2010/04/30 22:09:36 | 000,194,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcut.dll
[2010/04/30 22:09:36 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz.drv
[2010/04/30 22:09:36 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w95inf32.dll
[2010/04/30 22:09:36 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w95inf16.dll
[2010/04/30 22:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Interplay
[2010/04/30 22:09:09 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010/04/30 21:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/04/30 21:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/30 21:49:15 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/04/30 21:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/04/30 21:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/04/30 21:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/04/30 21:47:51 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\Microsoft Help
[2010/04/30 21:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/30 21:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/04/30 21:01:28 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\PreEmptive Solutions
[2010/04/30 19:52:39 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Thinstall
[2010/04/30 19:46:21 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\translateclient
[2010/04/30 19:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Everything-1.2.1.451a
[2010/04/29 20:47:18 | 003,600,384 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2010/04/29 20:44:47 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\IDMComp
[2010/04/29 20:31:53 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Trillian
[2010/04/29 20:06:59 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\IcoFX
[2010/04/29 17:26:31 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\GHISLER
[2010/04/29 17:22:04 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/04/29 17:22:04 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32

[s
[ djerro @ 30.05.2010. 11:34 ] @
[2010/04/30 21:49:15 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/04/30 21:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/04/30 21:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/04/30 21:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/04/30 21:47:51 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\Microsoft Help
[2010/04/30 21:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/30 21:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/04/30 21:01:28 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\PreEmptive Solutions
[2010/04/30 19:52:39 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Thinstall
[2010/04/30 19:46:21 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\translateclient
[2010/04/30 19:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Everything-1.2.1.451a
[2010/04/29 20:47:18 | 003,600,384 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2010/04/29 20:44:47 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\IDMComp
[2010/04/29 20:31:53 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Trillian
[2010/04/29 20:06:59 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\IcoFX
[2010/04/29 17:26:31 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\GHISLER
[2010/04/29 17:22:04 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/04/29 17:22:04 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/05/28 21:47:34 | 003,407,872 | -HS- | M] () -- C:\Users\Djerrro\NTUSER.DAT
[2010/05/28 21:42:46 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Djerrro\Desktop\OTL.exe
[2010/05/28 21:37:31 | 003,036,960 | -H-- | M] () -- C:\Users\Djerrro\AppData\Local\IconCache.db
[2010/05/28 21:34:12 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/28 21:33:14 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/28 21:33:14 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/28 21:25:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/28 21:25:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/28 21:25:42 | 1559,928,832 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/27 20:28:40 | 000,000,083 | ---- | M] () -- C:\Windows\wwp.INI
[2010/05/27 17:58:47 | 197,426,837 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/27 17:18:22 | 000,050,477 | ---- | M] () -- C:\Users\Djerrro\Desktop\Defogger.exe
[2010/05/26 19:05:51 | 000,028,520 | ---- | M] () -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/05/25 20:37:11 | 008,066,605 | ---- | M] () -- C:\Users\Djerrro\Desktop\Runalyz-1.6.1.24.exe
[2010/05/25 19:15:58 | 000,002,973 | ---- | M] () -- C:\Users\Djerrro\Desktop\HiJackThis.lnk
[2010/05/23 16:29:39 | 000,722,040 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/23 16:29:39 | 000,620,710 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/23 16:29:39 | 000,105,550 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/23 01:04:56 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/05/22 20:54:18 | 000,000,031 | ---- | M] () -- C:\Windows\RHWDWIN.INI
[2010/05/22 19:32:16 | 002,334,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/22 14:55:39 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Djerrro\AppData\Roaming\pcouffin.sys
[2010/05/22 14:55:39 | 000,007,887 | ---- | M] () -- C:\Users\Djerrro\AppData\Roaming\pcouffin.cat
[2010/05/22 14:55:39 | 000,001,144 | ---- | M] () -- C:\Users\Djerrro\AppData\Roaming\pcouffin.inf
[2010/05/22 13:07:21 | 000,001,189 | ---- | M] () -- C:\Users\Djerrro\AppData\Roaming\vso_ts_preview.xml
[2010/05/22 11:57:07 | 005,146,166 | ---- | M] () -- C:\Users\Djerrro\Desktop\Personal Finances Pro.exe
[2010/05/20 19:35:38 | 000,000,811 | ---- | M] () -- C:\Windows\win.ini
[2010/05/20 19:19:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/20 18:29:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/19 18:15:07 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/05/19 18:15:07 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/05/19 18:15:07 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/05/19 18:14:58 | 000,171,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/05/19 18:14:58 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/05/19 18:14:49 | 002,421,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/05/19 18:14:49 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/05/18 20:08:28 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
[2010/05/16 12:20:05 | 002,034,872 | ---- | M] () -- C:\Users\Djerrro\Desktop\Xyplorer.sfx.exe
[2010/05/15 10:01:44 | 000,008,704 | ---- | M] () -- C:\Users\Djerrro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/12 19:31:40 | 000,000,218 | ---- | M] () -- C:\Users\Djerrro\.recently-used.xbel
[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/08 22:07:05 | 000,001,053 | ---- | M] () -- C:\Users\Djerrro\Desktop\Trillian.lnk
[2010/05/08 14:14:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/05/08 11:09:14 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/05/05 19:07:09 | 000,008,107 | ---- | M] () -- C:\Windows\w7dsd.reg
[2010/05/05 19:07:09 | 000,008,089 | ---- | M] () -- C:\Windows\w7dse.reg
[2010/05/05 19:01:26 | 000,233,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DreamScene.dll
[2010/05/01 15:29:39 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/01 15:29:39 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/01 15:29:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/01 15:29:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/01 12:24:53 | 000,000,083 | ---- | M] () -- C:\Windows\wininit.ini
[2010/04/30 23:11:56 | 000,000,000 | ---- | M] () -- C:\Windows\LiveBilliards,2.INI
[2010/04/30 23:10:33 | 000,000,000 | ---- | M] () -- C:\Windows\LiveBilliards,1.INI
[2010/04/30 22:09:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w95inf32.dll
[2010/04/30 22:09:35 | 000,002,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w95inf16.dll
[2010/04/30 21:51:01 | 000,108,824 | ---- | M] () -- C:\Users\Djerrro\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/30 19:40:51 | 000,001,620 | ---- | M] () -- C:\Users\Djerrro\Desktop\Portabl.lnk
[2010/04/29 20:47:18 | 003,600,384 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/05/27 17:18:21 | 000,050,477 | ---- | C] () -- C:\Users\Djerrro\Desktop\Defogger.exe
[2010/05/25 20:37:05 | 008,066,605 | ---- | C] () -- C:\Users\Djerrro\Desktop\Runalyz-1.6.1.24.exe
[2010/05/25 19:15:58 | 000,002,973 | ---- | C] () -- C:\Users\Djerrro\Desktop\HiJackThis.lnk
[2010/05/25 18:47:22 | 197,426,837 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/23 15:54:54 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2010/05/22 19:31:58 | 002,334,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/22 11:46:48 | 005,146,166 | ---- | C] () -- C:\Users\Djerrro\Desktop\Personal Finances Pro.exe
[2010/05/22 08:45:32 | 000,000,033 | ---- | C] () -- C:\Users\Djerrro\AppData\Roaming\pcouffin.log
[2010/05/22 08:44:57 | 000,007,887 | ---- | C] () -- C:\Users\Djerrro\AppData\Roaming\pcouffin.cat
[2010/05/22 08:44:57 | 000,001,144 | ---- | C] () -- C:\Users\Djerrro\AppData\Roaming\pcouffin.inf
[2010/05/21 22:57:39 | 000,001,189 | ---- | C] () -- C:\Users\Djerrro\AppData\Roaming\vso_ts_preview.xml
[2010/05/20 19:19:10 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/05/20 18:11:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/20 18:11:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/20 18:11:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/20 18:11:38 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/20 18:11:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/18 20:08:28 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
[2010/05/16 12:20:03 | 002,034,872 | ---- | C] () -- C:\Users\Djerrro\Desktop\Xyplorer.sfx.exe
[2010/05/12 19:31:40 | 000,000,218 | ---- | C] () -- C:\Users\Djerrro\.recently-used.xbel
[2010/05/08 22:07:05 | 000,001,053 | ---- | C] () -- C:\Users\Djerrro\Desktop\Trillian.lnk
[2010/05/08 14:14:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/05/07 22:57:06 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/05 19:01:26 | 000,008,107 | ---- | C] () -- C:\Windows\w7dsd.reg
[2010/05/05 19:01:26 | 000,008,089 | ---- | C] () -- C:\Windows\w7dse.reg
[2010/05/01 12:24:53 | 000,000,083 | ---- | C] () -- C:\Windows\wininit.ini
[2010/04/30 23:11:56 | 000,000,000 | ---- | C] () -- C:\Windows\LiveBilliards,2.INI
[2010/04/30 23:10:33 | 000,000,000 | ---- | C] () -- C:\Windows\LiveBilliards,1.INI
[2010/04/30 22:09:36 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010/04/30 22:09:36 | 000,005,672 | ---- | C] () -- C:\Windows\System32\quartz.vxd
[2010/04/29 16:32:16 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/04/28 20:02:36 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2010/04/27 22:36:43 | 000,000,031 | ---- | C] () -- C:\Windows\RHWDWIN.INI
[2010/04/27 10:45:45 | 000,000,082 | ---- | C] () -- C:\Windows\mafosav.INI
[2010/04/26 21:25:36 | 000,139,264 | ---- | C] () -- C:\Windows\System32\vmcoinst_zc0301plh.dll
[2010/04/26 20:22:26 | 000,002,716 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/04/26 17:40:55 | 000,028,520 | ---- | C] () -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/02/21 04:48:22 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/11/02 10:38:16 | 000,009,792 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:C97C8631
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B3D74A13
< End of report >
[ djerro @ 30.05.2010. 11:37 ] @
Sa dr.web-om imam probleme.Skinucu ga ponovo,ali sam ispucao internet za ovaj mesec.Pa cu od Utorka i to odraditi.Evo logo od Combofixa:

ComboFix 10-05-26.03 - Djerrro 05/30/2010 12:09:20.11.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1984.1300 [GMT 2:00]
Running from: c:\users\Djerrro\Desktop\ComboFix.exe
Command switches used :: c:\users\Djerrro\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\w32dasm8.ini

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-30 )))))))))))))))))))))))))))))))
.

2010-05-30 10:16 . 2010-05-30 10:16 -------- d-----w- c:\users\Djerrro\AppData\Local\temp
2010-05-30 10:16 . 2010-05-30 10:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-30 10:16 . 2010-05-30 10:16 -------- d-----w- c:\users\Neso i Sanja\AppData\Local\temp
2010-05-30 10:16 . 2010-05-30 10:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-05-30 10:16 . 2010-05-30 10:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-30 10:16 . 2010-05-30 10:16 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-05-30 10:16 . 2010-05-30 10:16 -------- d-----w- c:\users\__vmware_user__\AppData\Local\temp
2010-05-29 20:30 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-29 20:30 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-29 20:30 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-05-29 20:29 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-05-29 20:29 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-05-29 17:56 . 2010-05-29 18:00 -------- d-----w- c:\users\Djerrro\AppData\Roaming\GHISLER
2010-05-29 14:06 . 2010-05-29 14:06 -------- d-----w- c:\programdata\Network LookOut Administrator Pro
2010-05-29 10:16 . 2010-05-29 10:16 10220 ----a-w- c:\users\Djerrro\AppData\Roaming\IDM\DwnlData\Djerrro\pure9.0.0.192en_340\pure9.0.0.192en.exe
2010-05-29 09:59 . 2010-05-29 10:01 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TheWorld
2010-05-29 09:53 . 2010-05-29 09:53 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SystemTools
2010-05-28 15:13 . 2010-05-28 15:13 25957 ----a-w- c:\users\Djerrro\AppData\Roaming\IDM\DwnlData\Djerrro\Dropbox-200.8.64_337\Dropbox-200.8.64.exe
2010-05-27 19:30 . 2010-05-27 19:30 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Proxima Software
2010-05-25 17:15 . 2010-05-25 17:15 388096 ----a-r- c:\users\Djerrro\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-24 15:52 . 2010-05-24 15:52 -------- d-----w- c:\users\Djerrro\AppData\Roaming\WinPatrol
2010-05-24 15:52 . 2009-06-10 21:42 24 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Autoexec.bat
2010-05-24 15:52 . 2009-06-10 21:42 10 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Config.sys
2010-05-23 19:48 . 2010-05-30 09:58 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TeraCopy
2010-05-23 19:48 . 2010-05-23 19:48 -------- d-----w- c:\program files\TeraCopy
2010-05-23 15:04 . 2010-05-23 15:04 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ABBYY
2010-05-23 14:59 . 2010-05-23 14:59 -------- d-----w- c:\program files\Common Files\ABBYY
2010-05-23 14:57 . 2010-05-23 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\ABBYY
2010-05-23 14:57 . 2010-05-23 16:35 -------- d-----w- c:\program files\ABBYY FineReader 10
2010-05-23 14:57 . 2010-05-23 14:57 -------- d-----w- c:\programdata\ABBYY
2010-05-23 13:43 . 2010-05-23 13:43 -------- d-----w- C:\Team17
2010-05-22 07:48 . 2010-05-22 07:48 -------- d-----w- c:\users\Djerrro\AppData\Roaming\EAST Technologies
2010-05-22 06:44 . 2010-05-22 12:55 47360 ----a-w- c:\users\Djerrro\AppData\Roaming\pcouffin.sys
2010-05-22 06:44 . 2010-05-22 06:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-22 06:41 . 2010-05-22 06:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Scooter Software
2010-05-21 20:57 . 2010-05-22 12:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Vso
2010-05-21 17:55 . 2010-02-26 14:26 220024 ----a-w- c:\windows\system32\sigcheck.exe
2010-05-20 18:40 . 2010-05-20 18:40 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Alzex
2010-05-19 16:53 . 2010-05-19 16:53 -------- d-----w- c:\programdata\complexbackup
2010-05-19 16:52 . 2010-05-19 16:52 -------- d-----w- c:\programdata\backup
2010-05-19 16:15 . 2010-05-19 16:15 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-19 16:15 . 2010-05-19 16:15 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-05-19 16:15 . 2010-05-19 16:15 35552 ----a-w- c:\windows\system32\wups.dll
2010-05-19 16:14 . 2010-05-19 16:14 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-05-19 16:14 . 2010-05-19 16:14 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-19 16:14 . 2010-05-19 16:14 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-05-19 16:14 . 2010-05-19 16:14 44768 ----a-w- c:\windows\system32\wups2.dll
2010-05-19 16:14 . 2010-05-19 16:14 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-19 16:14 . 2010-05-19 16:14 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-05-19 16:13 . 2010-05-26 17:13 -------- d-----w- c:\windows\system32\catroot2
2010-05-19 02:30 . 2010-05-19 02:30 -------- d-----w- c:\windows\Standalone System Sweeper
2010-05-18 18:22 . 2010-05-18 18:22 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Kaspersky Lab
2010-05-18 18:08 . 2010-05-18 18:08 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-17 17:38 . 2010-05-22 15:46 -------- d-----w- c:\program files\Google
2010-05-17 15:00 . 2010-05-30 09:50 -------- d-----w- c:\program files\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Local\Flock
2010-05-16 10:03 . 2010-05-16 10:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PE Explorer
2010-05-15 20:55 . 2010-05-15 20:55 -------- d-----w- c:\program files\Universal Shield 4.3
2010-05-14 15:55 . 2010-05-14 15:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SeriousBit
2010-05-14 15:51 . 2007-01-05 15:55 116736 ----a-w- c:\windows\system32\RestoratorContextMenu.dll
2010-05-14 15:51 . 2010-05-14 15:51 -------- d-----w- c:\program files\Restorator 2009
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\programdata\TechSmith
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\program files\TechSmith
2010-05-13 18:59 . 2010-05-13 18:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-13 18:41 . 2010-05-13 18:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TechSmith
2010-05-13 17:02 . 2010-05-13 17:02 -------- d-----w- c:\users\Djerrro\AppData\Local\assembly
2010-05-13 16:22 . 2010-05-13 16:22 -------- d-----w- c:\users\Djerrro\AppData\Local\TechSmith
2010-05-12 19:24 . 2010-05-12 19:25 -------- d-----w- c:\programdata\SFlash
2010-05-12 19:20 . 2010-05-12 19:21 -------- d-----w- c:\programdata\Visual Watermark
2010-05-12 15:19 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-10 18:01 . 2009-09-09 14:43 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-05-10 18:01 . 2010-05-10 18:01 214448 ----a-w- c:\users\Djerrro\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-10 18:01 . 2010-05-10 18:08 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDM
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Internet download manager
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Softvnn
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Password Generator Professional
2010-05-09 19:49 . 2010-05-09 19:49 -------- d-----w- c:\users\Djerrro\AppData\Local\Office
2010-05-09 19:25 . 2010-05-09 20:12 -------- d-----w- c:\program files\FileZillaPortable
2010-05-08 20:27 . 2010-05-08 20:27 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PgcEdit
2010-05-08 20:06 . 2010-05-29 13:15 -------- d-----w- c:\program files\Trillian
2010-05-08 19:58 . 2010-05-08 19:58 -------- d-----w- c:\users\Djerrro\AppData\Local\BuildAGadget Content
2010-05-07 22:27 . 2010-05-07 22:27 -------- d-----w- c:\program files\BTMPro
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Souptoys
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\programdata\Souptoys
2010-05-05 19:06 . 2010-05-05 19:06 -------- d-----w- c:\windows\system32\RightClickFiles
2010-05-05 17:08 . 2010-05-14 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\Runscanner.net
2010-05-05 17:01 . 2010-05-05 17:07 8107 ----a-w- c:\windows\w7dsd.reg
2010-05-05 17:01 . 2010-05-05 17:07 8089 ----a-w- c:\windows\w7dse.reg
2010-05-05 17:01 . 2010-05-05 17:01 233888 ----a-w- c:\windows\system32\DreamScene.dll
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__\AppData\Roaming\Winamp
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__
2010-05-03 12:24 . 2010-05-03 15:42 -------- d-----w- c:\program files\Winamp
2010-05-03 12:24 . 2010-05-03 12:30 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Winamp
2010-05-02 18:35 . 2010-05-18 15:58 -------- d-----w- c:\users\Djerrro\AppData\Local\ElevatedDiagnostics
2010-05-02 16:57 . 2010-05-12 20:12 -------- d-----w- c:\users\Djerrro\AppData\Local\Paint.NET
2010-05-02 11:15 . 2010-05-02 11:15 -------- d-----w- C:\PFiles
2010-05-02 10:52 . 2010-05-02 10:52 -------- d-----w- c:\program files\Windows Movie Maker 6.0
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\drivers\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\wbem\sr-Latn-CS
2010-05-01 22:13 . 2010-05-01 22:13 -------- d-----w- c:\program files\MSECache
2010-05-01 20:16 . 2010-05-20 16:32 -------- d-----w- c:\users\Neso i Sanja
2010-05-01 19:58 . 2010-05-07 19:09 -------- d-----w- c:\users\Djerrro\Destkop
2010-05-01 18:19 . 2010-05-01 18:19 -------- d-----w- c:\users\Djerrro\AppData\Roaming\HateML
2010-05-01 14:23 . 2010-05-01 14:23 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ArcticLine
2010-05-01 14:10 . 2010-05-01 14:10 4575232 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\gert.tls.dll
2010-05-01 13:46 . 2010-05-01 13:46 -------- d-----w- c:\windows\Sun
2010-05-01 13:30 . 2010-05-01 13:30 -------- d-----w- c:\program files\Common Files\Java
2010-05-01 13:29 . 2010-05-01 13:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 13:29 . 2010-05-01 13:29 -------- d-----w- c:\program files\Java
2010-05-01 09:49 . 2010-05-01 09:49 -------- d-----w- c:\programdata\TreeCardGames
2010-05-01 09:49 . 2010-05-01 09:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SolSuite
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-04-30 19:49 . 2010-05-01 14:11 -------- d-----w- c:\windows\PCHEALTH
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft.NET
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-30 19:48 . 2010-04-30 19:48 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-04-30 19:47 . 2010-04-30 19:47 -------- d-----w- c:\users\Djerrro\AppData\Local\Microsoft Help
2010-04-30 19:47 . 2010-05-29 13:47 -------- d-----w- c:\programdata\Microsoft Help
2010-04-30 19:01 . 2010-04-30 19:01 -------- d-----w- c:\users\Djerrro\AppData\Local\PreEmptive Solutions
2010-04-30 17:52 . 2010-05-29 20:12 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Thinstall
2010-04-30 17:46 . 2010-04-30 17:46 -------- d-----w- c:\users\Djerrro\AppData\Roaming\translateclient
2010-04-30 17:34 . 2010-05-29 09:08 -------- d-----w- c:\program files\Everything-1.2.1.451a

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 10:08 . 2010-04-26 19:29 -------- d-----w- c:\programdata\VMware
2010-05-30 09:58 . 2010-04-26 16:29 -------- d-----w- c:\program files\MODEM Mobile Connection
2010-05-30 09:21 . 2010-04-26 19:32 -------- d-----w- c:\users\Djerrro\AppData\Roaming\VMware
2010-05-29 20:22 . 2010-04-27 19:58 -------- d-----w- c:\program files\Nero
2010-05-29 18:56 . 2010-04-26 16:12 -------- d-----w- c:\users\Djerrro\AppData\Roaming\DMCache
2010-05-29 13:06 . 2010-04-26 19:51 -------- d-----w- c:\users\Djerrro\AppData\Roaming\BSplayer PRO
2010-05-29 12:51 . 2010-04-26 18:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Skype
2010-05-29 12:49 . 2010-04-28 11:36 -------- d-----w- c:\users\Djerrro\AppData\Roaming\skypePM
2010-05-29 12:41 . 2010-04-26 15:22 -------- d-----w- c:\users\Djerrro\AppData\Roaming\uTorrent
2010-05-25 17:52 . 2010-04-26 18:02 -------- d-----w- c:\program files\Trend Micro
2010-05-23 13:43 . 2010-04-26 15:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-23 13:43 . 2010-04-26 15:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-16 20:25 . 2010-04-26 17:57 -------- d-----w- c:\program files\TC UP
2010-05-16 20:22 . 2010-04-27 19:50 -------- d-----w- c:\users\Djerrro\AppData\Roaming\XnView
2010-05-16 18:07 . 2010-04-27 18:44 -------- d-----w- c:\users\Djerrro\AppData\Roaming\vlc
2010-05-15 18:55 . 2010-04-26 15:17 -------- d-----w- c:\programdata\Win7codecs
2010-05-15 14:25 . 2010-04-26 15:22 -------- d-----w- c:\program files\uTorrent
2010-05-15 13:35 . 2010-04-26 20:10 -------- d-----w- c:\program files\SysTracer
2010-05-12 15:19 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 09:21 . 2010-04-26 16:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-08 12:29 . 2010-04-26 16:26 -------- d-----w- c:\programdata\NVIDIA
2010-05-08 12:14 . 2010-05-08 12:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-08 09:46 . 2010-04-29 18:44 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDMComp
2010-05-03 15:42 . 2010-04-26 16:05 -------- d-----w- c:\program files\DFX
2010-05-02 16:06 . 2010-04-26 15:25 -------- d-----w- c:\program files\Windows7FirewallControl
2010-05-02 08:46 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-05-01 13:42 . 2010-04-29 18:31 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Trillian
2010-05-01 08:39 . 2010-04-26 15:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-30 20:44 . 2010-04-28 17:23 -------- d-----w- c:\programdata\Apple Computer
2010-04-30 20:09 . 2010-04-30 20:09 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-30 20:09 . 2010-04-30 20:09 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-04-30 20:09 . 2010-04-30 20:09 -------- d-----w- c:\program files\Interplay
2010-04-30 19:51 . 2010-04-26 15:48 108824 ----a-w- c:\users\Djerrro\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-29 18:07 . 2010-04-29 18:06 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IcoFX
2010-04-29 13:39 . 2010-04-26 15:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-04-26 15:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 19:38 . 2010-04-28 19:38 -------- d-----w- c:\programdata\wipe
2010-04-28 18:58 . 2010-04-28 18:58 -------- d-----w- c:\programdata\Paragon
2010-04-28 18:46 . 2010-04-28 18:46 -------- d-----w- c:\programdata\explauncher
2010-04-28 18:46 . 2010-04-28 18:46 -------- d-----w- c:\programdata\launcher
2010-04-28 18:43 . 2010-04-28 18:43 25214 ----a-r- c:\users\Djerrro\AppData\Roaming\Thinstall\VB Decompiler Pro\%SystemRoot%\Installer\{AF58CE7A-B48F-4DDF-8FB7-838DDC22D63C}\RunProductNameDskt_985F828E0E98429F9C05EF3BDE7568F7.exe
2010-04-28 18:43 . 2010-04-28 18:43 -------- d-----w- c:\program files\Paragon Software
2010-04-28 18:03 . 2010-04-28 18:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\WebcamMax
2010-04-28 17:58 . 2010-04-28 17:58 -------- d-----w- c:\programdata\FLEXnet
2010-04-28 17:53 . 2010-04-26 15:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-28 17:52 . 2010-04-28 17:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-28 17:51 . 2010-04-28 17:51 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-28 17:40 . 2010-04-28 17:40 -------- d-----w- c:\users\Djerrro\AppData\Roaming\inkscape
2010-04-28 17:38 . 2010-04-27 19:42 -------- d-----w- c:\users\Djerrro\AppData\Roaming\HEXelon
2010-04-28 17:23 . 2010-04-28 17:23 -------- d-----w- c:\program files\QuickTime
2010-04-28 17:22 . 2010-04-28 17:22 -------- d-----w- c:\program files\Common Files\Apple
2010-04-28 17:22 . 2010-04-28 17:22 -------- d-----w- c:\programdata\Apple
2010-04-28 15:07 . 2010-04-26 16:49 -------- d-----w- c:\program files\SystemExplorerPortable
2010-04-27 19:59 . 2010-04-27 19:59 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Nero
2010-04-27 18:44 . 2010-04-27 18:44 -------- d-----w- c:\program files\VideoLAN
2010-04-27 18:23 . 2010-04-27 18:23 -------- d-----w- c:\program files\PowerISO
2010-04-27 14:57 . 2010-04-27 14:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-26 20:36 . 2010-04-26 20:35 -------- d-----w- c:\program files\Rainlendar2
2010-04-26 20:20 . 2010-04-26 20:20 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-04-26 20:12 . 2010-04-26 20:11 -------- d-----w- c:\program files\WhereIsIt
2010-04-26 20:11 . 2010-04-26 15:58 -------- d-----w- c:\programdata\WhereIsIt
2010-04-26 20:09 . 2010-04-26 20:09 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-04-26 20:08 . 2010-04-26 20:08 -------- d-----w- c:\program files\Mario Forever
2010-04-26 19:59 . 2010-04-26 19:59 -------- d-----w- c:\program files\Webteh
2010-04-26 19:40 . 2010-04-26 19:31 909320 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-04-26 19:40 . 2010-04-26 19:31 625200 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-04-26 19:38 . 2010-04-26 19:38 -------- d-----w- c:\program files\VMware
2010-04-26 19:37 . 2010-04-26 19:31 958000 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-04-26 19:37 . 2010-04-26 19:31 922672 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-04-26 19:37 . 2010-04-26 19:31 760368 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-04-26 19:37 . 2010-04-26 19:31 703024 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-04-26 19:37 . 2010-04-26 19:31 569344 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-04-26 19:37 . 2010-04-26 19:31 360448 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-04-26 19:37 . 2010-04-26 19:31 331776 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-04-26 19:37 . 2010-04-26 19:31 731696 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-04-26 19:29 . 2010-04-26 19:29 -------- d-----w- c:\program files\Common Files\VMware
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\program files\Vimicro
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\users\Djerrro\AppData\Roaming\InstallShield
2010-04-26 19:18 . 2010-04-26 19:18 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Avira
2010-04-26 19:17 . 2010-04-26 17:22 -------- d-----w- c:\programdata\Mozilla Firefox
2010-04-26 19:16 . 2010-04-26 19:16 -------- d-----w- c:\users\Djerrro\AppData\Roaming\URSoft
2010-04-26 19:15 . 2010-04-26 18:03 -------- d-----r- c:\program files\Skype
2010-04-26 18:22 . 2010-04-26 18:22 -------- d-----w- c:\program files\Sandboxie
2010-04-26 18:03 . 2010-04-26 18:03 -------- d-----w- c:\program files\Common Files\Skype
2010-04-26 18:03 . 2010-04-26 18:03 -------- d-----w- c:\programdata\Skype
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TuneUp Software
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\programdata\TuneUp Software
2010-04-26 17:08 . 2010-04-26 15:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-26 16:39 . 2010-04-26 16:39 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Malwarebytes
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\programdata\DFX
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\users\Guest\AppData\Roaming\Winamp
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\users\Administrator\AppData\Roaming\Winamp
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\program files\Common Files\DFX
2010-04-26 16:03 . 2010-04-26 16:03 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-09-26 05:42 556416 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUpdateCheck"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-07-04 12:16 49152 ----a-w- c:\windows\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-09-30 09:15 387584 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-20 11:14 26192680 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 14:15 49152 ----a-w- c:\windows\vmsnap3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2009-10-22 02:59 129584 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows7FirewallControl"=c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-23 879104]
R3 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-19 1050440]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-03-18 475136]
R3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\Drivers\usbVM303.sys [2007-03-16 1474560]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-03-05 40560]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-22 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 372736]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files\Internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet download manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85FD1D01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84e4caa0
QueryNameProcedure -> 0x84e4cc30
user & kernel MBR OK

**************************************************************************
.
Completion time: 2010-05-30 12:19:40
ComboFix-quarantined-files.txt 2010-05-30 10:19

Pre-Run: 59,301,986,304 bytes free
Post-Run: 61,786,890,240 bytes free

- - End Of File - - 1B619D40CE0A443B4C213D0EF7E713EC
[ djerro @ 30.05.2010. 11:44 ] @
Zaboravio sam reci da komp radi isto.
[ magna86 @ 31.05.2010. 16:30 ] @
Mislio sam da logove prikacis uz poruku da bi tema bila preglednija.
Inace...kao sto vec rekoh ovde nema aktivnog malware-a. samo smo izgubili vreme...

uninstalirai Combofix i AVZ po uputstvu sa mog posta.
To je to.