lsass.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:35, on 1.6.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\System32\rundll32.exe
c:\Win\lsass.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\Zarko\Desktop\HiJackThis folder\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: desktop.exe
O8 - Extra context menu item: &Preuzmi sa FlashGet-om - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Preuzmi sve sa FlashGet-om - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{62DEC95B-3E84-46DF-943D-B571E15D2E11}: NameServer = 62.240.12.1 62.240.12.2
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 6318 bytes

Sta da radim?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Citat:
Sta da radim?

Samo se zavali u fotelju i uzivaj

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 01 Jun 2009 22:18

ComboFix 09-05-31.06 - Zarko 01.06.2009 20:57.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.381.1033.18.3326.2217 [GMT 2:00]
Running from: c:\users\Zarko\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\win\lsass.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 19:00 . 2009-06-01 19:00 -------- d-----w- c:\users\Zarko\AppData\Local\temp
2009-06-01 13:33 . 2009-06-01 13:44 -------- d-----w- c:\users\Zarko\AppData\Roaming\Apple Computer
2009-06-01 13:33 . 2009-06-01 13:33 -------- d-----w- c:\users\Zarko\AppData\Local\Apple Computer
2009-06-01 13:32 . 2009-06-01 13:32 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-01 13:32 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-01 13:32 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\iPod
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\iTunes
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\Bonjour
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\QuickTime
2009-06-01 13:31 . 2009-06-01 13:32 -------- d-----w- c:\programdata\Apple Computer
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\users\Zarko\AppData\Local\Apple
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\program files\Apple Software Update
2009-06-01 13:31 . 2009-06-01 13:32 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\programdata\Apple
2009-05-31 17:43 . 2008-12-19 13:35 228692 ----a-w- c:\users\Zarko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe
2009-05-31 17:43 . 2009-06-01 18:57 -------- d-sh--r- C:\Win
2009-05-29 12:11 . 2009-05-29 12:11 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-05-29 12:11 . 2009-05-29 12:11 -------- d-----w- c:\program files\Acronis
2009-05-29 12:11 . 2009-05-29 12:11 -------- d-----w- c:\program files\Common Files\Acronis
2009-05-29 11:10 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-05-29 11:09 . 2009-05-29 11:09 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-29 11:09 . 2009-05-29 11:09 -------- d-----w- c:\program files\Microsoft.NET
2009-05-28 23:46 . 2009-05-28 23:47 -------- d-----w- c:\users\Zarko\AppData\Local\Microsoft Games
2009-05-28 23:46 . 2009-05-28 23:46 -------- d-----w- c:\users\Zarko\AppData\Local\Scansoft
2009-05-28 23:36 . 2007-07-19 23:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2009-05-28 23:36 . 2009-05-28 23:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-28 23:36 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-05-28 22:12 . 2009-05-28 22:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-28 19:47 . 2009-05-28 19:47 -------- d-----w- c:\program files\Common Files\ABBYY
2009-05-28 19:45 . 2009-05-28 19:49 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2009-05-28 19:42 . 2008-05-16 03:51 -------- d-----w- C:\FR90PE_VOL
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\programdata\InstallShield
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\users\Zarko\AppData\Roaming\ScanSoft
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\programdata\ScanSoft
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-05-28 11:03 . 2009-05-28 11:03 -------- d-----w- c:\program files\ScanSoft
2009-05-27 23:54 . 2009-05-27 23:55 -------- d-----w- c:\windows\system32\ca-ES
2009-05-27 23:54 . 2009-05-27 23:54 -------- d-----w- c:\windows\system32\eu-ES
2009-05-27 23:54 . 2009-05-27 23:54 -------- d-----w- c:\windows\system32\vi-VN
2009-05-27 23:52 . 2009-05-27 23:52 -------- d-----w- c:\windows\system32\SPReview
2009-05-27 23:44 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-05-27 23:42 . 2009-04-10 21:28 469504 ----a-w- c:\windows\system32\newdev.dll
2009-05-27 23:40 . 2009-05-27 23:40 -------- d-----w- c:\windows\system32\EventProviders
2009-05-27 20:10 . 2009-05-28 22:13 -------- d-----w- c:\users\Zarko\AppData\Local\Adobe
2009-05-27 20:06 . 2009-05-27 20:06 -------- d-----w- c:\users\Zarko\AppData\Roaming\ABBYY
2009-05-27 19:12 . 2009-05-27 19:12 -------- d-----w- c:\users\Zarko\AppData\Local\Apps
2009-05-27 19:04 . 2009-05-28 19:45 -------- d-----w- c:\users\Zarko\AppData\Local\ABBYY
2009-05-27 19:04 . 2009-05-27 20:07 -------- d-----w- c:\programdata\ABBYY
2009-05-27 19:01 . 2009-05-27 19:02 -------- d-----w- c:\temp\FR90PE
2009-05-27 19:01 . 2009-05-27 19:01 -------- d-----w- C:\temp
2009-05-27 17:24 . 2009-05-27 23:40 -------- d-----w- C:\Downloads
2009-05-27 17:24 . 2009-05-27 17:24 -------- d-----w- c:\users\Zarko\AppData\Roaming\FlashGet
2009-05-27 17:23 . 2009-05-27 17:24 -------- d-----w- c:\program files\FlashGet
2009-05-27 17:20 . 2009-05-27 17:20 -------- d-----w- c:\users\Zarko\AppData\Roaming\Ahead
2009-05-27 17:14 . 2009-05-27 17:16 -------- d-----w- c:\users\Zarko\AppData\Roaming\Canon
2009-05-26 08:55 . 2009-05-26 08:19 4152184 ----a-w- c:\windows\system32\wgaer_m.exe
2009-05-26 02:57 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-05-26 02:54 . 2009-05-26 02:54 -------- d-----w- c:\program files\MSXML 4.0
2009-05-26 00:57 . 2008-02-29 06:35 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-05-26 00:26 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-05-26 00:26 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-05-26 00:26 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-26 00:26 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-05-26 00:26 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-26 00:26 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-26 00:26 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-05-26 00:26 . 2008-10-16 12:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-05-26 00:26 . 2008-10-16 11:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-05-25 23:43 . 2009-05-25 23:43 -------- d-----w- c:\users\Zarko\AppData\Local\BuildAGadget Content
2009-05-25 23:41 . 2009-05-27 17:20 -------- d-----w- c:\users\Zarko\AppData\Local\Ahead
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\programdata\Nero
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\program files\Nero
2009-05-25 23:38 . 2009-06-01 17:19 -------- d-----w- c:\users\Zarko\Tracing
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Microsoft
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Windows Live
2009-05-25 23:15 . 2009-05-25 23:15 -------- d-----w- C:\PerfLogs
2009-05-25 22:49 . 2008-01-18 21:33 193024 ----a-w- c:\windows\system32\recdisc.exe
2009-05-25 22:49 . 2008-01-18 21:36 6656 ----a-w- c:\windows\system32\sdspres.dll
2009-05-25 22:49 . 2008-01-18 21:36 28160 ----a-w- c:\windows\system32\sxproxy.dll
2009-05-25 22:47 . 2008-01-18 21:33 88064 ----a-w- c:\windows\system32\wiaacmgr.exe
2009-05-25 22:30 . 2009-05-25 22:30 -------- d-----w- c:\users\Zarko\AppData\Local\Microsoft Help
2009-05-25 22:30 . 2009-05-27 21:50 -------- d-----w- c:\programdata\Microsoft Help
2009-05-25 21:36 . 2009-05-25 21:36 -------- d-----w- c:\windows\PCHEALTH
2009-05-25 18:57 . 2009-05-25 09:02 -------- d-----w- c:\windows\Panther
2009-05-25 18:56 . 2009-05-28 00:00 -------- d-sh--w- C:\Boot
2009-05-25 16:47 . 2009-05-25 16:47 -------- d-----w- c:\users\Zarko\AppData\Roaming\Media Player Classic
2009-05-25 16:20 . 2009-05-25 16:20 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-25 16:16 . 2009-05-25 16:16 -------- d-----w- c:\program files\Canon
2009-05-25 16:15 . 2005-02-28 11:20 57344 ----a-w- c:\windows\system32\CNQU110.DLL
2009-05-25 16:14 . 2009-05-25 16:14 -------- d--h--w- C:\CanoScan
2009-05-25 16:14 . 2005-06-23 20:17 352256 ----a-w- c:\windows\system32\CNQL1213.DLL
2009-05-25 16:08 . 2009-05-25 16:08 -------- d-----w- c:\program files\CCleaner
2009-05-25 16:08 . 2009-05-25 16:08 -------- d-----w- c:\program files\Defraggler
2009-05-25 16:05 . 2009-05-25 16:05 -------- d-----w- c:\users\Zarko\AppData\Local\Mozilla
2009-05-25 16:05 . 2009-05-25 16:05 -------- d-----w- c:\windows\system32\Macromed
2009-05-25 16:04 . 2009-05-25 16:04 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-25 16:04 . 2009-05-25 16:04 -------- d-----w- c:\program files\Java
2009-05-25 16:02 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-25 16:02 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-25 16:02 . 2009-05-25 16:02 -------- d-----w- c:\program files\Real Alternative
2009-05-25 16:02 . 2009-05-25 16:02 -------- d-----w- c:\users\Zarko\AppData\Local\Real
2009-05-25 16:01 . 2009-05-25 16:01 0 ----a-w- c:\windows\nsreg.dat
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\users\Zarko\AppData\Local\Thunderbird
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\users\Zarko\AppData\Roaming\Thunderbird
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-25 15:57 . 2009-05-25 15:57 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-25 15:57 . 2009-05-27 14:08 -------- d-----w- c:\users\Zarko\AppData\Roaming\Winamp
2009-05-25 15:57 . 2009-05-25 15:58 -------- d-----w- c:\program files\Winamp
2009-05-25 15:55 . 2009-05-25 15:55 -------- d-----w- c:\programdata\NVIDIA
2009-05-25 15:42 . 2007-07-23 01:41 753664 ----a-w- c:\windows\system32\nvcplui.exe
2009-05-25 15:42 . 2007-07-23 01:41 307200 ----a-w- c:\windows\system32\nvexpbar.dll
2009-05-25 15:42 . 2007-07-23 01:41 1073152 ----a-w- c:\windows\system32\nvcpluir.dll
2009-05-25 15:41 . 2007-07-23 01:41 356352 ----a-w- c:\windows\system32\nvuninst.exe
2009-05-25 15:41 . 2007-07-23 01:41 356352 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-25 15:40 . 2009-05-25 16:21 -------- d-----w- c:\windows\UI
2009-05-25 15:39 . 2007-06-26 06:56 2173480 ----a-w- c:\windows\TBPanel.exe
2009-05-25 15:39 . 2007-03-16 02:11 12256 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2009-05-25 15:39 . 2007-01-31 02:56 32768 ----a-w- c:\windows\TBPanelExt.dll
2009-05-25 15:39 . 2004-07-17 15:48 36864 ----a-w- c:\windows\GWLib.dll
2009-05-25 15:39 . 1998-11-17 23:27 26624 ----a-w- c:\windows\TBZoom.exe
2009-05-25 15:39 . 1998-10-31 02:55 5120 ----a-w- c:\windows\TBManage.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 12:19 . 2009-06-01 12:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-05-29 11:15 . 2009-05-25 09:11 74696 ----a-w- c:\users\Zarko\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-28 23:36 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-05-27 23:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-05-27 23:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-26 17:20 . 2009-05-26 17:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-25 23:06 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-25 23:06 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-25 16:03 . 2009-05-25 16:03 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-25 15:36 . 2009-05-25 09:11 680 ----a-w- c:\users\Zarko\AppData\Local\d3d9caps.dat
2009-05-25 15:34 . 2009-05-25 15:34 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-04-10 21:33 . 2009-05-27 23:42 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-10 21:33 . 2009-05-27 23:42 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-10 21:33 . 2009-05-27 23:43 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-10 21:33 . 2009-05-27 23:42 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-10 21:33 . 2009-05-27 23:42 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-10 21:28 . 2009-05-27 23:42 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-10 21:27 . 2009-05-27 23:43 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-04-10 21:22 . 2009-05-27 23:43 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-10 21:21 . 2009-05-27 23:43 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-10 20:42 . 2009-05-27 23:43 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-10 20:03 . 2009-05-27 23:43 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-10 20:03 . 2009-05-27 23:43 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 19:57 . 2009-05-27 23:42 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-10 19:55 . 2009-05-27 23:42 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-10 19:52 . 2009-05-27 23:43 248320 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-04-10 19:51 . 2009-05-27 23:43 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-10 19:47 . 2009-05-27 23:43 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-10 19:46 . 2009-05-27 23:43 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-10 19:46 . 2009-05-27 23:43 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-10 19:46 . 2009-05-27 23:43 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-10 19:46 . 2009-05-27 23:42 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-10 19:46 . 2009-05-27 23:43 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-10 19:46 . 2009-05-27 23:42 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-10 19:45 . 2009-05-27 23:42 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-10 19:45 . 2009-05-27 23:43 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-10 19:45 . 2009-05-27 23:43 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-10 19:45 . 2009-05-27 23:43 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-10 19:45 . 2009-05-27 23:43 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-10 19:45 . 2009-05-27 23:42 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-10 19:43 . 2009-05-27 23:43 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-10 19:43 . 2009-05-27 23:42 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-10 19:43 . 2009-05-27 23:43 148992 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2009-04-10 19:43 . 2009-05-27 23:43 22528 ----a-w- c:\windows\system32\drivers\bthenum.sys
2009-04-10 19:43 . 2009-05-27 23:43 507904 ----a-w- c:\windows\system32\drivers\bthport.sys
2009-04-10 19:43 . 2009-05-27 23:43 29696 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2009-04-10 19:42 . 2009-05-27 23:42 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-10 19:42 . 2009-05-27 23:42 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-10 19:42 . 2009-05-27 23:42 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-10 19:42 . 2009-05-27 23:42 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-04-10 19:42 . 2009-05-27 23:42 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-10 19:42 . 2009-05-27 23:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-10 19:42 . 2009-05-27 23:42 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-10 19:42 . 2009-05-27 23:43 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-10 19:39 . 2009-05-27 23:42 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-10 19:39 . 2009-05-27 23:43 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-10 19:39 . 2009-05-27 23:43 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-10 19:38 . 2009-05-27 23:42 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-10 19:27 . 2009-05-27 23:43 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-10 19:24 . 2009-05-27 23:42 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-04-10 19:23 . 2009-05-27 23:43 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-10 19:23 . 2009-05-27 23:43 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-10 19:23 . 2009-05-27 23:43 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-10 19:22 . 2009-05-27 23:42 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-10 19:15 . 2009-05-27 23:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-10 19:15 . 2009-05-27 23:42 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-10 19:15 . 2009-05-27 23:42 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-10 19:14 . 2009-05-27 23:43 351744 ----a-w- c:\windows\system32\drivers\csc.sys
2009-04-10 19:14 . 2009-05-27 23:43 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-10 19:14 . 2009-05-27 23:43 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-10 19:14 . 2009-05-27 23:43 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-10 19:14 . 2009-05-27 23:43 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-10 19:14 . 2009-05-27 23:43 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-10 19:14 . 2009-05-27 23:43 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-10 19:14 . 2009-05-27 23:43 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-10 19:14 . 2009-05-27 23:42 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2009-04-10 19:13 . 2009-05-27 23:43 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2009-04-10 19:13 . 2009-05-27 23:43 142848 ----a-w- c:\windows\system32\drivers\fastfat.sys
2009-04-10 19:12 . 2009-05-27 23:43 617984 ----a-w- c:\windows\system32\adtschema.dll
2009-04-10 17:52 . 2009-05-27 23:42 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2009-04-10 16:59 . 2009-05-27 23:42 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-04-10 16:59 . 2009-05-27 23:42 107612 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2009-04-02 14:29 . 2009-04-02 14:29 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-29 19:42 . 2009-05-27 23:43 93512 ----a-w- c:\windows\system32\dfshim.dll
2009-03-29 19:42 . 2009-05-27 23:43 80720 ----a-w- c:\windows\system32\mscories.dll
2009-03-29 19:42 . 2009-05-27 23:43 278848 ----a-w- c:\windows\system32\mscoree.dll
2009-03-29 19:42 . 2009-05-27 23:43 155456 ----a-w- c:\windows\system32\mscorier.dll
2009-03-26 13:23 . 2009-03-26 13:23 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-26 13:23 . 2009-03-26 13:23 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-08 11:34 . 2009-05-26 08:08 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-26 08:08 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-26 08:08 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-26 08:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-10 21:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-05-07 1826816]

c:\users\Zarko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
desktop.exe [2008-12-19 228692]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cf,a9,b1,3f,27,df,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3421091432-1391080257-1961547046-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{57C92971-2986-4DBF-B2D6-DB0F1285B1CA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A1D713C3-0C8A-472F-A0B6-DB90D63EDA7E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4306053B-B32D-444B-97D1-19A09170A7EB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{16D0D73E-A47D-408A-ABDB-23B9319F31FA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25.5.2009 11:22 108289]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [2.11.2006 12:25 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [2.11.2006 12:25 251904]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [26.2.2007 14:03 2217416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
IE: &Preuzmi sa FlashGet-om - c:\program files\FlashGet\jc_link.htm
IE: &Preuzmi sve sa FlashGet-om - c:\program files\FlashGet\jc_all.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Zarko\AppData\Roaming\Mozilla\Firefox\Profiles\s4p2095y.default\
FF - prefs.js: browser.startup.homepage - www.google.rs
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 21:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-01 21:01
ComboFix-quarantined-files.txt 2009-06-01 19:01

Pre-Run: 3.570.413.568 bytes free
Post-Run: 3.555.860.480 bytes free

334 --- E O F --- 2009-05-28 23:37

Dopuna: 01 Jun 2009 22:19

ComboFix 09-05-31.06 - Zarko 01.06.2009 20:57.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.381.1033.18.3326.2217 [GMT 2:00]
Running from: c:\users\Zarko\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\win\lsass.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 19:00 . 2009-06-01 19:00 -------- d-----w- c:\users\Zarko\AppData\Local\temp
2009-06-01 13:33 . 2009-06-01 13:44 -------- d-----w- c:\users\Zarko\AppData\Roaming\Apple Computer
2009-06-01 13:33 . 2009-06-01 13:33 -------- d-----w- c:\users\Zarko\AppData\Local\Apple Computer
2009-06-01 13:32 . 2009-06-01 13:32 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-01 13:32 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-01 13:32 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\iPod
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\iTunes
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\Bonjour
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\QuickTime
2009-06-01 13:31 . 2009-06-01 13:32 -------- d-----w- c:\programdata\Apple Computer
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\users\Zarko\AppData\Local\Apple
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\program files\Apple Software Update
2009-06-01 13:31 . 2009-06-01 13:32 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\programdata\Apple
2009-05-31 17:43 . 2008-12-19 13:35 228692 ----a-w- c:\users\Zarko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe
2009-05-31 17:43 . 2009-06-01 18:57 -------- d-sh--r- C:\Win
2009-05-29 12:11 . 2009-05-29 12:11 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-05-29 12:11 . 2009-05-29 12:11 -------- d-----w- c:\program files\Acronis
2009-05-29 12:11 . 2009-05-29 12:11 -------- d-----w- c:\program files\Common Files\Acronis
2009-05-29 11:10 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-05-29 11:09 . 2009-05-29 11:09 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-29 11:09 . 2009-05-29 11:09 -------- d-----w- c:\program files\Microsoft.NET
2009-05-28 23:46 . 2009-05-28 23:47 -------- d-----w- c:\users\Zarko\AppData\Local\Microsoft Games
2009-05-28 23:46 . 2009-05-28 23:46 -------- d-----w- c:\users\Zarko\AppData\Local\Scansoft
2009-05-28 23:36 . 2007-07-19 23:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2009-05-28 23:36 . 2009-05-28 23:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-28 23:36 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-05-28 22:12 . 2009-05-28 22:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-28 19:47 . 2009-05-28 19:47 -------- d-----w- c:\program files\Common Files\ABBYY
2009-05-28 19:45 . 2009-05-28 19:49 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2009-05-28 19:42 . 2008-05-16 03:51 -------- d-----w- C:\FR90PE_VOL
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\programdata\InstallShield
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\users\Zarko\AppData\Roaming\ScanSoft
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\programdata\ScanSoft
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-05-28 11:03 . 2009-05-28 11:03 -------- d-----w- c:\program files\ScanSoft
2009-05-27 23:54 . 2009-05-27 23:55 -------- d-----w- c:\windows\system32\ca-ES
2009-05-27 23:54 . 2009-05-27 23:54 -------- d-----w- c:\windows\system32\eu-ES
2009-05-27 23:54 . 2009-05-27 23:54 -------- d-----w- c:\windows\system32\vi-VN
2009-05-27 23:52 . 2009-05-27 23:52 -------- d-----w- c:\windows\system32\SPReview
2009-05-27 23:44 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-05-27 23:42 . 2009-04-10 21:28 469504 ----a-w- c:\windows\system32\newdev.dll
2009-05-27 23:40 . 2009-05-27 23:40 -------- d-----w- c:\windows\system32\EventProviders
2009-05-27 20:10 . 2009-05-28 22:13 -------- d-----w- c:\users\Zarko\AppData\Local\Adobe
2009-05-27 20:06 . 2009-05-27 20:06 -------- d-----w- c:\users\Zarko\AppData\Roaming\ABBYY
2009-05-27 19:12 . 2009-05-27 19:12 -------- d-----w- c:\users\Zarko\AppData\Local\Apps
2009-05-27 19:04 . 2009-05-28 19:45 -------- d-----w- c:\users\Zarko\AppData\Local\ABBYY
2009-05-27 19:04 . 2009-05-27 20:07 -------- d-----w- c:\programdata\ABBYY
2009-05-27 19:01 . 2009-05-27 19:02 -------- d-----w- c:\temp\FR90PE
2009-05-27 19:01 . 2009-05-27 19:01 -------- d-----w- C:\temp
2009-05-27 17:24 . 2009-05-27 23:40 -------- d-----w- C:\Downloads
2009-05-27 17:24 . 2009-05-27 17:24 -------- d-----w- c:\users\Zarko\AppData\Roaming\FlashGet
2009-05-27 17:23 . 2009-05-27 17:24 -------- d-----w- c:\program files\FlashGet
2009-05-27 17:20 . 2009-05-27 17:20 -------- d-----w- c:\users\Zarko\AppData\Roaming\Ahead
2009-05-27 17:14 . 2009-05-27 17:16 -------- d-----w- c:\users\Zarko\AppData\Roaming\Canon
2009-05-26 08:55 . 2009-05-26 08:19 4152184 ----a-w- c:\windows\system32\wgaer_m.exe
2009-05-26 02:57 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-05-26 02:54 . 2009-05-26 02:54 -------- d-----w- c:\program files\MSXML 4.0
2009-05-26 00:57 . 2008-02-29 06:35 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-05-26 00:26 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-05-26 00:26 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-05-26 00:26 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-26 00:26 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-05-26 00:26 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-26 00:26 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-26 00:26 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-05-26 00:26 . 2008-10-16 12:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-05-26 00:26 . 2008-10-16 11:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-05-25 23:43 . 2009-05-25 23:43 -------- d-----w- c:\users\Zarko\AppData\Local\BuildAGadget Content
2009-05-25 23:41 . 2009-05-27 17:20 -------- d-----w- c:\users\Zarko\AppData\Local\Ahead
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\programdata\Nero
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\program files\Nero
2009-05-25 23:38 . 2009-06-01 17:19 -------- d-----w- c:\users\Zarko\Tracing
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Microsoft
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Windows Live
2009-05-25 23:15 . 2009-05-25 23:15 -------- d-----w- C:\PerfLogs
2009-05-25 22:49 . 2008-01-18 21:33 193024 ----a-w- c:\windows\system32\recdisc.exe
2009-05-25 22:49 . 2008-01-18 21:36 6656 ----a-w- c:\windows\system32\sdspres.dll
2009-05-25 22:49 . 2008-01-18 21:36 28160 ----a-w- c:\windows\system32\sxproxy.dll
2009-05-25 22:47 . 2008-01-18 21:33 88064 ----a-w- c:\windows\system32\wiaacmgr.exe
2009-05-25 22:30 . 2009-05-25 22:30 -------- d-----w- c:\users\Zarko\AppData\Local\Microsoft Help
2009-05-25 22:30 . 2009-05-27 21:50 -------- d-----w- c:\programdata\Microsoft Help
2009-05-25 21:36 . 2009-05-25 21:36 -------- d-----w- c:\windows\PCHEALTH
2009-05-25 18:57 . 2009-05-25 09:02 -------- d-----w- c:\windows\Panther
2009-05-25 18:56 . 2009-05-28 00:00 -------- d-sh--w- C:\Boot
2009-05-25 16:47 . 2009-05-25 16:47 -------- d-----w- c:\users\Zarko\AppData\Roaming\Media Player Classic
2009-05-25 16:20 . 2009-05-25 16:20 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-25 16:16 . 2009-05-25 16:16 -------- d-----w- c:\program files\Canon
2009-05-25 16:15 . 2005-02-28 11:20 57344 ----a-w- c:\windows\system32\CNQU110.DLL
2009-05-25 16:14 . 2009-05-25 16:14 -------- d--h--w- C:\CanoScan
2009-05-25 16:14 . 2005-06-23 20:17 352256 ----a-w- c:\windows\system32\CNQL1213.DLL
2009-05-25 16:08 . 2009-05-25 16:08 -------- d-----w- c:\program files\CCleaner
2009-05-25 16:08 . 2009-05-25 16:08 -------- d-----w- c:\program files\Defraggler
2009-05-25 16:05 . 2009-05-25 16:05 -------- d-----w- c:\users\Zarko\AppData\Local\Mozilla
2009-05-25 16:05 . 2009-05-25 16:05 -------- d-----w- c:\windows\system32\Macromed
2009-05-25 16:04 . 2009-05-25 16:04 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-25 16:04 . 2009-05-25 16:04 -------- d-----w- c:\program files\Java
2009-05-25 16:02 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-25 16:02 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-25 16:02 . 2009-05-25 16:02 -------- d-----w- c:\program files\Real Alternative
2009-05-25 16:02 . 2009-05-25 16:02 -------- d-----w- c:\users\Zarko\AppData\Local\Real
2009-05-25 16:01 . 2009-05-25 16:01 0 ----a-w- c:\windows\nsreg.dat
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\users\Zarko\AppData\Local\Thunderbird
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\users\Zarko\AppData\Roaming\Thunderbird
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-25 15:57 . 2009-05-25 15:57 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-25 15:57 . 2009-05-27 14:08 -------- d-----w- c:\users\Zarko\AppData\Roaming\Winamp
2009-05-25 15:57 . 2009-05-25 15:58 -------- d-----w- c:\program files\Winamp
2009-05-25 15:55 . 2009-05-25 15:55 -------- d-----w- c:\programdata\NVIDIA
2009-05-25 15:42 . 2007-07-23 01:41 753664 ----a-w- c:\windows\system32\nvcplui.exe
2009-05-25 15:42 . 2007-07-23 01:41 307200 ----a-w- c:\windows\system32\nvexpbar.dll
2009-05-25 15:42 . 2007-07-23 01:41 1073152 ----a-w- c:\windows\system32\nvcpluir.dll
2009-05-25 15:41 . 2007-07-23 01:41 356352 ----a-w- c:\windows\system32\nvuninst.exe
2009-05-25 15:41 . 2007-07-23 01:41 356352 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-25 15:40 . 2009-05-25 16:21 -------- d-----w- c:\windows\UI
2009-05-25 15:39 . 2007-06-26 06:56 2173480 ----a-w- c:\windows\TBPanel.exe
2009-05-25 15:39 . 2007-03-16 02:11 12256 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2009-05-25 15:39 . 2007-01-31 02:56 32768 ----a-w- c:\windows\TBPanelExt.dll
2009-05-25 15:39 . 2004-07-17 15:48 36864 ----a-w- c:\windows\GWLib.dll
2009-05-25 15:39 . 1998-11-17 23:27 26624 ----a-w- c:\windows\TBZoom.exe
2009-05-25 15:39 . 1998-10-31 02:55 5120 ----a-w- c:\windows\TBManage.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 12:19 . 2009-06-01 12:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-05-29 11:15 . 2009-05-25 09:11 74696 ----a-w- c:\users\Zarko\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-28 23:36 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-05-27 23:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-05-27 23:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-26 17:20 . 2009-05-26 17:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-25 23:06 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-25 23:06 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-25 16:03 . 2009-05-25 16:03 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-25 15:36 . 2009-05-25 09:11 680 ----a-w- c:\users\Zarko\AppData\Local\d3d9caps.dat
2009-05-25 15:34 . 2009-05-25 15:34 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-04-10 21:33 . 2009-05-27 23:42 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-10 21:33 . 2009-05-27 23:42 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-10 21:33 . 2009-05-27 23:43 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-10 21:33 . 2009-05-27 23:42 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-10 21:33 . 2009-05-27 23:42 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-10 21:28 . 2009-05-27 23:42 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-10 21:27 . 2009-05-27 23:43 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-04-10 21:22 . 2009-05-27 23:43 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-10 21:21 . 2009-05-27 23:43 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-10 20:42 . 2009-05-27 23:43 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-10 20:03 . 2009-05-27 23:43 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-10 20:03 . 2009-05-27 23:43 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 19:57 . 2009-05-27 23:42 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-10 19:55 . 2009-05-27 23:42 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-10 19:52 . 2009-05-27 23:43 248320 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-04-10 19:51 . 2009-05-27 23:43 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-10 19:47 . 2009-05-27 23:43 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-10 19:46 . 2009-05-27 23:43 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-10 19:46 . 2009-05-27 23:43 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-10 19:46 . 2009-05-27 23:43 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-10 19:46 . 2009-05-27 23:42 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-10 19:46 . 2009-05-27 23:43 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-10 19:46 . 2009-05-27 23:42 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-10 19:45 . 2009-05-27 23:42 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-10 19:45 . 2009-05-27 23:43 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-10 19:45 . 2009-05-27 23:43 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-10 19:45 . 2009-05-27 23:43 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-10 19:45 . 2009-05-27 23:43 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-10 19:45 . 2009-05-27 23:42 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-10 19:43 . 2009-05-27 23:43 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-10 19:43 . 2009-05-27 23:42 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-10 19:43 . 2009-05-27 23:43 148992 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2009-04-10 19:43 . 2009-05-27 23:43 22528 ----a-w- c:\windows\system32\drivers\bthenum.sys
2009-04-10 19:43 . 2009-05-27 23:43 507904 ----a-w- c:\windows\system32\drivers\bthport.sys
2009-04-10 19:43 . 2009-05-27 23:43 29696 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2009-04-10 19:42 . 2009-05-27 23:42 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-10 19:42 . 2009-05-27 23:42 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-10 19:42 . 2009-05-27 23:42 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-10 19:42 . 2009-05-27 23:42 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-04-10 19:42 . 2009-05-27 23:42 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-10 19:42 . 2009-05-27 23:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-10 19:42 . 2009-05-27 23:42 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-10 19:42 . 2009-05-27 23:43 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-10 19:39 . 2009-05-27 23:42 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-10 19:39 . 2009-05-27 23:43 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-10 19:39 . 2009-05-27 23:43 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-10 19:38 . 2009-05-27 23:42 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-10 19:27 . 2009-05-27 23:43 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-10 19:24 . 2009-05-27 23:42 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-04-10 19:23 . 2009-05-27 23:43 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-10 19:23 . 2009-05-27 23:43 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-10 19:23 . 2009-05-27 23:43 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-10 19:22 . 2009-05-27 23:42 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-10 19:15 . 2009-05-27 23:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-10 19:15 . 2009-05-27 23:42 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-10 19:15 . 2009-05-27 23:42 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-10 19:14 . 2009-05-27 23:43 351744 ----a-w- c:\windows\system32\drivers\csc.sys
2009-04-10 19:14 . 2009-05-27 23:43 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-10 19:14 . 2009-05-27 23:43 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-10 19:14 . 2009-05-27 23:43 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-10 19:14 . 2009-05-27 23:43 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-10 19:14 . 2009-05-27 23:43 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-10 19:14 . 2009-05-27 23:43 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-10 19:14 . 2009-05-27 23:43 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-10 19:14 . 2009-05-27 23:42 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2009-04-10 19:13 . 2009-05-27 23:43 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2009-04-10 19:13 . 2009-05-27 23:43 142848 ----a-w- c:\windows\system32\drivers\fastfat.sys
2009-04-10 19:12 . 2009-05-27 23:43 617984 ----a-w- c:\windows\system32\adtschema.dll
2009-04-10 17:52 . 2009-05-27 23:42 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2009-04-10 16:59 . 2009-05-27 23:42 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-04-10 16:59 . 2009-05-27 23:42 107612 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2009-04-02 14:29 . 2009-04-02 14:29 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-29 19:42 . 2009-05-27 23:43 93512 ----a-w- c:\windows\system32\dfshim.dll
2009-03-29 19:42 . 2009-05-27 23:43 80720 ----a-w- c:\windows\system32\mscories.dll
2009-03-29 19:42 . 2009-05-27 23:43 278848 ----a-w- c:\windows\system32\mscoree.dll
2009-03-29 19:42 . 2009-05-27 23:43 155456 ----a-w- c:\windows\system32\mscorier.dll
2009-03-26 13:23 . 2009-03-26 13:23 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-26 13:23 . 2009-03-26 13:23 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-08 11:34 . 2009-05-26 08:08 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-26 08:08 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-26 08:08 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-26 08:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-10 21:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-05-07 1826816]

c:\users\Zarko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
desktop.exe [2008-12-19 228692]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cf,a9,b1,3f,27,df,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3421091432-1391080257-1961547046-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{57C92971-2986-4DBF-B2D6-DB0F1285B1CA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A1D713C3-0C8A-472F-A0B6-DB90D63EDA7E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4306053B-B32D-444B-97D1-19A09170A7EB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{16D0D73E-A47D-408A-ABDB-23B9319F31FA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25.5.2009 11:22 108289]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [2.11.2006 12:25 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [2.11.2006 12:25 251904]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [26.2.2007 14:03 2217416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
IE: &Preuzmi sa FlashGet-om - c:\program files\FlashGet\jc_link.htm
IE: &Preuzmi sve sa FlashGet-om - c:\program files\FlashGet\jc_all.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Zarko\AppData\Roaming\Mozilla\Firefox\Profiles\s4p2095y.default\
FF - prefs.js: browser.startup.homepage - www.google.rs
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 21:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-01 21:01
ComboFix-quarantined-files.txt 2009-06-01 19:01

Pre-Run: 3.570.413.568 bytes free
Post-Run: 3.555.860.480 bytes free

334 --- E O F --- 2009-05-28 23:37

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\users\Zarko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe

Folder::
C:\Win


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-05-31.06 - Zarko 02.06.2009 11:31.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.381.1033.18.3326.2128 [GMT 2:00]
Running from: c:\users\Zarko\Desktop\ComboFix.exe
Command switches used :: c:\users\Zarko\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\users\Zarko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Zarko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe
C:\Win
c:\win\1.exe
c:\win\desktop.exe
c:\win\lsass.exe
c:\win\names.txt

.
((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
.

2009-06-02 09:33 . 2009-06-02 09:33 -------- d-----w- c:\users\Zarko\AppData\Local\temp
2009-06-01 13:33 . 2009-06-01 13:44 -------- d-----w- c:\users\Zarko\AppData\Roaming\Apple Computer
2009-06-01 13:33 . 2009-06-01 13:33 -------- d-----w- c:\users\Zarko\AppData\Local\Apple Computer
2009-06-01 13:32 . 2009-06-01 13:32 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-01 13:32 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-01 13:32 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\iPod
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\iTunes
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\Bonjour
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\QuickTime
2009-06-01 13:31 . 2009-06-01 13:32 -------- d-----w- c:\programdata\Apple Computer
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\users\Zarko\AppData\Local\Apple
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\program files\Apple Software Update
2009-06-01 13:31 . 2009-06-01 13:32 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\programdata\Apple
2009-05-29 12:11 . 2009-05-29 12:11 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-05-29 12:11 . 2009-05-29 12:11 -------- d-----w- c:\program files\Acronis
2009-05-29 12:11 . 2009-05-29 12:11 -------- d-----w- c:\program files\Common Files\Acronis
2009-05-29 11:10 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-05-29 11:09 . 2009-05-29 11:09 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-29 11:09 . 2009-05-29 11:09 -------- d-----w- c:\program files\Microsoft.NET
2009-05-28 23:46 . 2009-05-28 23:47 -------- d-----w- c:\users\Zarko\AppData\Local\Microsoft Games
2009-05-28 23:46 . 2009-05-28 23:46 -------- d-----w- c:\users\Zarko\AppData\Local\Scansoft
2009-05-28 23:36 . 2007-07-19 23:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2009-05-28 23:36 . 2009-05-28 23:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-28 23:36 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-05-28 22:12 . 2009-05-28 22:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-28 19:47 . 2009-05-28 19:47 -------- d-----w- c:\program files\Common Files\ABBYY
2009-05-28 19:45 . 2009-05-28 19:49 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2009-05-28 19:42 . 2008-05-16 03:51 -------- d-----w- C:\FR90PE_VOL
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\programdata\InstallShield
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\users\Zarko\AppData\Roaming\ScanSoft
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\programdata\ScanSoft
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-05-28 11:03 . 2009-05-28 11:03 -------- d-----w- c:\program files\ScanSoft
2009-05-27 23:54 . 2009-05-27 23:55 -------- d-----w- c:\windows\system32\ca-ES
2009-05-27 23:54 . 2009-05-27 23:54 -------- d-----w- c:\windows\system32\eu-ES
2009-05-27 23:54 . 2009-05-27 23:54 -------- d-----w- c:\windows\system32\vi-VN
2009-05-27 23:52 . 2009-05-27 23:52 -------- d-----w- c:\windows\system32\SPReview
2009-05-27 23:44 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-05-27 23:42 . 2009-04-10 21:28 469504 ----a-w- c:\windows\system32\newdev.dll
2009-05-27 23:40 . 2009-05-27 23:40 -------- d-----w- c:\windows\system32\EventProviders
2009-05-27 20:10 . 2009-05-28 22:13 -------- d-----w- c:\users\Zarko\AppData\Local\Adobe
2009-05-27 20:06 . 2009-05-27 20:06 -------- d-----w- c:\users\Zarko\AppData\Roaming\ABBYY
2009-05-27 19:12 . 2009-05-27 19:12 -------- d-----w- c:\users\Zarko\AppData\Local\Apps
2009-05-27 19:04 . 2009-05-28 19:45 -------- d-----w- c:\users\Zarko\AppData\Local\ABBYY
2009-05-27 19:04 . 2009-05-27 20:07 -------- d-----w- c:\programdata\ABBYY
2009-05-27 19:01 . 2009-05-27 19:02 -------- d-----w- c:\temp\FR90PE
2009-05-27 19:01 . 2009-05-27 19:01 -------- d-----w- C:\temp
2009-05-27 17:24 . 2009-05-27 23:40 -------- d-----w- C:\Downloads
2009-05-27 17:24 . 2009-05-27 17:24 -------- d-----w- c:\users\Zarko\AppData\Roaming\FlashGet
2009-05-27 17:23 . 2009-05-27 17:24 -------- d-----w- c:\program files\FlashGet
2009-05-27 17:20 . 2009-05-27 17:20 -------- d-----w- c:\users\Zarko\AppData\Roaming\Ahead
2009-05-27 17:14 . 2009-05-27 17:16 -------- d-----w- c:\users\Zarko\AppData\Roaming\Canon
2009-05-26 08:55 . 2009-05-26 08:19 4152184 ----a-w- c:\windows\system32\wgaer_m.exe
2009-05-26 02:57 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-05-26 02:54 . 2009-05-26 02:54 -------- d-----w- c:\program files\MSXML 4.0
2009-05-26 00:57 . 2008-02-29 06:35 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-05-26 00:26 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-05-26 00:26 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-05-26 00:26 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-26 00:26 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-05-26 00:26 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-26 00:26 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-26 00:26 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-05-26 00:26 . 2008-10-16 12:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-05-26 00:26 . 2008-10-16 11:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-05-25 23:43 . 2009-05-25 23:43 -------- d-----w- c:\users\Zarko\AppData\Local\BuildAGadget Content
2009-05-25 23:41 . 2009-05-27 17:20 -------- d-----w- c:\users\Zarko\AppData\Local\Ahead
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\programdata\Nero
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\program files\Nero
2009-05-25 23:38 . 2009-06-02 06:26 -------- d-----w- c:\users\Zarko\Tracing
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Microsoft
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Windows Live
2009-05-25 23:15 . 2009-05-25 23:15 -------- d-----w- C:\PerfLogs
2009-05-25 22:49 . 2008-01-18 21:33 193024 ----a-w- c:\windows\system32\recdisc.exe
2009-05-25 22:49 . 2008-01-18 21:36 6656 ----a-w- c:\windows\system32\sdspres.dll
2009-05-25 22:49 . 2008-01-18 21:36 28160 ----a-w- c:\windows\system32\sxproxy.dll
2009-05-25 22:47 . 2008-01-18 21:33 88064 ----a-w- c:\windows\system32\wiaacmgr.exe
2009-05-25 22:30 . 2009-05-25 22:30 -------- d-----w- c:\users\Zarko\AppData\Local\Microsoft Help
2009-05-25 22:30 . 2009-05-27 21:50 -------- d-----w- c:\programdata\Microsoft Help
2009-05-25 21:36 . 2009-05-25 21:36 -------- d-----w- c:\windows\PCHEALTH
2009-05-25 18:57 . 2009-05-25 09:02 -------- d-----w- c:\windows\Panther
2009-05-25 18:56 . 2009-05-28 00:00 -------- d-sh--w- C:\Boot
2009-05-25 16:47 . 2009-05-25 16:47 -------- d-----w- c:\users\Zarko\AppData\Roaming\Media Player Classic
2009-05-25 16:20 . 2009-05-25 16:20 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-25 16:16 . 2009-05-25 16:16 -------- d-----w- c:\program files\Canon
2009-05-25 16:15 . 2005-02-28 11:20 57344 ----a-w- c:\windows\system32\CNQU110.DLL
2009-05-25 16:14 . 2009-05-25 16:14 -------- d--h--w- C:\CanoScan
2009-05-25 16:14 . 2005-06-23 20:17 352256 ----a-w- c:\windows\system32\CNQL1213.DLL
2009-05-25 16:08 . 2009-05-25 16:08 -------- d-----w- c:\program files\CCleaner
2009-05-25 16:08 . 2009-05-25 16:08 -------- d-----w- c:\program files\Defraggler
2009-05-25 16:05 . 2009-05-25 16:05 -------- d-----w- c:\users\Zarko\AppData\Local\Mozilla
2009-05-25 16:05 . 2009-05-25 16:05 -------- d-----w- c:\windows\system32\Macromed
2009-05-25 16:04 . 2009-05-25 16:04 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-25 16:04 . 2009-05-25 16:04 -------- d-----w- c:\program files\Java
2009-05-25 16:02 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-25 16:02 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-25 16:02 . 2009-05-25 16:02 -------- d-----w- c:\program files\Real Alternative
2009-05-25 16:02 . 2009-05-25 16:02 -------- d-----w- c:\users\Zarko\AppData\Local\Real
2009-05-25 16:01 . 2009-05-25 16:01 0 ----a-w- c:\windows\nsreg.dat
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\users\Zarko\AppData\Local\Thunderbird
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\users\Zarko\AppData\Roaming\Thunderbird
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-25 15:57 . 2009-05-25 15:57 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-25 15:57 . 2009-05-27 14:08 -------- d-----w- c:\users\Zarko\AppData\Roaming\Winamp
2009-05-25 15:57 . 2009-05-25 15:58 -------- d-----w- c:\program files\Winamp
2009-05-25 15:55 . 2009-05-25 15:55 -------- d-----w- c:\programdata\NVIDIA
2009-05-25 15:42 . 2007-07-23 01:41 753664 ----a-w- c:\windows\system32\nvcplui.exe
2009-05-25 15:42 . 2007-07-23 01:41 307200 ----a-w- c:\windows\system32\nvexpbar.dll
2009-05-25 15:42 . 2007-07-23 01:41 1073152 ----a-w- c:\windows\system32\nvcpluir.dll
2009-05-25 15:41 . 2007-07-23 01:41 356352 ----a-w- c:\windows\system32\nvuninst.exe
2009-05-25 15:41 . 2007-07-23 01:41 356352 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-25 15:40 . 2009-05-25 16:21 -------- d-----w- c:\windows\UI
2009-05-25 15:39 . 2007-06-26 06:56 2173480 ----a-w- c:\windows\TBPanel.exe
2009-05-25 15:39 . 2007-03-16 02:11 12256 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2009-05-25 15:39 . 2007-01-31 02:56 32768 ----a-w- c:\windows\TBPanelExt.dll
2009-05-25 15:39 . 2004-07-17 15:48 36864 ----a-w- c:\windows\GWLib.dll
2009-05-25 15:39 . 1998-11-17 23:27 26624 ----a-w- c:\windows\TBZoom.exe
2009-05-25 15:39 . 1998-10-31 02:55 5120 ----a-w- c:\windows\TBManage.dll
2009-05-25 15:39 . 1997-07-15 02:00 33280 ----a-w- c:\windows\DXTool.exe
2009-05-25 15:33 . 2009-05-25 15:33 315392 ----a-w- c:\windows\HideWin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 12:19 . 2009-06-01 12:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-05-29 11:15 . 2009-05-25 09:11 74696 ----a-w- c:\users\Zarko\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-28 23:36 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-05-27 23:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-05-27 23:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-26 17:20 . 2009-05-26 17:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-25 23:06 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-25 23:06 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-25 16:03 . 2009-05-25 16:03 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-25 15:36 . 2009-05-25 09:11 680 ----a-w- c:\users\Zarko\AppData\Local\d3d9caps.dat
2009-05-25 15:34 . 2009-05-25 15:34 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-04-10 21:33 . 2009-05-27 23:42 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-10 21:33 . 2009-05-27 23:42 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-10 21:33 . 2009-05-27 23:43 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-10 21:33 . 2009-05-27 23:42 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-10 21:33 . 2009-05-27 23:42 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-10 21:28 . 2009-05-27 23:42 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-10 21:27 . 2009-05-27 23:43 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-04-10 21:22 . 2009-05-27 23:43 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-10 21:21 . 2009-05-27 23:43 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-10 20:42 . 2009-05-27 23:43 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-10 20:03 . 2009-05-27 23:43 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-10 20:03 . 2009-05-27 23:43 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 19:57 . 2009-05-27 23:42 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-10 19:55 . 2009-05-27 23:42 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-10 19:52 . 2009-05-27 23:43 248320 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-04-10 19:51 . 2009-05-27 23:43 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-10 19:47 . 2009-05-27 23:43 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-10 19:46 . 2009-05-27 23:43 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-10 19:46 . 2009-05-27 23:43 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-10 19:46 . 2009-05-27 23:43 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-10 19:46 . 2009-05-27 23:42 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-10 19:46 . 2009-05-27 23:43 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-10 19:46 . 2009-05-27 23:42 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-10 19:45 . 2009-05-27 23:42 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-10 19:45 . 2009-05-27 23:43 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-10 19:45 . 2009-05-27 23:43 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-10 19:45 . 2009-05-27 23:43 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-10 19:45 . 2009-05-27 23:43 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-10 19:45 . 2009-05-27 23:42 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-10 19:43 . 2009-05-27 23:43 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-10 19:43 . 2009-05-27 23:42 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-10 19:43 . 2009-05-27 23:43 148992 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2009-04-10 19:43 . 2009-05-27 23:43 22528 ----a-w- c:\windows\system32\drivers\bthenum.sys
2009-04-10 19:43 . 2009-05-27 23:43 507904 ----a-w- c:\windows\system32\drivers\bthport.sys
2009-04-10 19:43 . 2009-05-27 23:43 29696 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2009-04-10 19:42 . 2009-05-27 23:42 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-10 19:42 . 2009-05-27 23:42 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-10 19:42 . 2009-05-27 23:42 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-10 19:42 . 2009-05-27 23:42 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-04-10 19:42 . 2009-05-27 23:42 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-10 19:42 . 2009-05-27 23:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-10 19:42 . 2009-05-27 23:42 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-10 19:42 . 2009-05-27 23:43 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-10 19:39 . 2009-05-27 23:42 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-10 19:39 . 2009-05-27 23:43 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-10 19:39 . 2009-05-27 23:43 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-10 19:38 . 2009-05-27 23:42 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-10 19:27 . 2009-05-27 23:43 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-10 19:24 . 2009-05-27 23:42 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-04-10 19:23 . 2009-05-27 23:43 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-10 19:23 . 2009-05-27 23:43 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-10 19:23 . 2009-05-27 23:43 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-10 19:22 . 2009-05-27 23:42 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-10 19:15 . 2009-05-27 23:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-10 19:15 . 2009-05-27 23:42 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-10 19:15 . 2009-05-27 23:42 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-10 19:14 . 2009-05-27 23:43 351744 ----a-w- c:\windows\system32\drivers\csc.sys
2009-04-10 19:14 . 2009-05-27 23:43 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-10 19:14 . 2009-05-27 23:43 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-10 19:14 . 2009-05-27 23:43 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-10 19:14 . 2009-05-27 23:43 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-10 19:14 . 2009-05-27 23:43 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-10 19:14 . 2009-05-27 23:43 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-10 19:14 . 2009-05-27 23:43 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-10 19:14 . 2009-05-27 23:42 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2009-04-10 19:13 . 2009-05-27 23:43 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2009-04-10 19:13 . 2009-05-27 23:43 142848 ----a-w- c:\windows\system32\drivers\fastfat.sys
2009-04-10 19:12 . 2009-05-27 23:43 617984 ----a-w- c:\windows\system32\adtschema.dll
2009-04-10 17:52 . 2009-05-27 23:42 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2009-04-10 16:59 . 2009-05-27 23:42 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-04-10 16:59 . 2009-05-27 23:42 107612 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2009-04-02 14:29 . 2009-04-02 14:29 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-29 19:42 . 2009-05-27 23:43 93512 ----a-w- c:\windows\system32\dfshim.dll
2009-03-29 19:42 . 2009-05-27 23:43 80720 ----a-w- c:\windows\system32\mscories.dll
2009-03-29 19:42 . 2009-05-27 23:43 278848 ----a-w- c:\windows\system32\mscoree.dll
2009-03-29 19:42 . 2009-05-27 23:43 155456 ----a-w- c:\windows\system32\mscorier.dll
2009-03-26 13:23 . 2009-03-26 13:23 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-26 13:23 . 2009-03-26 13:23 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-08 11:34 . 2009-05-26 08:08 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-26 08:08 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-26 08:08 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-26 08:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-01_19.00.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:03 . 2009-06-02 06:27 43432 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-05-25 09:12 . 2009-06-01 17:20 4924 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3421091432-1391080257-1961547046-1000_UserData.bin
+ 2009-05-25 09:12 . 2009-06-02 06:27 4924 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3421091432-1391080257-1961547046-1000_UserData.bin
- 2009-06-01 17:09 . 2009-06-01 17:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-01 17:09 . 2009-06-02 06:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-01 17:09 . 2009-06-01 17:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-01 17:09 . 2009-06-02 06:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-06-02 08:59 586980 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-01 18:31 586980 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-01 18:31 101052 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-02 08:59 101052 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-10 21:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-05-07 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cf,a9,b1,3f,27,df,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3421091432-1391080257-1961547046-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{57C92971-2986-4DBF-B2D6-DB0F1285B1CA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A1D713C3-0C8A-472F-A0B6-DB90D63EDA7E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4306053B-B32D-444B-97D1-19A09170A7EB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{16D0D73E-A47D-408A-ABDB-23B9319F31FA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25.5.2009 11:22 108289]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [2.11.2006 12:25 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [2.11.2006 12:25 251904]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [26.2.2007 14:03 2217416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
.
------- Supplementary Scan -------
.
IE: &Preuzmi sa FlashGet-om - c:\program files\FlashGet\jc_link.htm
IE: &Preuzmi sve sa FlashGet-om - c:\program files\FlashGet\jc_all.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {62DEC95B-3E84-46DF-943D-B571E15D2E11} = 62.240.12.1 62.240.12.2
FF - ProfilePath - c:\users\Zarko\AppData\Roaming\Mozilla\Firefox\Profiles\s4p2095y.default\
FF - prefs.js: browser.startup.homepage - www.google.rs
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-02 11:33
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-02 11:35
ComboFix-quarantined-files.txt 2009-06-02 09:34
ComboFix2.txt 2009-06-01 19:01

Pre-Run: 3.551.592.448 bytes free
Post-Run: 3.527.180.288 bytes free

354 --- E O F --- 2009-05-28 23:37

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Tell me some good news

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Well, what should I say, thx, bro, it worked

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok.. to bi bilo to


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.


PoZzz

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

All done, clean
Duboko hvala