Molim Vas da mi proverite PC

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
svchost.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Goran\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Trusted Zone: raiffeisenbank.rs\rol
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\goran\applic~1\mozilla\firefox\profiles\wpbyqt3m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - component: c:\documents and settings\goran\application data\mozilla\firefox\profiles\wpbyqt3m.default\extensions\{cb84136f-9c44-433a-9048-c5cd9df1dc16}\platform\winnt_x86-msvc\components\libheuristic.dll
FF - component: c:\documents and settings\goran\application data\mozilla\firefox\profiles\wpbyqt3m.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\goran\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\goran\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R1 HMFAxCore56d706f6725c732df006697fd5ec3381;HMFAxCore56d706f6725c732df006697fd5ec3381;c:\windows\system32\drivers\HMFAxCore56d706f6725c732df006697fd5ec3381.sys [2009-8-6 15872]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
S3 BCASPROT;Advanced System Protector;\??\c:\program files\systweak\advanced system protector\sasprot32.sys --> c:\program files\systweak\advanced system protector\sasprot32.sys [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S4 msrvc;msrvc;c:\ssrcc\msrvc.exe --> c:\ssrcc\msrvc.exe [?]
S4 ssrcc;ssrcc;c:\ssrcc\ssrcc.exe --> c:\ssrcc\ssrcc.exe [?]

=============== Created Last 30 ================

2009-08-20 12:15 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-19 19:53 153,102 a------- c:\windows\Magic Ball 2 Uninstaller.exe
2009-08-19 02:33 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-19 01:44 3,662 a------- c:\windows\system32\tmp.reg
2009-08-18 23:47 <DIR> --d----- c:\program files\Trend Micro
2009-08-18 19:06 <DIR> --d----- c:\docume~1\goran\applic~1\Activision
2009-08-18 18:38 422,086 a------- C:\AnalysisLog.sr0
2009-08-18 18:26 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-08-18 18:26 <DIR> --d----- c:\windows\Logs
2009-08-18 18:15 <DIR> --dsh--- c:\windows\ftpcache
2009-08-15 23:42 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-15 23:42 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-15 23:42 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 23:23 <DIR> --d----- c:\program files\MSSOAP
2009-08-14 23:21 164 a------- c:\windows\install.dat
2009-08-14 13:29 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-14 01:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-14 01:51 <DIR> --d----- c:\docume~1\goran\applic~1\SUPERAntiSpyware.com
2009-08-14 01:06 <DIR> --d----- c:\docume~1\goran\applic~1\Comodo
2009-08-14 00:44 120 a------- c:\windows\CIS_Setup_3.10.102363.531_XP_Vista_x32.INI
2009-08-13 22:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Systweak
2009-08-13 21:24 <DIR> --d----- c:\docume~1\goran\applic~1\Systweak
2009-08-12 22:29 <DIR> --d----- c:\program files\LastPass
2009-08-12 21:44 11,904 a------- c:\windows\system32\drivers\hitmanpro35.sys
2009-08-12 21:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hitman Pro
2009-08-12 21:43 <DIR> --d----- c:\program files\Hitman Pro 3.5
2009-08-11 18:43 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-08-11 18:43 153,088 a------- c:\windows\system32\unrar3.dll
2009-08-11 18:43 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-08-11 18:43 75,264 a------- c:\windows\system32\unacev2.dll
2009-08-11 18:43 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-08-11 18:42 <DIR> --d----- c:\docume~1\goran\applic~1\Simply Super Software
2009-08-11 18:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-08-11 18:19 <DIR> --d----- c:\windows\$regcmp$
2009-08-11 18:16 <DIR> --d----- c:\program files\SmartPCTools
2009-08-11 13:08 <DIR> --d----- c:\docume~1\goran\applic~1\GetRightToGo
2009-08-10 22:50 <DIR> --d----- c:\docume~1\goran\applic~1\Feedreader
2009-08-08 16:49 <DIR> --d----- c:\program files\YouTube Downloader
2009-08-07 22:33 <DIR> --d----- c:\program files\FreeTime
2009-08-07 22:11 <DIR> --d----- c:\program files\mp3DirectCut
2009-08-06 23:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Autorun Eater
2009-08-06 23:46 27 a------- c:\windows\hlistHMFAxCore56d706f6725c732df006697fd5ec3381
2009-08-06 23:46 0 a------- c:\windows\wlistHMFAxCore56d706f6725c732df006697fd5ec3381
2009-08-06 23:46 15,872 a------- c:\windows\system32\drivers\HMFAxCore56d706f6725c732df006697fd5ec3381.sys
2009-08-06 23:46 66 a------- c:\windows\hcs.dat
2009-08-06 23:46 692,224 a------- c:\windows\system32\hsys30.dll
2009-08-06 23:46 11,776 a------- c:\windows\system32\reghmf.exe
2009-08-06 23:46 <DIR> --d----- c:\program files\HFolders
2009-08-06 16:51 5,184,054 a---h--- c:\windows\system32\toyhide.bmp
2009-08-05 23:47 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-05 01:35 <DIR> --d----- c:\docume~1\goran\applic~1\GrabPro
2009-08-03 22:24 <DIR> --d----- C:\Downloads
2009-07-27 23:52 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-07-27 23:45 <DIR> --d----- c:\windows\Internet Logs
2009-07-26 00:38 <DIR> --d----- c:\docume~1\goran\applic~1\WeatherWatcherLive
2009-07-26 00:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\2BrightSparks
2009-07-24 16:22 36 a------- c:\windows\mafosav.INI
2009-07-24 13:44 <DIR> --d----- c:\docume~1\goran\applic~1\IObit
2009-07-23 00:50 <DIR> --d----- c:\program files\GRETECH
2009-07-22 23:23 <DIR> --d----- c:\docume~1\goran\applic~1\AVS4YOU
2009-07-22 23:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-07-22 23:21 <DIR> --d----- c:\program files\common files\AVSMedia
2009-07-22 23:20 974,848 a------- c:\windows\system32\mfc70.dll
2009-07-22 23:20 487,424 a------- c:\windows\system32\msvcp70.dll
2009-07-22 23:20 1,700,352 a------- c:\windows\system32\GdiPlus.dll
2009-07-22 23:20 24,576 a------- c:\windows\system32\msxml3a.dll
2009-07-22 23:20 <DIR> --d----- c:\program files\AVS4YOU
2009-07-22 17:05 <DIR> --d----- c:\program files\Triptych
2009-07-22 17:04 <DIR> --d----- c:\program files\ReflexiveArcade
2009-07-22 12:03 <DIR> --d----- c:\program files\common files\DVDVideoSoft
2009-07-21 22:44 344,064 a------- c:\windows\system32\msvcr70.dll

==================== Find3M ====================

2009-07-25 16:30 286,720 -------- c:\windows\Setup1.exe
2009-07-18 00:12 73,216 -------- c:\windows\ST6UNST.EXE
2009-07-17 13:51 118,784 a------- c:\windows\web\wallpaper\Living Beaches Wallpaper #2.exe
2009-07-17 13:33 118,784 a------- c:\windows\web\wallpaper\living beaches wallpaper #2 dir\uninstall.exe
2009-07-17 13:27 352,256 a------- c:\windows\system32\IJL15.dll
2009-07-17 13:27 94,208 a------- c:\windows\system32\ScrUnZip.dll
2009-07-17 12:28 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-07-08 23:52 5,433,520 a------- c:\windows\system32\SpoonUninstall.exe
2009-07-05 01:06 4,096 a------- c:\windows\d3dx.dat
2009-07-04 02:32 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-01 02:25 3,001 a--sh--- c:\documents and settings\goran\ppUser.dat
2009-06-29 15:52 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-06-29 15:52 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-29 15:00 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2006-09-16 00:17 3,477,504 a------- c:\program files\FoxitReader2.0Beta.exe

============= FINISH: 12:30:43.73 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav i dobrodosao na forum

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

ComboFix 09-08-19.0C - Goran 08/20/2009 17:14.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2406 [GMT 2:00]
Running from: c:\documents and settings\Goran\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-08-20 11:30 . 2009-08-20 11:30 -------- d-----w- c:\program files\ESET
2009-08-20 10:15 . 2009-08-20 10:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-19 17:53 . 2009-08-19 17:53 153102 ----a-w- c:\windows\Magic Ball 2 Uninstaller.exe
2009-08-18 21:47 . 2009-08-18 21:47 -------- d-----w- c:\program files\Trend Micro
2009-08-18 17:06 . 2009-08-18 17:06 -------- d-----w- c:\documents and settings\Goran\Application Data\Activision
2009-08-18 16:26 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-08-18 16:26 . 2009-08-18 16:26 -------- d-----w- c:\windows\Logs
2009-08-18 16:15 . 2009-08-18 16:15 -------- d-sh--w- c:\windows\ftpcache
2009-08-15 21:42 . 2009-08-15 21:42 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-15 21:42 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-15 21:42 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-15 21:42 . 2009-08-18 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 21:23 . 2009-08-14 21:23 -------- d-----w- c:\program files\MSSOAP
2009-08-14 21:21 . 2009-08-14 21:21 164 ----a-w- c:\windows\install.dat
2009-08-14 20:49 . 2009-07-30 14:28 329216 ----a-w- c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\wpbyqt3m.default\extensions\{cb84136f-9c44-433a-9048-c5cd9df1dc16}\platform\WINNT_x86-msvc\components\libheuristic.dll
2009-08-14 15:04 . 2009-08-14 15:04 239088 ----a-w- c:\documents and settings\Goran\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-08-14 11:29 . 2009-08-14 11:29 -------- d-----w- c:\program files\Java
2009-08-13 23:51 . 2009-08-13 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-13 23:51 . 2009-08-18 20:49 -------- d-----w- c:\documents and settings\Goran\Application Data\SUPERAntiSpyware.com
2009-08-13 23:06 . 2009-08-13 23:40 -------- d-----w- c:\documents and settings\Goran\Application Data\Comodo
2009-08-13 20:47 . 2009-08-13 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak
2009-08-13 20:41 . 2009-08-13 20:47 30996544 ----a-w- c:\documents and settings\Goran\Application Data\Systweak\ASO 2\UpdateASPnew.exe
2009-08-13 19:24 . 2009-08-13 21:33 -------- d-----w- c:\documents and settings\Goran\Application Data\Systweak
2009-08-12 20:29 . 2009-08-18 16:30 -------- d-----w- c:\program files\LastPass
2009-08-12 20:24 . 2009-08-12 20:29 575488 ----a-w- c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\wpbyqt3m.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2009-08-12 20:17 . 2009-08-20 15:02 -------- d-----w- c:\documents and settings\Goran\Local Settings\Application Data\LastPass
2009-08-12 19:44 . 2009-08-12 19:44 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2009-08-12 19:43 . 2009-08-12 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2009-08-12 19:43 . 2009-08-12 19:43 -------- d-----w- c:\program files\Hitman Pro 3.5
2009-08-11 16:43 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-08-11 16:43 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-08-11 16:43 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-08-11 16:43 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-08-11 16:43 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-08-11 16:42 . 2009-08-11 16:43 -------- d-----w- c:\documents and settings\Goran\Application Data\Simply Super Software
2009-08-11 16:42 . 2009-08-11 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-08-11 16:19 . 2009-08-11 16:20 -------- d-----w- c:\windows\$regcmp$
2009-08-11 16:16 . 2009-08-11 16:16 -------- d-----w- c:\program files\SmartPCTools
2009-08-11 11:08 . 2009-08-11 11:09 -------- d-----w- c:\documents and settings\Goran\Application Data\GetRightToGo
2009-08-10 22:26 . 2009-08-10 22:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-08-10 22:25 . 2009-08-10 22:25 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-10 20:50 . 2009-08-10 20:53 -------- d-----w- c:\documents and settings\Goran\Application Data\Feedreader
2009-08-08 23:09 . 2009-08-08 23:09 -------- d-----w- c:\windows\Sun
2009-08-08 14:49 . 2009-08-18 16:31 -------- d-----w- c:\program files\YouTube Downloader
2009-08-07 20:33 . 2009-08-07 20:33 -------- d-----w- c:\program files\FreeTime
2009-08-07 20:11 . 2009-08-07 20:12 -------- d-----w- c:\program files\mp3DirectCut
2009-08-07 18:47 . 2009-08-07 18:47 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-06 21:53 . 2009-08-06 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2009-08-06 21:46 . 2009-08-06 21:48 66 ----a-w- c:\windows\hcs.dat
2009-08-06 21:46 . 2009-08-06 21:46 15872 ----a-w- c:\windows\system32\drivers\HMFAxCore56d706f6725c732df006697fd5ec3381.sys
2009-08-06 21:46 . 2007-02-12 15:55 692224 ----a-w- c:\windows\system32\hsys30.dll
2009-08-06 21:46 . 2004-08-03 23:56 11776 ----a-w- c:\windows\system32\reghmf.exe
2009-08-06 21:46 . 2009-08-06 21:46 -------- d-----w- c:\program files\HFolders
2009-08-05 21:47 . 2009-08-14 11:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-05 21:46 . 2009-08-05 21:46 152576 ----a-w- c:\documents and settings\Goran\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-04 23:35 . 2009-08-04 23:35 -------- d-----w- c:\documents and settings\Goran\Application Data\GrabPro
2009-08-04 23:34 . 2009-08-04 23:42 -------- d-----w- c:\documents and settings\Goran\Application Data\Orbit
2009-08-03 20:37 . 2009-08-03 20:48 -------- d-----w- c:\documents and settings\Goran\Local Settings\Application Data\Deployment
2009-08-03 20:24 . 2009-08-03 20:24 -------- d-----w- C:\Downloads
2009-07-28 08:54 . 2009-08-06 10:06 -------- d-----w- c:\documents and settings\Goran\Application Data\Canon
2009-07-27 21:52 . 2009-08-14 10:44 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-07-27 21:45 . 2009-08-20 10:11 -------- d-----w- c:\windows\Internet Logs
2009-07-25 22:38 . 2009-07-25 22:38 -------- d-----w- c:\documents and settings\Goran\Application Data\WeatherWatcherLive
2009-07-25 22:15 . 2009-07-25 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\2BrightSparks
2009-07-25 00:16 . 2009-07-25 00:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-25 00:01 . 2009-07-25 00:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-25 00:00 . 2009-08-19 01:13 -------- d-----w- c:\program files\Google
2009-07-25 00:00 . 2009-08-11 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-24 11:44 . 2009-07-24 11:44 -------- d-----w- c:\documents and settings\Goran\Application Data\IObit
2009-07-22 22:51 . 2009-07-22 22:51 -------- d-----w- c:\documents and settings\Goran\Application Data\GRETECH
2009-07-22 22:50 . 2009-07-22 22:50 -------- d-----w- c:\program files\GRETECH
2009-07-22 21:23 . 2009-07-22 21:23 -------- d-----w- c:\documents and settings\Goran\Application Data\AVS4YOU
2009-07-22 21:23 . 2009-07-22 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-07-22 21:21 . 2009-07-22 21:22 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-07-22 21:21 . 2009-07-22 21:21 -------- d-----w- c:\windows\system32\drivers\umdf
2009-07-22 21:20 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-07-22 21:20 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-07-22 21:20 . 2009-07-22 21:24 -------- d-----w- c:\program files\AVS4YOU
2009-07-22 21:20 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-07-22 21:20 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-07-22 15:05 . 2009-07-22 15:06 -------- d-----w- c:\program files\Triptych
2009-07-22 15:04 . 2009-07-22 15:04 -------- d-----w- c:\program files\ReflexiveArcade
2009-07-22 10:03 . 2009-08-08 14:47 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-07-21 20:44 . 2002-01-05 13:37 344064 ----a-w- c:\windows\system32\msvcr70.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-20 14:42 . 2009-07-04 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-19 00:31 . 2009-07-18 21:04 -------- d-----w- c:\documents and settings\Goran\Application Data\uTorrent
2009-08-18 20:15 . 2009-06-29 13:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-18 16:31 . 2009-06-29 13:29 -------- d-----w- c:\program files\Mv2Player
2009-08-11 16:26 . 2009-07-04 23:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-09 09:27 . 2009-08-09 09:27 1063390 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-08-06 10:20 . 2009-07-01 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Contrast
2009-08-06 10:20 . 2009-07-01 00:18 -------- d-----w- c:\program files\Contrast
2009-07-25 14:30 . 2009-07-17 22:12 286720 ------w- c:\windows\Setup1.exe
2009-07-21 11:24 . 2009-07-21 11:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-21 11:23 . 2009-07-21 11:24 38208 ----a-w- c:\documents and settings\Goran\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-07-19 00:45 . 2009-06-29 13:09 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-19 00:29 . 2009-07-18 23:34 -------- d-----w- c:\program files\Everstrike Software
2009-07-18 23:34 . 2009-07-18 23:34 -------- d-----w- c:\program files\Common Files\Everstrike Software
2009-07-18 23:33 . 2009-07-18 23:21 -------- d-----w- c:\program files\ElcomSoft
2009-07-18 23:17 . 2009-07-18 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\{773E7240-B347-4DFF-A6EF-6E829EDD59DF}
2009-07-17 22:12 . 2009-07-17 22:12 73216 ------w- c:\windows\ST6UNST.EXE
2009-07-17 11:51 . 2009-07-17 11:51 118784 ----a-w- c:\windows\Web\Wallpaper\Living Beaches Wallpaper #2.exe
2009-07-17 11:33 . 2009-07-17 11:33 118784 ----a-w- c:\windows\Web\Wallpaper\Living Beaches Wallpaper #2 dir\uninstall.exe
2009-07-17 11:32 . 2009-07-17 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Winferno
2009-07-17 11:27 . 2009-07-17 11:27 352256 ----a-w- c:\windows\system32\IJL15.dll
2009-07-17 11:27 . 2009-07-17 11:27 94208 ----a-w- c:\windows\system32\ScrUnZip.dll
2009-07-17 10:28 . 2009-07-17 10:28 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-07-17 00:10 . 2009-07-16 23:57 -------- d-----w- c:\documents and settings\Goran\Application Data\WeatherWatcher
2009-07-16 22:03 . 2009-06-29 15:17 -------- d-----w- c:\documents and settings\Goran\Application Data\Winamp
2009-07-11 19:39 . 2009-06-29 21:44 -------- d-----w- c:\program files\Windows Live
2009-07-09 15:34 . 2009-07-09 15:32 -------- d-----w- c:\documents and settings\Goran\Application Data\Wildfire
2009-07-08 22:07 . 2009-07-08 22:07 -------- d-----w- c:\documents and settings\Goran\Application Data\AccurateRip
2009-07-08 22:07 . 2009-07-08 22:07 -------- d-----w- c:\program files\Illustrate
2009-07-08 21:52 . 2009-07-08 22:07 5433520 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-07-07 22:00 . 2009-06-29 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-07 20:05 . 2009-06-29 19:53 -------- d-----w- c:\documents and settings\Goran\Application Data\Skype
2009-07-07 20:04 . 2009-06-29 19:53 -------- d-----w- c:\program files\Skype
2009-07-07 19:27 . 2009-06-29 19:57 -------- d-----w- c:\documents and settings\Goran\Application Data\skypePM
2009-07-06 09:25 . 2009-07-06 09:25 -------- d-----w- c:\documents and settings\Goran\Application Data\Media Player Classic
2009-07-05 22:48 . 2009-07-05 22:48 -------- d-----w- c:\documents and settings\Goran\Application Data\Susteen
2009-07-05 22:33 . 2009-07-05 22:33 -------- d-----w- c:\documents and settings\Goran\Application Data\SDI
2009-07-05 22:15 . 2009-07-05 22:15 1915520 ----a-w- c:\documents and settings\Goran\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-05 14:42 . 2009-07-05 14:42 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-07-05 14:40 . 2009-07-05 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-05 14:39 . 2009-07-05 14:39 -------- d-----w- c:\program files\OLYMPUS
2009-07-05 14:39 . 2009-07-05 14:39 -------- d-----w- c:\program files\MSXML 4.0
2009-07-05 00:53 . 2009-07-05 00:53 -------- d-----w- c:\documents and settings\Goran\Application Data\Apple Computer
2009-07-05 00:51 . 2009-07-05 00:51 -------- d-----w- c:\program files\QuickTime
2009-07-05 00:51 . 2009-07-05 00:51 -------- d-----w- c:\program files\Apple Software Update
2009-07-05 00:51 . 2009-07-05 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-04 23:41 . 2009-07-04 23:41 -------- d-----w- c:\documents and settings\Goran\Application Data\URSoft
2009-07-04 23:06 . 2009-07-04 23:06 4096 ----a-w- c:\windows\d3dx.dat
2009-07-04 01:31 . 2009-06-29 15:17 -------- d-----w- c:\program files\Winamp
2009-07-04 00:32 . 2009-06-29 13:02 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-03 23:39 . 2009-07-03 23:39 -------- d-----w- c:\documents and settings\Goran\Application Data\Malwarebytes
2009-07-03 23:39 . 2009-07-03 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-01 14:29 . 2009-07-01 14:29 -------- d-----w- c:\program files\Common Files\snp2std
2009-07-01 00:29 . 2009-07-01 00:18 -------- d-----w- c:\documents and settings\Goran\Application Data\Contrast
2009-07-01 00:25 . 2009-07-01 00:18 3001 --sha-w- c:\documents and settings\Goran\ppUser.dat
2009-07-01 00:06 . 2009-07-01 00:06 -------- d-----w- c:\program files\Canon
2009-06-30 23:31 . 2009-06-30 23:31 -------- d-----w- c:\program files\CONTACT
2009-06-30 23:04 . 2009-06-30 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2009-06-30 22:30 . 2009-06-30 22:30 -------- d-----w- c:\program files\IVT Corporation
2009-06-29 23:57 . 2009-06-29 23:57 -------- d-----w- c:\program files\Unlocker
2009-06-29 22:06 . 2009-06-29 22:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-29 21:44 . 2009-06-29 21:44 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-29 21:40 . 2009-06-29 21:40 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-29 19:57 . 2009-06-29 19:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-29 19:53 . 2009-06-29 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-29 19:53 . 2009-06-29 19:53 -------- d-----w- c:\program files\Common Files\Skype
2009-06-29 14:26 . 2009-06-29 14:26 -------- d-----w- c:\program files\Rainlendar2
2009-06-29 14:19 . 2009-06-29 14:19 -------- d-----w- c:\program files\CCleaner
2009-06-29 14:14 . 2009-06-29 14:14 -------- d-----w- c:\program files\Microsoft
2009-06-29 13:57 . 2009-06-29 13:06 68848 ----a-w- c:\documents and settings\Goran\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 13:53 . 2009-06-29 13:53 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-06-29 13:52 . 2009-06-29 13:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-06-29 13:52 . 2009-06-29 13:52 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-29 13:51 . 2009-06-29 13:50 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-06-29 13:48 . 2009-06-29 13:48 -------- d-----w- c:\program files\MSXML 6.0
2009-06-29 13:46 . 2009-06-29 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-29 13:35 . 2009-06-29 13:35 -------- d-----w- c:\program files\DVD Decrypter
2009-06-29 13:31 . 2009-06-29 13:31 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-29 13:31 . 2009-06-29 13:31 -------- d-----w- c:\program files\Ahead
2009-06-29 13:29 . 2009-06-29 13:29 0 ----a-w- c:\windows\nsreg.dat
2009-06-29 13:28 . 2009-06-29 13:28 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-29 13:25 . 2009-06-29 13:25 -------- d-----w- c:\program files\Microsoft Works
2009-06-29 13:25 . 2009-06-29 13:25 -------- d-----w- c:\program files\MSBuild
2009-06-29 13:25 . 2009-06-29 13:25 -------- d-----w- c:\program files\Microsoft.NET
2009-06-29 13:23 . 2009-06-29 13:23 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-29 13:20 . 2009-06-29 13:20 -------- d-----w- c:\documents and settings\Goran\Application Data\ATI
2009-06-29 13:20 . 2009-06-29 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-06-29 13:20 . 2009-06-29 13:20 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-29 13:19 . 2009-06-29 13:16 -------- d-----w- c:\program files\ATI Technologies
2009-06-29 13:18 . 2009-06-29 13:18 9158 ----a-r- c:\documents and settings\Goran\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-06-29 13:18 . 2009-06-29 13:18 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-06-29 13:09 . 2009-06-29 13:09 -------- d-----w- c:\program files\Realtek
2009-06-29 13:08 . 2009-06-29 13:08 -------- d-----w- c:\program files\NVIDIA Corporation
2009-06-29 13:03 . 2009-06-29 13:03 -------- d-----w- c:\program files\microsoft frontpage
2009-06-29 13:00 . 2009-06-29 13:00 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2006-09-15 22:17 . 2009-06-29 13:29 3477504 ----a-w- c:\program files\FoxitReader2.0Beta.exe
.

------- Sigcheck -------

[-] 2007-11-28 18:48 1580544 6E266AAF4168B3569A330C61AB01F6B4 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-02-21 4333568]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32\0SsiEfr.exe\0SsiEfr.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Documents and Settings\\Goran\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Goran\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [5/14/2009 3:49 PM 94360]
R1 HMFAxCore56d706f6725c732df006697fd5ec3381;HMFAxCore56d706f6725c732df006697fd5ec3381;c:\windows\system32\drivers\HMFAxCore56d706f6725c732df006697fd5ec3381.sys [8/6/2009 11:46 PM 15872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [10/31/2008 8:52 PM 93184]
S3 BCASPROT;Advanced System Protector;\??\c:\program files\Systweak\Advanced System Protector\sasprot32.sys --> c:\program files\Systweak\Advanced System Protector\sasprot32.sys [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S4 msrvc;msrvc;c:\ssrcc\msrvc.exe --> c:\ssrcc\msrvc.exe [?]
S4 ssrcc;ssrcc;c:\ssrcc\ssrcc.exe --> c:\ssrcc\ssrcc.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1500820517-839522115-1003Core.job
- c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-01 14:53]

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1500820517-839522115-1003UA.job
- c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-01 14:53]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll


.
------- Supplementary Scan -------
.
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Trusted Zone: raiffeisenbank.rs\rol
FF - ProfilePath - c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\wpbyqt3m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - component: c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\wpbyqt3m.default\extensions\{cb84136f-9c44-433a-9048-c5cd9df1dc16}\platform\WINNT_x86-msvc\components\libheuristic.dll
FF - component: c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\wpbyqt3m.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\Goran\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-20 17:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,0f,c9,3a,63,2e,01,4e,86,62,ca,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,0f,c9,3a,63,2e,01,4e,86,62,ca,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\nvLsp.dll
.
Completion time: 2009-08-20 17:17
ComboFix-quarantined-files.txt 2009-08-20 15:17

Pre-Run: 32,078,282,752 bytes free
Post-Run: 32,047,087,616 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

360 --- E O F --- 2009-07-04 12:24

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

@Mrky77
Pozdrav, posto je diarno trenutno odsutan, ja cu nastaviti.
Ovde kod tebe je izgleda sada sve u redu, ostaje samo da deinstaliramo Combofix, na sledeci nacin:

klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala puno ...