Zarazen Malwarom

Zarazen Malwarom

offline
  • Duško Ljepić
  • Pridružio: 19 Jul 2008
  • Poruke: 221
  • Gde živiš: Apatin

Zarazio sam se Malware-om preko nekoga flasha i avast mi stalno izbacuje da je virus pronađen ali ga nemoze obrisati.Skinuo sam ovaj DDS program ali mi neradi izbaci ovako kao sto je na slici 1.Pa sam ove reporte uradio sa GMER i OTL jer mi OTL radi ali mi sistem nije 64 bitni, i da li u moci spastiti slike koje su zarazene malwarom?





OTL logfile created on: 26.10.2009 8:01:29 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\Dusko\Desktop\Downloads\MUZIKA THE BEST
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 0000081a | Country: Srbija | Language: SRL | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 6,89 Gb Free Space | 8,82% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 15,11 Gb Free Space | 7,74% Space Free | Partition Type: NTFS
Drive E: | 192,31 Gb Total Space | 16,55 Gb Free Space | 8,61% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC1
Current User Name: Dusko
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.10.26 08:01:16 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Dusko\Desktop\Downloads\MUZIKA THE BEST\OTL.exe
PRC - [2009.10.25 20:07:44 | 00,552,103 | ---- | M] () -- C:\Win\lsass.exe
PRC - [2009.10.03 12:51:12 | 00,289,072 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009.09.19 15:16:50 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2009.09.17 13:31:53 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.08.17 17:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.08.17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.08.17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.08.17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.08.17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.08.05 17:29:56 | 07,703,072 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.08.04 08:54:42 | 01,719,568 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe
PRC - [2009.07.26 15:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.07.20 10:51:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.07.14 12:29:06 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009.07.14 11:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.07.13 22:18:12 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009.07.06 13:30:18 | 00,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe
PRC - [2009.06.25 14:12:42 | 01,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009.06.02 09:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009.05.28 12:45:00 | 00,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009.05.12 14:43:36 | 02,181,672 | ---- | M] (Gainward Co.) -- C:\Program Files\EXPERTool\TBPANEL.exe
PRC - [2009.04.23 14:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2009.04.11 07:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009.04.11 07:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009.04.11 07:27:28 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.30 09:11:14 | 00,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.01.21 13:19:54 | 00,092,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008.03.25 16:21:56 | 00,219,656 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\GUI.exe
PRC - [2008.02.18 13:36:24 | 01,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2008.02.18 13:36:14 | 01,553,704 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2008.02.18 13:36:04 | 01,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2008.01.24 11:36:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008.01.24 11:32:28 | 02,289,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008.01.21 03:23:48 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:23:48 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007.07.11 15:09:48 | 00,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
PRC - [2007.05.10 12:18:26 | 00,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe
PRC - [2007.04.21 08:37:02 | 00,270,336 | ---- | M] () -- C:\Windows\tsnpstd3.exe
PRC - [2007.03.19 13:54:32 | 00,225,792 | ---- | M] () -- C:\Users\Dusko\Desktop\ReConnect.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (NeroRegInCDSrv [Auto | Stopped])
SRV - [2009.09.19 15:16:50 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc [Auto | Running])
SRV - [2009.09.19 15:16:46 | 00,361,288 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
SRV - [2009.08.17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009.08.17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009.08.17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2009.08.17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009.07.20 10:51:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0 [Auto | Running])
SRV - [2009.07.15 10:48:20 | 00,029,000 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp [Auto | Running])
SRV - [2009.07.14 12:29:06 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2009.07.14 11:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service [Auto | Running])
SRV - [2009.07.13 22:18:12 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
SRV - [2009.06.02 09:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2009.04.11 07:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009.03.30 05:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009.02.18 19:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009.02.18 19:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009.02.18 19:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008.02.18 13:36:14 | 01,553,704 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2008.01.24 11:36:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008.01.21 03:23:48 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV - [2008.01.21 03:23:20 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008.01.21 03:21:41 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2007.09.17 08:36:18 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2007.06.27 17:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2006.11.02 13:34:14 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006.11.02 13:34:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2005.04.03 23:41:10 | 00,090,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2003.07.28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009.10.26 07:53:13 | 00,024,944 | ---- | M] () -- C:\Windows\System32\Drivers\GVTDrv.sys -- (GVTDrv [On_Demand | Running])
DRV - [2009.10.26 07:53:00 | 00,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys -- (gdrv [On_Demand | Running])
DRV - [2009.08.20 16:18:38 | 00,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\etdrv.sys -- (etdrv [On_Demand | Stopped])
DRV - [2009.08.19 14:00:51 | 00,721,904 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009.08.17 17:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009.08.17 17:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009.08.17 17:05:24 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV - [2009.08.17 17:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2009.08.17 17:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV - [2009.08.05 16:42:00 | 02,745,760 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2009.07.14 19:54:00 | 09,557,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2009.06.10 05:38:16 | 00,335,872 | ---- | M] (Ralink Technology, Corp.) -- C:\Windows\System32\DRIVERS\netr61.sys -- (rt61x86 [On_Demand | Running])
DRV - [2009.04.30 10:47:20 | 00,040,480 | ---- | M] (COMODO Security Solutions Inc.) -- C:\Windows\System32\drivers\csdf.sys -- (csdf [Boot | Running])
DRV - [2009.04.30 10:46:06 | 00,037,920 | ---- | M] (COMODO Security Solutions Inc.) -- C:\Windows\System32\drivers\crpf.sys -- (crpf [Boot | Running])
DRV - [2009.04.11 05:42:54 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2009.03.27 00:16:28 | 00,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\cpuz132_x32.sys -- (cpuz132 [On_Demand | Stopped])
DRV - [2009.03.19 13:48:18 | 00,136,704 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu [On_Demand | Stopped])
DRV - [2009.03.19 13:48:12 | 00,008,320 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc [On_Demand | Stopped])
DRV - [2009.02.22 23:16:22 | 00,007,168 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys -- (AODDriver [On_Demand | Running])
DRV - [2009.02.09 07:37:56 | 00,007,808 | ---- | M] (Nokia) -- C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2009.02.09 07:37:48 | 00,007,808 | ---- | M] (Nokia) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2009.02.09 07:37:46 | 00,022,016 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2009.02.09 07:37:46 | 00,017,664 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2009.01.13 18:13:52 | 00,049,160 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])
DRV - [2009.01.13 18:13:44 | 00,014,728 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])
DRV - [2009.01.13 18:13:36 | 00,031,240 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo [On_Demand | Stopped])
DRV - [2009.01.13 18:13:28 | 00,029,192 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Stopped])
DRV - [2009.01.13 18:13:20 | 00,019,336 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])
DRV - [2008.08.26 09:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2008.02.18 13:36:14 | 00,038,312 | ---- | M] (Nero AG) -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm [System | Running])
DRV - [2008.02.18 13:36:14 | 00,036,648 | ---- | M] (Nero AG) -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2008.02.18 13:36:04 | 00,118,952 | ---- | M] (Nero AG) -- C:\Windows\System32\drivers\InCDFs.sys -- (InCDfs [Disabled | Running])
DRV - [2008.01.21 03:21:35 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2008.01.21 03:21:35 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2008.01.21 03:21:35 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008.01.21 03:21:34 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008.01.21 03:21:34 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2008.01.21 03:21:34 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2008.01.21 03:21:33 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2008.01.21 03:21:33 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008.01.21 03:21:33 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008.01.21 03:21:33 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008.01.21 03:21:32 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2008.01.21 03:21:32 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2008.01.21 03:21:32 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008.01.21 03:21:31 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2008.01.21 03:21:31 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008.01.21 03:21:31 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2008.01.21 03:21:31 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008.01.21 03:21:30 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2008.01.21 03:21:29 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008.01.21 03:21:29 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008.01.21 03:21:29 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2008.01.21 03:21:28 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2008.01.21 03:21:09 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008.01.21 03:21:09 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008.01.21 03:21:09 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2007.10.16 09:35:58 | 10,376,576 | ---- | M] (Sonix Co. Ltd.) -- C:\Windows\System32\DRIVERS\snpstd3.sys -- (SNPSTD3 [On_Demand | Running])
DRV - [2007.06.25 04:37:24 | 00,084,480 | ---- | M] (Realtek Corporation ) -- C:\Windows\System32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2007.03.16 09:11:38 | 00,012,256 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel [Auto | Running])
DRV - [2007.03.16 09:11:38 | 00,012,256 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\drivers\TBPANEL.SYS -- (Cardex [On_Demand | Stopped])
DRV - [2006.11.02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006.11.02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006.11.02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006.11.02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006.11.02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006.11.02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006.11.02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006.11.02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006.11.02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006.11.02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006.11.02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006.11.02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006.11.02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006.11.02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006.11.02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006.11.02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006.11.02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006.11.02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006.11.02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006.09.28 13:10:52 | 00,011,648 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\DRIVERS\gggen.sys -- (gggen [On_Demand | Stopped])
DRV - [2006.09.24 14:28:46 | 00,005,248 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2006.03.01 09:25:12 | 00,008,704 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\DRIVERS\ggsemc.sys -- (ggsemc [On_Demand | Stopped])
DRV - [2005.07.07 15:26:04 | 00,055,216 | ---- | M] (MCCI) -- C:\Windows\System32\DRIVERS\k750bus.sys -- (k750bus [On_Demand | Stopped])
DRV - [2005.07.07 15:26:00 | 00,006,576 | ---- | M] (MCCI) -- C:\Windows\System32\DRIVERS\k750mdfl.sys -- (k750mdfl [On_Demand | Stopped])
DRV - [2005.07.07 15:25:58 | 00,089,872 | ---- | M] (MCCI) -- C:\Windows\System32\DRIVERS\k750mdm.sys -- (k750mdm [On_Demand | Stopped])
DRV - [2005.07.07 15:25:52 | 00,081,728 | ---- | M] (MCCI) -- C:\Windows\System32\DRIVERS\k750mgmt.sys -- (k750mgmt [On_Demand | Stopped])
DRV - [2005.07.07 15:25:50 | 00,079,488 | ---- | M] (MCCI) -- C:\Windows\System32\DRIVERS\k750obex.sys -- (k750obex [On_Demand | Stopped])
DRV - [1996.04.03 20:33:26 | 00,005,248 | ---- | M] () -- C:\Windows\system32\giveio.sys -- (giveio [Boot | Running])

========== Modules (SafeList) ==========

MOD - [2009.10.26 08:01:16 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Dusko\Desktop\Downloads\MUZIKA THE BEST\OTL.exe
MOD - [2009.04.11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.rs/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.08.21 13:40:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.08.21 17:32:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.09.21 18:38:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.10.21 20:34:09 | 00,000,000 | ---D | M]

[2009.08.18 18:14:51 | 00,000,000 | ---D | M] -- C:\Users\Dusko\AppData\Roaming\mozilla\Extensions
[2009.08.18 18:14:51 | 00,000,000 | ---D | M] -- C:\Users\Dusko\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.10.25 11:14:36 | 00,000,000 | ---D | M] -- C:\Users\Dusko\AppData\Roaming\mozilla\Firefox\Profiles\tll1uzzt.default\extensions
[2009.08.21 13:42:34 | 00,000,000 | ---D | M] -- C:\Users\Dusko\AppData\Roaming\mozilla\Firefox\Profiles\tll1uzzt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.09.23 20:03:30 | 00,000,000 | ---D | M] -- C:\Users\Dusko\AppData\Roaming\mozilla\Firefox\Profiles\tll1uzzt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.10.02 08:01:28 | 00,000,564 | ---- | M] () -- C:\Users\Dusko\AppData\Roaming\Mozilla\FireFox\Profiles\tll1uzzt.default\searchplugins\bing.xml
[2009.10.25 11:14:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.09.17 13:31:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.08.18 22:41:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.09.17 13:31:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.09.17 13:31:53 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007.04.10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009.08.18 22:40:55 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009.09.17 13:31:53 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003.07.14 21:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009.02.27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008.09.10 20:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008.09.10 20:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009.07.30 08:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009.07.30 08:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009.07.30 08:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009.07.30 08:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009.07.30 08:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009.07.30 08:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009.07.30 08:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [(Default)] C:\Windows\svchost.exe File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [ReConnect] C:\Users\Dusko\Desktop\ReConnect.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [run32] C:\Win\lsass.exe ()
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [ReConnect] C:\Users\Dusko\Desktop\ReConnect.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [USDownloader] C:\Program Files\USDownloader\USDownloader.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\Windows\System32\mpg4ds32.ax (Microsoft Corporation)
O4 - HKLM..\RunOnce\Setup: [Registering WMA ActiveX filter...] C:\Windows\System32\msadds32.ax (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll ()
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll ()
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll ()
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.10.21 21:03:23 | 00,000,000 | ---D | C] -- C:\ProgramData\ACD Systems
[2009.10.23 19:07:22 | 00,000,000 | ---D | C] -- C:\ProgramData\KONAMI
[2009.10.03 19:42:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009.10.21 21:05:15 | 00,000,000 | ---D | C] -- C:\Users\Dusko\AppData\Roaming\ACD Systems
[2009.10.10 17:40:21 | 00,000,000 | ---D | C] -- C:\Users\Dusko\AppData\Roaming\Convivea
[2009.10.03 19:42:24 | 00,000,000 | ---D | C] -- C:\Users\Dusko\AppData\Roaming\Skype
[2009.10.03 19:43:11 | 00,000,000 | ---D | C] -- C:\Users\Dusko\AppData\Roaming\skypePM
[2009.10.17 19:51:23 | 00,000,000 | ---D | C] -- C:\Users\Dusko\AppData\Roaming\The Creative Assembly
[2009.10.21 19:40:31 | 00,000,000 | ---D | C] -- C:\Users\Dusko\AppData\Roaming\WinRAR
[2009.10.21 21:05:15 | 00,000,000 | ---D | C] -- C:\Users\Dusko\AppData\Local\ACD Systems
[2009.10.03 18:16:01 | 00,000,000 | ---D | C] -- C:\Users\Dusko\AppData\Local\CAPCOM
[2009.10.21 21:02:28 | 00,000,000 | ---D | C] -- C:\Users\Dusko\AppData\Local\Downloaded Installations
[2009.10.18 08:26:49 | 00,000,000 | ---D | C] -- C:\Users\Dusko\AppData\Local\Logitech
[2009.10.21 19:59:56 | 00,000,000 | ---D | C] -- C:\Users\Dusko\AppData\Local\WinZip
[2009.10.21 21:03:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems
[2009.10.21 20:33:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009.10.18 08:24:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2009.10.03 19:42:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009.10.14 19:11:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\snpstd3
[2009.10.21 21:03:21 | 00,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2009.10.03 12:16:49 | 00,000,000 | ---D | C] -- C:\Program Files\BearShare
[2009.10.10 17:40:21 | 00,000,000 | ---D | C] -- C:\Program Files\Bit Che
[2009.10.23 18:59:26 | 00,000,000 | ---D | C] -- C:\Program Files\KONAMI
[2009.10.25 17:53:18 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2009.10.18 08:24:41 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009.10.01 19:23:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009.10.21 20:34:04 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009.10.03 17:47:28 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009.10.21 20:32:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009.10.21 20:34:06 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009.09.27 20:17:58 | 00,000,000 | ---D | C] -- C:\Program Files\Santa Claus in trouble ...again! - Demo
[2009.10.03 19:42:15 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009.10.10 18:03:54 | 00,000,000 | ---D | C] -- C:\Program Files\USDownloader
[2009.10.18 17:43:46 | 00,000,000 | ---D | C] -- C:\Program Files\uViewIt Corporation
[2009.10.18 17:55:42 | 00,000,000 | ---D | C] -- C:\Program Files\Willing Webcam
[2009.10.01 19:22:48 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009.10.01 19:23:02 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009.10.21 19:59:47 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009.10.18 17:23:01 | 00,000,000 | ---D | C] -- C:\Program Files\Yawcam
[2009.10.25 20:19:29 | 00,000,000 | ---D | C] -- C:\Users\Dusko\Desktop\MUZIKA
[2009.10.25 20:09:08 | 00,000,000 | ---D | C] -- C:\Users\Dusko\Desktop\New Folder (5)
[2009.10.25 20:08:45 | 00,000,000 | RHSD | C] -- C:\Users\Dusko\Desktop\Moje slike
[2009.10.25 20:08:16 | 00,000,000 | RHSD | C] -- C:\Win
[2009.10.24 18:52:10 | 00,000,000 | ---D | C] -- C:\Users\Dusko\Desktop\New Folder (4)
[2009.10.24 18:48:14 | 00,000,000 | ---D | C] -- C:\Users\Dusko\Desktop\New Folder (3)
[2009.10.23 19:12:49 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2009.10.23 19:10:57 | 00,000,000 | ---D | C] -- C:\Users\Dusko\Documents\KONAMI
[2009.10.21 21:09:10 | 00,000,000 | -H-D | C] -- C:\Users\Dusko\Desktop\[Originals]
[2009.10.21 20:30:53 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009.10.21 19:38:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2009.10.20 21:23:08 | 00,000,000 | ---D | C] -- C:\Users\Dusko\Desktop\New Folder (2)
[2009.10.18 18:46:13 | 00,000,000 | ---D | C] -- C:\Users\Dusko\Desktop\transced
[2009.10.18 17:55:42 | 00,360,448 | ---- | C] (CodeGear) -- C:\Windows\System32\midas.dll
[2009.10.18 17:55:42 | 00,301,696 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\drivers\wwsplit.sys
[2009.10.17 16:34:29 | 00,000,000 | ---D | C] -- C:\Users\Dusko\Documents\18 WoS Extreme Trucker
[2009.10.16 20:58:52 | 00,000,000 | ---D | C] -- C:\Users\Dusko\Desktop\muzika za narezivanje
[2009.10.14 19:21:08 | 00,000,000 | ---D | C] -- C:\Users\Dusko\Desktop\lost exodus
[2009.10.14 19:11:18 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\amcap.exe
[2009.10.14 19:11:17 | 10,376,576 | ---- | C] (Sonix Co. Ltd.) -- C:\Windows\System32\drivers\snpstd3.sys
[2009.10.14 19:11:15 | 00,155,648 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2009.10.14 19:11:15 | 00,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2009.10.14 19:11:15 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2009.10.14 19:11:15 | 00,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2009.10.10 18:23:13 | 00,000,000 | ---D | C] -- C:\Users\Dusko\Desktop\goku
[2009.10.10 17:40:21 | 00,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.OCX
[2009.10.10 17:40:21 | 00,124,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswinsck.ocx
[2009.10.10 17:28:30 | 00,000,000 | ---D | C] -- C:\Users\Dusko\Desktop\CryptLoad_1.1.6
[2009.10.04 14:40:22 | 00,000,000 | ---D | C] -- C:\Users\Dusko\Desktop\Cryptload
[2009.10.03 18:18:47 | 00,000,000 | ---D | C] -- C:\Users\Dusko\Documents\CAPCOM
[2009.10.03 17:47:28 | 00,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2009.10.03 12:16:50 | 00,000,000 | ---D | C] -- C:\My Downloads
[2009.10.01 19:23:07 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009.10.01 19:22:35 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009.09.26 11:42:38 | 00,000,000 | ---D | C] -- C:\Users\Dusko\Documents\Prototype

========== Files - Modified Within 30 Days ==========

[2009.10.26 08:00:00 | 00,000,508 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2009.10.26 07:57:27 | 00,691,664 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.10.26 07:57:27 | 00,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.10.26 07:57:27 | 00,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.10.26 07:53:13 | 00,024,944 | ---- | M] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2009.10.26 07:53:13 | 00,000,004 | ---- | M] () -- C:\Windows\System32\GVTunner.ref
[2009.10.26 07:53:00 | 00,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[2009.10.26 07:52:08 | 00,001,689 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2009.10.26 07:52:07 | 00,032,879 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009.10.26 07:52:07 | 00,032,879 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009.10.26 07:52:00 | 00,018,666 | -H-- | M] () -- C:\Windows\System32\wmimgr32.dl_
[2009.10.26 07:51:59 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.10.26 07:51:58 | 00,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.10.26 07:51:58 | 00,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.10.26 07:51:54 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.10.26 07:51:52 | 34,880,79872 | -HS- | M] () -- C:\hiberfil.sys
[2009.10.25 23:47:18 | 03,533,430 | -H-- | M] () -- C:\Users\Dusko\AppData\Local\IconCache.db
[2009.10.25 23:02:47 | 00,115,712 | ---- | M] () -- C:\Users\Dusko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.25 20:17:45 | 00,000,291 | ---- | M] () -- C:\Windows\system.ini
[2009.10.25 20:07:44 | 00,552,103 | ---- | M] () -- C:\Users\Dusko\Desktop\New Folder (2).exe
[2009.10.25 20:07:44 | 00,552,103 | ---- | M] () -- C:\Users\Dusko\Desktop\Moje slike.exe
[2009.10.25 19:00:09 | 07,606,384 | ---- | M] () -- C:\Users\Dusko\Desktop\sis7018_816b.zip
[2009.10.25 18:55:24 | 17,976,302 | ---- | M] () -- C:\Users\Dusko\Desktop\SiS_s150.zip
[2009.10.25 17:53:19 | 00,000,914 | ---- | M] () -- C:\Users\Dusko\Desktop\EVEREST Home Edition.lnk
[2009.10.24 09:59:04 | 00,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009.10.23 19:12:49 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2009.10.23 19:11:41 | 00,001,041 | ---- | M] () -- C:\Users\Dusko\Desktop\settings - Shortcut.lnk
[2009.10.23 19:11:14 | 00,001,034 | ---- | M] () -- C:\Users\Dusko\Desktop\pes2009 - Shortcut.lnk
[2009.10.23 15:44:22 | 27,253,0854 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009.10.22 12:40:41 | 00,078,440 | ---- | M] () -- C:\Users\Dusko\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.10.22 12:40:39 | 00,317,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.10.21 20:34:38 | 00,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2009.10.21 20:34:23 | 00,000,629 | ---- | M] () -- C:\Windows\win.ini
[2009.10.21 19:59:52 | 00,001,861 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2009.10.18 18:01:08 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009.10.18 17:51:40 | 00,230,424 | ---- | M] () -- C:\img2-002.raw
[2009.10.18 17:51:21 | 00,000,215 | ---- | M] () -- C:\Windows\uViewIt.INI
[2009.10.18 17:45:02 | 00,000,010 | ---- | M] () -- C:\Users\Dusko\AppData\Roaming\sysFiles00.dll
[2009.10.18 17:24:50 | 00,230,424 | ---- | M] () -- C:\img2-001.raw
[2009.10.17 16:40:06 | 00,000,783 | ---- | M] () -- C:\Users\Dusko\Desktop\extremetrucker - Shortcut.lnk
[2009.10.17 10:04:03 | 00,000,473 | ---- | M] () -- C:\Users\Dusko\Desktop\ShutDown - Shortcut.lnk
[2009.10.14 00:13:14 | 10,380,9024 | ---- | M] () -- C:\Users\Dusko\Desktop\LOSTSE01EP24-25.part1.rar
[2009.10.13 08:39:18 | 02,582,580 | ---- | M] () -- C:\Users\Dusko\Documents\Katalog PC igara - 13. Oktobar (2009).htm
[2009.10.10 18:04:07 | 00,001,741 | ---- | M] () -- C:\Users\Dusko\Desktop\USD_XXXXL.lnk
[2009.10.10 17:40:22 | 00,000,797 | ---- | M] () -- C:\Users\Dusko\Desktop\Bit Che.lnk
[2009.10.10 17:32:06 | 00,000,167 | ---- | M] () -- C:\Users\Dusko\Desktop\Copy of reconnect.bat
[2009.10.10 17:23:27 | 00,000,630 | ---- | M] () -- C:\Users\Dusko\Desktop\prototypef -.lnk
[2009.10.10 17:23:14 | 00,000,844 | ---- | M] () -- C:\Users\Dusko\Desktop\CoJBiBGame_x86.lnk
[2009.10.04 18:24:58 | 00,569,856 | ---- | M] () -- C:\Users\Dusko\Desktop\ShutDown.exe
[2009.10.04 14:07:50 | 00,000,641 | ---- | M] () -- C:\Users\Dusko\Desktop\SF4Launcher - Shortcut.lnk
[2009.10.04 10:54:31 | 00,001,992 | ---- | M] () -- C:\Users\Dusko\Desktop\Windows Live Messenger .lnk
[2009.10.03 19:43:11 | 00,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2009.10.02 18:45:46 | 00,000,699 | ---- | M] () -- C:\Users\Dusko\Desktop\uTorrent.lnk
[2009.09.29 19:07:13 | 00,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI

========== Files - No Company Name ==========
[2009.10.25 20:53:06 | 00,018,666 | -H-- | C] () -- C:\Windows\System32\wmimgr32.dl_
[2009.10.25 20:08:42 | 00,552,103 | ---- | C] () -- C:\Users\Dusko\Desktop\New Folder (2).exe
[2009.10.25 20:08:42 | 00,552,103 | ---- | C] () -- C:\Users\Dusko\Desktop\Moje slike.exe
[2009.10.25 18:57:59 | 07,606,384 | ---- | C] () -- C:\Users\Dusko\Desktop\sis7018_816b.zip
[2009.10.25 18:50:11 | 17,976,302 | ---- | C] () -- C:\Users\Dusko\Desktop\SiS_s150.zip
[2009.10.25 17:53:19 | 00,000,914 | ---- | C] () -- C:\Users\Dusko\Desktop\EVEREST Home Edition.lnk
[2009.10.24 17:19:58 | 05,005,479 | ---- | C] () -- C:\Users\Dusko\Desktop\Halid_Beslic_-_2008_-_01_-_Miljacka.mp3
[2009.10.23 19:11:41 | 00,001,041 | ---- | C] () -- C:\Users\Dusko\Desktop\settings - Shortcut.lnk
[2009.10.23 19:11:14 | 00,001,034 | ---- | C] () -- C:\Users\Dusko\Desktop\pes2009 - Shortcut.lnk
[2009.10.23 15:44:22 | 27,253,0854 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009.10.21 20:34:38 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.10.21 19:59:52 | 00,001,861 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2009.10.21 08:19:41 | 00,000,004 | ---- | C] () -- C:\Windows\System32\GVTunner.ref
[2009.10.18 17:46:04 | 00,000,215 | ---- | C] () -- C:\Windows\uViewIt.INI
[2009.10.18 17:45:02 | 00,000,010 | ---- | C] () -- C:\Users\Dusko\AppData\Roaming\sysFiles00.dll
[2009.10.18 17:35:08 | 00,230,424 | ---- | C] () -- C:\img2-002.raw
[2009.10.18 13:40:11 | 00,230,424 | ---- | C] () -- C:\img2-001.raw
[2009.10.17 16:40:06 | 00,000,783 | ---- | C] () -- C:\Users\Dusko\Desktop\extremetrucker - Shortcut.lnk
[2009.10.17 16:40:02 | 00,544,768 | ---- | C] () -- C:\Users\Dusko\Documents\extremetrucker.exe
[2009.10.14 19:11:18 | 00,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2009.10.14 19:11:17 | 00,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2009.10.14 19:11:17 | 00,270,336 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2009.10.14 19:11:17 | 00,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2009.10.14 19:11:17 | 00,013,023 | ---- | C] () -- C:\Windows\snpstd3.src
[2009.10.13 23:44:17 | 10,380,9024 | ---- | C] () -- C:\Users\Dusko\Desktop\LOSTSE01EP24-25.part1.rar
[2009.10.13 08:39:18 | 02,582,580 | ---- | C] () -- C:\Users\Dusko\Documents\Katalog PC igara - 13. Oktobar (2009).htm
[2009.10.10 18:04:07 | 00,001,741 | ---- | C] () -- C:\Users\Dusko\Desktop\USD_XXXXL.lnk
[2009.10.10 17:40:22 | 00,000,797 | ---- | C] () -- C:\Users\Dusko\Desktop\Bit Che.lnk
[2009.10.10 17:29:10 | 00,000,167 | ---- | C] () -- C:\Users\Dusko\Desktop\Copy of reconnect.bat
[2009.10.10 17:23:27 | 00,000,630 | ---- | C] () -- C:\Users\Dusko\Desktop\prototypef -.lnk
[2009.10.10 17:23:14 | 00,000,844 | ---- | C] () -- C:\Users\Dusko\Desktop\CoJBiBGame_x86.lnk
[2009.10.09 17:00:41 | 00,001,743 | ---- | C] () -- C:\Users\Dusko\Desktop\CDBurnerXP.lnk
[2009.10.05 21:37:32 | 00,000,473 | ---- | C] () -- C:\Users\Dusko\Desktop\ShutDown - Shortcut.lnk
[2009.10.04 18:24:50 | 00,569,856 | ---- | C] () -- C:\Users\Dusko\Desktop\ShutDown.exe
[2009.10.04 14:07:50 | 00,000,641 | ---- | C] () -- C:\Users\Dusko\Desktop\SF4Launcher - Shortcut.lnk
[2009.10.04 10:54:31 | 00,001,992 | ---- | C] () -- C:\Users\Dusko\Desktop\Windows Live Messenger .lnk
[2009.10.03 19:43:11 | 00,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.10.03 19:42:15 | 00,002,377 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009.10.02 18:45:46 | 00,000,699 | ---- | C] () -- C:\Users\Dusko\Desktop\uTorrent.lnk
[2009.09.21 17:31:16 | 00,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009.09.08 20:40:41 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.05 16:45:54 | 03,533,430 | -H-- | C] () -- C:\Users\Dusko\AppData\Local\IconCache.db
[2009.08.25 11:03:37 | 00,023,888 | ---- | C] () -- C:\Users\Dusko\AppData\Roaming\UserTile.png
[2009.08.21 14:06:07 | 00,000,000 | ---- | C] () -- C:\Windows\System32\mscoree.dll
[2009.08.21 14:05:53 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.21 14:05:39 | 00,000,000 | ---- | C] () -- C:\Windows\System32\scrrun.dll
[2009.08.21 14:05:32 | 00,000,000 | ---- | C] () -- C:\Windows\System32\sysclass.dll
[2009.08.21 14:05:06 | 00,000,000 | ---- | C] () -- C:\Windows\System32\SmiEngine.dll
[2009.08.20 16:08:39 | 00,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2009.08.19 15:59:39 | 00,115,712 | ---- | C] () -- C:\Users\Dusko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.19 14:10:16 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.08.19 14:00:51 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.08.18 22:42:12 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.08.18 22:42:12 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.08.18 22:42:11 | 02,378,752 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009.08.18 22:42:10 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009.08.18 22:42:10 | 00,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.08.18 22:42:10 | 00,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.08.18 22:42:08 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.08.18 22:42:08 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.08.18 17:35:30 | 00,032,879 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.18 17:35:30 | 00,032,879 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.18 17:24:35 | 00,078,440 | ---- | C] () -- C:\Users\Dusko\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.08.18 17:24:17 | 00,000,680 | ---- | C] () -- C:\Users\Dusko\AppData\Local\d3d9caps.dat
[2009.04.21 23:19:06 | 00,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.01.21 03:23:41 | 00,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006.11.02 13:49:43 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006.11.02 13:34:20 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:23:31 | 00,000,629 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 11:23:31 | 00,000,291 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.03.26 19:24:30 | 00,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2005.03.26 19:24:14 | 00,839,680 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2003.01.07 14:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996.04.03 20:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:6724CB45
< End of report >

OTL Extras logfile created on: 26.10.2009 8:01:29 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\Dusko\Desktop\Downloads\MUZIKA THE BEST
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 0000081a | Country: Srbija | Language: SRL | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 6,89 Gb Free Space | 8,82% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 15,11 Gb Free Space | 7,74% Space Free | Partition Type: NTFS
Drive E: | 192,31 Gb Total Space | 16,55 Gb Free Space | 8,61% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC1
Current User Name: Dusko
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
pif

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav.

Nisi nam dostavio Gmer logove.

offline
  • Duško Ljepić
  • Pridružio: 19 Jul 2008
  • Poruke: 221
  • Gde živiš: Apatin

Evo ih Gmer logovi!


GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-28 09:27:27
Windows 6.0.6002 Service Pack 2
Running: qj80bf3r.exe; Driver: C:\Users\Dusko\AppData\Local\Temp\pgldapow.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 86A78F00
INT 0x51 ? 86A78F00
INT 0x62 ? 86A78F00
INT 0x62 ? 86A78F00
INT 0x62 ? 86A78F00
INT 0x62 ? 86A78F00
INT 0x72 ? 86A78F00
INT 0x72 ? 86A78F00
INT 0x72 ? 86A78F00
INT 0x82 ? 84F67BF8
INT 0x92 ? 84F67BF8
INT 0xB2 ? 84F67BF8
INT 0xB2 ? 84F67BF8
INT 0xB2 ? 84F67BF8
INT 0xB2 ? 84F67BF8
INT 0xB2 ? 86A78F00
INT 0xB2 ? 84F67BF8
INT 0xB3 ? 86A78F00

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spix.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8B18841B 5 Bytes JMP 86A784E0
.text acfvlkjc.SYS 8FA02000 22 Bytes [82, 73, 3D, 82, 6C, 72, 3D, ...]
.text acfvlkjc.SYS 8FA02017 45 Bytes [00, 32, 17, 7A, 80, 3D, 15, ...]
.text acfvlkjc.SYS 8FA02045 37 Bytes [DA, 0B, 82, FD, 59, 05, 82, ...]
.text acfvlkjc.SYS 8FA0206B 97 Bytes [82, A0, DE, 05, 82, 98, DE, ...]
.text acfvlkjc.SYS 8FA020CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806976D6] \SystemRoot\System32\Drivers\spix.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80697042] \SystemRoot\System32\Drivers\spix.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80697800] \SystemRoot\System32\Drivers\spix.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806970C0] \SystemRoot\System32\Drivers\spix.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069713E] \SystemRoot\System32\Drivers\spix.sys
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortWritePortUchar] 838FA27F
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8FA250
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortMoveMemory] [8B108910] \SystemRoot\System32\drivers\fwpkclnt.sys (FWP/IPsec Kernel-Mode API/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\acfvlkjc.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[624] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00280002
IAT C:\Windows\system32\services.exe[624] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00280000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 859021F8

AttachedDevice \FileSystem\Ntfs \Ntfs crpf.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.)

Device \Driver\volmgr \Device\VolMgrControl 84F691F8
Device \Driver\usbuhci \Device\USBPDO-0 86B46500
Device \Driver\usbuhci \Device\USBPDO-1 86B46500
Device \Driver\usbuhci \Device\USBPDO-2 86B46500
Device \Driver\usbehci \Device\USBPDO-3 86B621F8
Device \Driver\usbuhci \Device\USBPDO-4 86B46500
Device \Driver\netbt \Device\NetBT_Tcpip_{C7E5E807-CA74-4E38-B983-0F3ABE4CE983} 8800E1F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-5 86B46500
Device \Driver\usbuhci \Device\USBPDO-6 86B46500
Device \Driver\volmgr \Device\HarddiskVolume1 84F691F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-7 86B621F8
Device \Driver\cdrom \Device\CdRom0 86C83500
Device \Driver\volmgr \Device\HarddiskVolume2 84F691F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 86C83500
Device \Driver\volmgr \Device\HarddiskVolume3 84F691F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 859011F8
Device \Driver\atapi \Device\Ide\IdePort0 859011F8
Device \Driver\atapi \Device\Ide\IdePort1 859011F8
Device \Driver\atapi \Device\Ide\IdePort2 859011F8
Device \Driver\atapi \Device\Ide\IdePort3 859011F8
Device \Driver\atapi \Device\Ide\IdePort4 859011F8
Device \Driver\atapi \Device\Ide\IdePort5 859011F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-4 859011F8
Device \Driver\netbt \Device\NetBT_Tcpip_{917843CC-0E23-41D0-9EDB-28CAF67CB370} 8800E1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8800E1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{C6B9B01E-964F-4DEA-91F1-C63670763BFB} 8800E1F8
Device \Driver\Smb \Device\NetbiosSmb 87FCD1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{BA4850BD-98DE-47F3-ABF4-D69C6CEC18DE} 8800E1F8
Device \Driver\sptd \Device\459693245 spix.sys
Device \Driver\iScsiPrt \Device\RaidPort0 86C4E1F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\PCI_PNP7229 \Device\000000d4 spix.sys
Device \Driver\usbuhci \Device\USBFDO-0 86B46500
Device \Driver\usbuhci \Device\USBFDO-1 86B46500
Device \Driver\usbuhci \Device\USBFDO-2 86B46500
Device \Driver\usbehci \Device\USBFDO-3 86B621F8
Device \Driver\usbuhci \Device\USBFDO-4 86B46500
Device \Driver\usbuhci \Device\USBFDO-5 86B46500
Device \Driver\usbuhci \Device\USBFDO-6 86B46500
Device \Driver\usbehci \Device\USBFDO-7 86B621F8
Device \Driver\acfvlkjc \Device\Scsi\acfvlkjc1Port7Path0Target0Lun0 86DD9500
Device \Driver\acfvlkjc \Device\Scsi\acfvlkjc1 86DD9500
Device \FileSystem\cdfs \Cdfs 86A581F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9F 0x00 0x52 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x45 0x59 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xD0 0x11 0x3F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9F 0x00 0x52 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x45 0x59 0x5E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xD0 0x11 0x3F ...

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-28 09:27:44
Windows 6.0.6002 Service Pack 2
Running: qj80bf3r.exe; Driver: C:\Users\Dusko\AppData\Local\Temp\pgldapow.sys


---- Modules - GMER 1.0.15 ----

Module \SystemRoot\System32\Drivers\spix.sys 80695000-80796000 (1052672 bytes)
Module \SystemRoot\System32\drivers\crpf.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) 82704000-82710000 (49152 bytes)
Module \SystemRoot\System32\drivers\csdf.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) 82710000-8271D000 (53248 bytes)
Module \SystemRoot\system32\speedfan.sys (SpeedFan Device Driver/Windows (R) 2000 DDK provider) 8B354000-8B356000 (8192 bytes)
Module \SystemRoot\system32\giveio.sys 8B365000-8B366000 (4096 bytes)
Module \SystemRoot\system32\DRIVERS\nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 190.38 /NVIDIA Corporation) 8EE02000-8F720000 (9560064 bytes)
Module \SystemRoot\system32\DRIVERS\nvBridge.kmd (NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 190.38 /NVIDIA Corporation) 8F720000-8F722000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\Rtlh86.sys (Realtek 8101E/8168/8169 NDIS6 32-bit Driver /Realtek Corporation ) 8F7E7000-8F7FF000 (98304 bytes)
Module \SystemRoot\system32\DRIVERS\netr61.sys (Ralink 802.11 Wireless Adapter Driver/Ralink Technology, Corp.) 8B196000-8B1EF000 (364544 bytes)
Module \SystemRoot\system32\drivers\InCDPass.sys (Ahead RW Filter Driver/Nero AG) 827E2000-827EA000 (32768 bytes)
Module \SystemRoot\system32\drivers\InCDRm.sys (Nero MRW Filter Driver/Nero AG) 827EA000-827F3000 (36864 bytes)
Module \SystemRoot\system32\drivers\WmBEnum.sys (Logitech WingMan Virtual Bus Enumerator Driver/Logitech Inc.) 8FC2C000-8FC30000 (16384 bytes)
Module \SystemRoot\system32\drivers\WmXlCore.sys (Logitech WingMan Translation Driver/Logitech Inc.) 8FC30000-8FC3B000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) 8FC3B000-8FC45000 (40960 bytes)
Module \SystemRoot\system32\drivers\RTKVHDA.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) 8FE0A000-900A7000 (2740224 bytes)
Module \SystemRoot\system32\DRIVERS\snpstd3.sys (USB PC Camera driver/Sonix Co. Ltd.) 91209000-91BEF000 (10379264 bytes)
Module \SystemRoot\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) 901B0000-901B8000 (32768 bytes)
Module \SystemRoot\system32\drivers\InCDRec.sys (InCD File System Recognizer/Nero AG) 901B8000-901BB000 (12288 bytes)
Module \SystemRoot\system32\drivers\InCDFs.sys (InCD File System Driver/Nero AG) 901BB000-901D7000 (114688 bytes)
Module \SystemRoot\System32\Drivers\aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) 8FCC2000-8FCCD000 (45056 bytes)
Module \SystemRoot\System32\Drivers\aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software) 901F9000-901FD000 (16384 bytes)
Module \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) 91C80000-91CA1000 (135168 bytes)
Module \SystemRoot\System32\TSDDD.dll (Framebuffer Display Driver/Microsoft Corporation) 98300000-98309000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\aswMonFlt.sys (avast! File System Minifilter for Windows 2003/Vista/ALWIL Software) 91D1C000-91D33000 (94208 bytes)
Module \SystemRoot\system32\DRIVERS\aswFsBlk.sys (avast! File System Access Blocking Driver/ALWIL Software) 91D33000-91D3B000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) A348E000-A34A7000 (102400 bytes)
Module \SystemRoot\System32\Drivers\TBPanel.SYS (Display Control Program/Windows (R) 2000 DDK provider) A35A6000-A35A8000 (8192 bytes)
Module \SystemRoot\System32\Drivers\secdrv.SYS (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) A5EE5000-A5EEF000 (40960 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) 98330000-9837C000 (311296 bytes)
Module \??\C:\Users\Dusko\AppData\Local\Temp\pgldapow.sys (GMER) A5F7E000-A5F94000 (90112 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\Windows\FixCamera.exe 208
Library C:\Windows\FixCamera.exe 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Windows\vsnpstd3.exe 212
Library C:\Windows\vsnpstd3.exe 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Windows\tsnpstd3.exe 252
Library C:\Windows\tsnpstd3.exe 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech WingMan Event Monitor/Logitech Inc.) 276
Library C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech WingMan Event Monitor/Logitech Inc.) 0x00400000
Library C:\Program Files\Logitech\Gaming Software\LWUtils.dll (Logitech WingMan Utilities/Logitech Inc.) 0x10000000
Library C:\Program Files\Logitech\Gaming Software\LWGStore.dll (Logitech WingMan Gamestore/Logitech Inc.) 0x00150000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Program Files\Common Files\Logitech\Gaming Software\LWComCtl.dll (Logitech WingMan Common Controls/Logitech Inc.) 0x01980000
Library C:\Program Files\Logitech\Gaming Software\LWPrfRC.dll (Logitech WingMan Profiler Resources/Logitech Inc.) 0x01C40000

Process C:\Program Files\DAEMON Tools Lite\daemon.exe (DAEMON Tools Lite/DT Soft Ltd) 304
Library C:\Program Files\DAEMON Tools Lite\daemon.exe (DAEMON Tools Lite/DT Soft Ltd) 0x00400000
Library C:\Program Files\DAEMON Tools Lite\DTCommonRes.dll (DAEMON Tools Common resources/DT Soft Ltd) 0x10000000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd) 0x02C00000
Library C:\Program Files\DAEMON Tools Lite\imgengine.dll (Image engine library/DT Soft Ltd.) 0x01FE0000

Process C:\Program Files\Windows Sidebar\sidebar.exe (Windows Sidebar/Microsoft Corporation) 312
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x74FD0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Program Files\EXPERTool\TBPANEL.exe (EXPERTool : Display Control Panel/Gainward Co.) 328
Library C:\Program Files\EXPERTool\TBPANEL.exe (EXPERTool : Display Control Panel/Gainward Co.) 0x00400000
Library C:\Program Files\EXPERTool\TBManage.dll 0x1C000000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\NvCpl.dll (NVIDIA Display Properties Extension/NVIDIA Corporation) 0x10000000
Library C:\Windows\system32\nvapi.dll (NVIDIA NVAPI Library, Version 190.38 /NVIDIA Corporation) 0x01E80000
Library C:\Program Files\EXPERTool\GwLib.DLL (GWLIB/Gainward) 0x003E0000

Process C:\Program Files\uTorrent\uTorrent.exe (µTorrent/BitTorrent, Inc.) 332
Library C:\Program Files\uTorrent\uTorrent.exe (µTorrent/BitTorrent, Inc.) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) 404
Library C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) 0x00400000
Library C:\Program Files\Common Files\LightScribe\QtCore4.dll 0x67000000
Library C:\Program Files\Common Files\LightScribe\QtGui4.dll 0x65000000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 0x10000000

Process C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia Launch Application/Nokia) 484
Library C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia Launch Application/Nokia) 0x00400000
Library C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll 0x67000000
Library C:\Program Files\Nokia\Nokia PC Suite 7\QtGui4.dll 0x65000000
Library C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll 0x61000000
Library C:\Program Files\Nokia\Nokia PC Suite 7\CDC.dll (CDC/Nokia) 0x10000000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Program Files\Nokia\Nokia PC Suite 7\PCSL.dll (PCSL/Nokia) 0x01A70000
Library C:\Program Files\PC Connectivity Solution\ConnAPI.dll (Nokia Connectivity API/Nokia.) 0x02600000
Library C:\Program Files\PC Connectivity Solution\DAAPI.dll (Data Access API/Nokia) 0x02AB0000
Library C:\Program Files\PC Connectivity Solution\PCCS_ABAPI.dll (Abstraction API/Nokia) 0x01BC0000
Library C:\Program Files\Nokia\Nokia PC Suite 7\styles\NGLStyle.dll (Launch Application Style plugin/Nokia) 0x03230000
Library C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll 0x01D40000
Library C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll 0x01C20000
Library C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll 0x66000000
Library C:\Program Files\PC Connectivity Solution\ConfServer.dll (Configuration Server Module/Nokia) 0x01E00000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75520000
Library C:\Program Files\PC Connectivity Solution\NclFT.dll (Nokia File Transfer service/Nokia) 0x03C70000

Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation) 504
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x74FD0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x73F80000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75520000
Library C:\Windows\system32\nvapi.dll (NVIDIA NVAPI Library, Version 190.38 /NVIDIA Corporation) 0x06400000

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 528
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Program Files\Skype\Phone\Skype.exe (Skype /Skype Technologies S.A.) 576
Library C:\Program Files\Skype\Phone\Skype.exe (Skype /Skype Technologies S.A.) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\msimg32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x74FD0000
Library C:\Windows\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x73F80000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75520000

Process C:\Windows\system32\wininit.exe (Windows Start-Up Application/Microsoft Corporation) 580
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75520000

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 592
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Windows\system32\services.exe (Services and Controller app/Microsoft Corporation) 624
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75520000

Process C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) 640
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75520000

Process C:\Windows\system32\lsm.exe (Local Session Manager Service/Microsoft Corporation) 648
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75520000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 784
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75520000

Process C:\Windows\system32\winlogon.exe (Windows Logon Application/Microsoft Corporation) 816
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library c:\windows\system32\uxtuneup.dll (TuneUp Theme Extension/TuneUp Software) 0x55580000

Process C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 190.38/NVIDIA Corporation) 884
Library C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 190.38/NVIDIA Corporation) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 912
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75520000

Process C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) 1004
Library C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) 0x00400000
Library C:\Program Files\PC Connectivity Solution\PCCS_DBEngine.dll (Database Engine/Nokia) 0x10000000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Program Files\PC Connectivity Solution\NclCapability.dll (NclCapability service/Nokia) 0x030F0000
Library C:\Program Files\PC Connectivity Solution\NOX.dll (Nokia OBEX Module/Nokia) 0x03120000
Library C:\Program Files\PC Connectivity Solution\NclTools.dll (NCL Tools/Nokia) 0x03180000
Library C:\Program Files\PC Connectivity Solution\ConfServer.dll (Configuration Server Module/Nokia) 0x03920000
Library C:\Program Files\PC Connectivity Solution\NclFT.dll (Nokia File Transfer service/Nokia) 0x031E0000
Library C:\Program Files\PC Connectivity Solution\NclDS.dll (Nokia Data Service/Nokia) 0x03230000
Library C:\Program Files\PC Connectivity Solution\NclLcif.dll (NclLcif Module/Nokia) 0x03270000
Library C:\Program Files\PC Connectivity Solution\NclPhonet.dll (NclPhonet Module/Nokia.) 0x032B0000
Library C:\Program Files\PC Connectivity Solution\NclPIMAccess.dll (Nokia PIM Access Service/Nokia) 0x04700000
Library C:\Program Files\PC Connectivity Solution\NclSyncHandler.DLL (Nokia Sync Handler/Nokia.) 0x03440000
Library C:\Program Files\PC Connectivity Solution\VersitConverter.dll (Versit Converter/Nokia) 0x057C0000

Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1020
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\System32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75520000
Library C:\Windows\system32\RtkAPO.dll (Realtek(r) LFX/GFX DSP component/Realtek Semiconductor Corp.) 0x73B00000

Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1048
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library c:\windows\system32\l2gpstore.dll (Policy Storage dll/Microsoft Corporation) 0x73A70000
Library C:\Windows\System32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75520000
Library C:\Windows\System32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x6EA10000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1060
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library c:\windows\system32\uxtuneup.dll (TuneUp Theme Extension/TuneUp Software) 0x55580000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75520000
Library C:\Windows\system32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x6EA10000
Library C:\Windows\system32\vsstrace.dll (Microsoft® Volume Shadow Copy Requestor/Writer tracing DLL/Microsoft Corporation) 0x6CD90000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x74FD0000
Library C:\Windows\system32\wbem\ncprov.dll (Non-COM WMI Event Provision APIs/Microsoft Corporation) 0x6FD40000
Library C:\Windows\System32\npmproxy.dll (Network List Manager Proxy/Microsoft Corporation) 0x6CA40000

Process C:\Windows\system32\AUDIODG.EXE (Windows Audio Device Graph Isolation /Microsoft Corporation) 1132
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\RtkAPO.dll (Realtek(r) LFX/GFX DSP component/Realtek Semiconductor Corp.) 0x73B00000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1196
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Windows\system32\SLsvc.exe (Microsoft Software Licensing Service/Microsoft Corporation) 1244
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1260
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75520000
Library C:\Windows\System32\npmproxy.dll (Network List Manager Proxy/Microsoft Corporation) 0x6CA40000
Library c:\windows\system32\upnphost.dll (UPnP Device Host/Microsoft Corporation) 0x71FD0000

Process C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! e-Mail Scanner Service/ALWIL Software) 1328
Library C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! e-Mail Scanner Service/ALWIL Software) 0x00400000
Library C:\Program Files\Alwil Software\Avast4\ashBase.dll (Basic Functionality Module/ALWIL Software) 0x64500000
Library C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll (Antivirus HW dependent library/ALWIL Software) 0x64000000
Library C:\Program Files\Alwil Software\Avast4\aswCmnB.dll (High level portable functions/ALWIL Software) 0x64080000
Library C:\Program Files\Alwil Software\Avast4\aswCmnS.dll (Common non-portable functions/ALWIL Software) 0x64100000
Library C:\Program Files\Alwil Software\Avast4\ashTask.dll (Task Handling Module/ALWIL Software) 0x64800000
Library C:\Program Files\Alwil Software\Avast4\aswAux.dll (avast! Auxiliary Library/ALWIL Software) 0x64580000
Library C:\Program Files\Alwil Software\Avast4\Aavm4h.dll (avast! Asynchronous Virus Monitor (AAVM)/ALWIL Software) 0x65000000
Library C:\Program Files\Alwil Software\Avast4\AavmRpch.dll (avast! AAVM Remote Procedure Call Library/ALWIL Software) 0x65100000
Library C:\Program Files\Alwil Software\Avast4\AhResMai.dll (avast! e-Mail Scanner AAVM Provider Library/ALWIL Software) 0x65380000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Program Files\Alwil Software\Avast4\English\Base.dll (avast! English Basic Module/ALWIL Software) 0x66080000
Library C:\Program Files\Alwil Software\Avast4\aswEngin.dll (High level antivirus engine/ALWIL Software) 0x64280000
Library C:\Program Files\Alwil Software\Avast4\aswScan.dll (Low level antivirus engine/ALWIL Software) 0x64200000
Library C:\Program Files\Alwil Software\Avast4\English\Lang.dll (avast! Main English Module/ALWIL Software) 0x66100000
Library C:\Program Files\Alwil Software\Avast4\English\langmai.dll (English language DLL for avast! e-Mail Scanner/ALWIL Software) 0x66500000

Process C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner/ALWIL Software) 1424
Library C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner/ALWIL Software) 0x00400000
Library C:\Program Files\Alwil Software\Avast4\ashBase.dll (Basic Functionality Module/ALWIL Software) 0x64500000
Library C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll (Antivirus HW dependent library/ALWIL Software) 0x64000000
Library C:\Program Files\Alwil Software\Avast4\aswCmnB.dll (High level portable functions/ALWIL Software) 0x64080000
Library C:\Program Files\Alwil Software\Avast4\aswCmnS.dll (Common non-portable functions/ALWIL Software) 0x64100000
Library C:\Program Files\Alwil Software\Avast4\Aavm4h.dll (avast! Asynchronous Virus Monitor (AAVM)/ALWIL Software) 0x65000000
Library C:\Program Files\Alwil Software\Avast4\AavmRpch.dll (avast! AAVM Remote Procedure Call Library/ALWIL Software) 0x65100000
Library C:\Program Files\Alwil Software\Avast4\ashTask.dll (Task Handling Module/ALWIL Software) 0x64800000
Library C:\Program Files\Alwil Software\Avast4\aswAux.dll (avast! Auxiliary Library/ALWIL Software) 0x64580000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Program Files\Alwil Software\Avast4\English\Base.dll (avast! English Basic Module/ALWIL Software) 0x66080000
Library C:\Program Files\Alwil Software\Avast4\aswEngin.dll (High level antivirus engine/ALWIL Software) 0x64280000
Library C:\Program Files\Alwil Software\Avast4\aswScan.dll (Low level antivirus engine/ALWIL Software) 0x64200000
Library C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll (avast! Web Shield Filter Module/ALWIL Software) 0x68300000
Library C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll (avast! HTTP Scanner AAVM Provider Library/ALWIL Software) 0x65A00000

Process C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 190.38/NVIDIA Corporation) 1464
Library C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 190.38/NVIDIA Corporation) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\NVSVC.DLL (NVIDIA Driver Helper Service, Version 190.38/NVIDIA Corporation) 0x10000000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x74FD0000
Library C:\Windows\system32\nvapi.dll (NVIDIA NVAPI Library, Version 190.38 /NVIDIA Corporation) 0x01400000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1476
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library c:\windows\system32\vsstrace.dll (Microsoft® Volume Shadow Copy Requestor/Writer tracing DLL/Microsoft Corporation) 0x6CD90000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75520000
Library c:\windows\system32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x6EA10000
Library C:\Windows\system32\ndptsp.tsp (NDIS Proxy TAPI Service Provider/Microsoft Corporation) 0x6C4A0000

Process C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! Antivirus updating service/ALWIL Software) 1688
Library C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! Antivirus updating service/ALWIL Software) 0x00400000
Library C:\Program Files\Alwil Software\Avast4\aswCmnS.dll (Common non-portable functions/ALWIL Software) 0x64100000
Library C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll (Antivirus HW dependent library/ALWIL Software) 0x64000000
Library C:\Program Files\Alwil Software\Avast4\aswCmnB.dll (High level portable functions/ALWIL Software) 0x64080000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! antivirus service/ALWIL Software) 1704
Library C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! antivirus service/ALWIL Software) 0x00400000
Library C:\Program Files\Alwil Software\Avast4\aswAux.dll (avast! Auxiliary Library/ALWIL Software) 0x64580000
Library C:\Program Files\Alwil Software\Avast4\aswCmnB.dll (High level portable functions/ALWIL Software) 0x64080000
Library C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll (Antivirus HW dependent library/ALWIL Software) 0x64000000
Library C:\Program Files\Alwil Software\Avast4\aswEngin.dll (High level antivirus engine/ALWIL Software) 0x64280000
Library C:\Program Files\Alwil Software\Avast4\aswScan.dll (Low level antivirus engine/ALWIL Software) 0x64200000
Library C:\Program Files\Alwil Software\Avast4\aswCmnS.dll (Common non-portable functions/ALWIL Software) 0x64100000
Library C:\Program Files\Alwil Software\Avast4\ashBase.dll (Basic Functionality Module/ALWIL Software) 0x64500000
Library C:\Program Files\Alwil Software\Avast4\ashTask.dll (Task Handling Module/ALWIL Software) 0x64800000
Library C:\Program Files\Alwil Software\Avast4\aswInteg.dll (Integrity checking implementation/ALWIL Software) 0x64400000
Library C:\Program Files\Alwil Software\Avast4\aswIdle.dll (avast! Idle Hook Library/ALWIL Software) 0x64A00000
Library C:\Program Files\A

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | run32

Folders to delete:
C:\Win


Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u

Iskopiraj sadržaj dobijenog loga u temu na forumu.

-----------------------------

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Duško Ljepić
  • Pridružio: 19 Jul 2008
  • Poruke: 221
  • Gde živiš: Apatin

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Win" deleted successfully.

Error: could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|run32"
Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|run32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.



Nisi odradio po uputstvu iz prethodnog posta, mislim na program UsbNoRisk
Molim te da odradis i to i postavis mi log.

offline
  • Duško Ljepić
  • Pridružio: 19 Jul 2008
  • Poruke: 221
  • Gde živiš: Apatin

Nije restartovao komp posle zavrsetka combofixa pa sam ga ja rucno restartovao!




ComboFix 09-10-28.08 - Dusko 30.10.2009 18:44.2.2 - NTFSx86
Running from: c:\users\Dusko\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-30 17:48 . 2009-10-30 17:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-30 17:48 . 2009-10-30 17:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-30 17:44 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-26 09:45 . 2009-10-26 09:45 -------- d-----w- c:\users\Dusko\AppData\Roaming\Malwarebytes
2009-10-26 09:45 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-26 09:45 . 2009-10-26 09:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-26 09:45 . 2009-10-26 09:45 -------- d-----w- c:\programdata\Malwarebytes
2009-10-26 09:45 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-26 07:58 . 2009-10-26 07:58 -------- d-----w- c:\users\Dusko\AppData\Local\Aspyr
2009-10-26 07:47 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-10-26 07:47 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-10-25 16:53 . 2009-10-25 16:53 -------- d-----w- c:\program files\Lavalys
2009-10-23 18:12 . 2009-10-23 18:12 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-23 18:07 . 2009-10-23 18:07 -------- d-----w- c:\programdata\KONAMI
2009-10-23 17:59 . 2009-10-23 17:59 -------- d-----w- c:\program files\KONAMI
2009-10-21 20:05 . 2009-10-21 20:05 -------- d-----w- c:\users\Dusko\AppData\Local\ACD Systems
2009-10-21 20:05 . 2009-10-21 20:05 -------- d-----w- c:\users\Dusko\AppData\Roaming\ACD Systems
2009-10-21 20:03 . 2009-10-21 20:03 -------- d-----w- c:\programdata\ACD Systems
2009-10-21 20:03 . 2009-10-21 20:03 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-10-21 20:03 . 2009-10-21 20:03 -------- d-----w- c:\program files\ACD Systems
2009-10-21 20:02 . 2009-10-21 20:02 -------- d-----w- c:\users\Dusko\AppData\Local\Downloaded Installations
2009-10-21 19:34 . 2009-10-21 19:34 -------- d-----w- c:\program files\Microsoft.NET
2009-10-21 19:34 . 2009-10-21 19:34 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-21 19:30 . 2009-10-21 19:30 -------- d-----r- C:\MSOCache
2009-10-21 18:59 . 2009-10-28 08:18 -------- d-----w- c:\users\Dusko\AppData\Local\WinZip
2009-10-18 16:55 . 2009-10-18 18:28 -------- d-----w- c:\program files\Willing Webcam
2009-10-18 16:55 . 2008-01-21 14:40 301696 ----a-w- c:\windows\system32\drivers\wwsplit.sys
2009-10-18 16:55 . 2007-08-26 20:03 360448 ----a-w- c:\windows\system32\midas.dll
2009-10-18 16:45 . 2009-10-18 16:45 10 ----a-w- c:\users\Dusko\AppData\Roaming\sysFiles00.dll
2009-10-18 16:43 . 2009-10-18 16:43 -------- d-----w- c:\program files\uViewIt Corporation
2009-10-18 16:23 . 2009-10-18 16:24 -------- d-----w- c:\program files\Yawcam
2009-10-18 07:26 . 2009-10-18 07:26 -------- d-----w- c:\users\Dusko\AppData\Local\Logitech
2009-10-18 07:24 . 2009-10-18 07:24 -------- d-----w- c:\program files\Logitech
2009-10-18 07:24 . 2009-10-18 07:24 -------- d-----w- c:\program files\Common Files\Logitech
2009-10-17 18:51 . 2009-10-17 18:51 -------- d-----w- c:\users\Dusko\AppData\Roaming\The Creative Assembly
2009-10-14 18:11 . 2007-07-11 14:09 20480 ----a-w- c:\windows\FixCamera.exe
2009-10-14 18:11 . 2006-07-03 08:31 94208 ----a-w- c:\windows\amcap.exe
2009-10-14 18:11 . 2007-10-16 08:35 10376576 ----a-w- c:\windows\system32\drivers\snpstd3.sys
2009-10-14 18:11 . 2007-05-10 11:18 835584 ----a-w- c:\windows\vsnpstd3.exe
2009-10-14 18:11 . 2007-04-21 07:37 270336 ----a-w- c:\windows\tsnpstd3.exe
2009-10-14 18:11 . 2009-10-14 18:11 -------- d-----w- c:\program files\Common Files\snpstd3
2009-10-14 18:11 . 2007-07-23 16:04 155648 ----a-w- c:\windows\system32\rsnpstd3.dll
2009-10-14 18:11 . 2007-07-23 15:52 57344 ----a-w- c:\windows\system32\vsnpstd3.dll
2009-10-14 18:11 . 2005-11-23 11:55 53248 ----a-w- c:\windows\system32\csnpstd3.dll
2009-10-14 18:11 . 2005-11-23 11:55 53248 ----a-w- c:\windows\csnpstd3.dll
2009-10-10 17:03 . 2009-10-25 19:53 -------- d-----w- c:\program files\USDownloader
2009-10-10 16:40 . 2008-03-28 08:07 20992 ----a-w- c:\users\Dusko\AppData\Roaming\Convivea\Bit_Che\languages\compare.exe
2009-10-10 16:40 . 2009-10-10 16:40 -------- d-----w- c:\program files\Bit Che
2009-10-10 16:40 . 2009-10-10 16:40 -------- d-----w- c:\users\Dusko\AppData\Roaming\Convivea
2009-10-10 16:40 . 2009-04-10 16:40 118784 ----a-w- c:\users\Dusko\AppData\Roaming\Convivea\Bit_Che\scripts\x.exe
2009-10-10 16:40 . 2008-03-28 08:02 60928 ----a-w- c:\users\Dusko\AppData\Roaming\Convivea\Bit_Che\scripts\update.exe
2009-10-10 16:40 . 2003-08-19 03:06 80896 ----a-w- c:\users\Dusko\AppData\Roaming\Convivea\Bit_Che\scripts\x.dll
2009-10-03 18:43 . 2009-10-30 17:38 -------- d-----w- c:\users\Dusko\AppData\Roaming\skypePM
2009-10-03 18:43 . 2009-10-03 18:43 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-03 18:42 . 2009-10-30 17:43 -------- d-----w- c:\users\Dusko\AppData\Roaming\Skype
2009-10-03 18:42 . 2009-10-03 18:42 -------- d-----w- c:\program files\Common Files\Skype
2009-10-03 18:42 . 2009-10-03 18:42 -------- d-----r- c:\program files\Skype
2009-10-03 18:42 . 2009-10-03 18:42 -------- d-----w- c:\programdata\Skype
2009-10-03 17:16 . 2009-10-03 17:16 -------- d-----w- c:\users\Dusko\AppData\Local\CAPCOM
2009-10-03 16:47 . 2009-10-03 16:47 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-03 16:47 . 2009-10-03 16:47 -------- d-----w- c:\windows\system32\xlive
2009-10-03 11:16 . 2009-10-03 11:16 -------- d-----w- C:\My Downloads
2009-10-03 11:16 . 2009-10-03 11:18 -------- d-----w- c:\program files\BearShare
2009-10-01 19:27 . 2009-10-30 17:38 -------- d-----w- c:\users\Dusko\Tracing
2009-10-01 18:23 . 2009-10-01 18:23 -------- d-----w- c:\program files\Microsoft
2009-10-01 18:23 . 2009-10-01 18:23 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-01 18:22 . 2009-10-01 18:23 -------- d-----w- c:\program files\Windows Live
2009-10-01 18:22 . 2009-10-01 18:22 -------- d-----w- c:\windows\PCHEALTH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 17:43 . 2009-08-18 21:35 -------- d-----w- c:\users\Dusko\AppData\Roaming\uTorrent
2009-10-30 17:39 . 2009-08-18 21:39 -------- d-----w- c:\users\Dusko\AppData\Roaming\Orbit
2009-10-30 17:38 . 2009-08-18 16:35 32879 ----a-w- c:\programdata\nvModes.dat
2009-10-30 17:38 . 2009-08-18 16:34 -------- d-----w- c:\programdata\NVIDIA
2009-10-29 08:32 . 2009-10-29 08:19 -------- d-----w- c:\program files\Game Graphic Studio
2009-10-26 06:53 . 2009-08-20 15:08 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2009-10-26 06:53 . 2009-08-20 15:07 17488 ----a-w- c:\windows\gdrv.sys
2009-10-22 11:40 . 2009-08-18 16:24 78440 ----a-w- c:\users\Dusko\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-21 19:51 . 2009-08-19 13:26 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-21 18:59 . 2009-08-18 21:48 -------- d-----w- c:\programdata\WinZip
2009-10-19 19:31 . 2009-08-18 16:39 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-18 16:43 . 2009-08-18 16:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-06 08:43 . 2009-08-18 21:47 -------- d-----w- c:\program files\SpeedFan
2009-09-27 19:18 . 2009-09-27 19:17 -------- d-----w- c:\program files\Santa Claus in trouble ...again! - Demo
2009-09-20 07:45 . 2009-09-20 07:45 -------- d-----w- c:\program files\NIXart
2009-09-19 18:17 . 2009-08-21 16:33 -------- d-----w- c:\users\Dusko\AppData\Roaming\PC Suite
2009-09-19 14:16 . 2009-09-19 14:16 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-19 14:16 . 2009-09-19 14:16 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-19 14:16 . 2009-09-19 14:16 -------- d-----w- c:\users\Dusko\AppData\Roaming\TuneUp Software
2009-09-19 14:16 . 2009-09-19 14:16 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-19 14:16 . 2009-09-19 14:16 -------- d-----w- c:\programdata\TuneUp Software
2009-09-19 14:16 . 2009-09-19 14:16 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-19 09:16 . 2009-09-19 09:16 -------- d-----w- c:\program files\YouTube Downloader
2009-09-16 18:28 . 2009-08-21 16:33 -------- d-----w- c:\users\Dusko\AppData\Roaming\Nokia
2009-09-15 19:35 . 2009-09-15 19:35 -------- d-----w- c:\program files\NSS
2009-09-15 13:11 . 2009-09-15 13:10 -------- d-----w- c:\program files\PC Connectivity Solution
2009-09-15 11:59 . 2009-08-18 16:45 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 11:55 . 2009-08-18 16:46 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 11:55 . 2009-08-18 16:46 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 11:55 . 2009-08-18 16:45 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-15 11:54 . 2009-08-18 16:46 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 11:54 . 2009-08-18 16:46 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 11:53 . 2009-08-18 16:46 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-07 17:17 . 2009-09-07 17:16 -------- d-----w- c:\users\Dusko\AppData\Roaming\Ahead
2009-09-07 17:16 . 2009-09-07 17:16 -------- d-----w- c:\programdata\LightScribe
2009-09-07 17:16 . 2009-09-07 17:16 -------- d-----w- c:\program files\Common Files\LightScribe
2009-09-07 17:14 . 2009-09-07 17:14 -------- d-----w- c:\programdata\Ahead
2009-09-07 17:13 . 2009-09-07 17:12 -------- d-----w- c:\program files\Common Files\Ahead
2009-09-07 17:12 . 2009-08-19 12:58 -------- d-----w- c:\program files\Nero
2009-09-07 17:12 . 2009-08-19 12:58 -------- d-----w- c:\programdata\Nero
2009-09-04 16:53 . 2009-09-04 16:53 -------- d-----w- c:\program files\CDBurnerXP
2009-09-04 13:22 . 2009-09-04 13:22 -------- d-----w- c:\users\Dusko\AppData\Roaming\Auslogics
2009-08-29 00:27 . 2009-09-02 11:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 11:25 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-20 15:18 . 2009-08-20 15:09 17488 ----a-w- c:\windows\etdrv.sys
2009-08-19 15:37 . 2009-08-19 15:37 170496 ----a-w- c:\users\Dusko\AppData\Roaming\Mikrotik\Winbox\3.23-43329250\wlan4.dll
2009-08-19 15:37 . 2009-08-19 15:37 10752 ----a-w- c:\users\Dusko\AppData\Roaming\Mikrotik\Winbox\3.23-43329250\system.dll
2009-08-19 15:37 . 2009-08-19 15:37 91136 ----a-w- c:\users\Dusko\AppData\Roaming\Mikrotik\Winbox\3.23-43329250\secure.dll
2009-08-19 15:37 . 2009-08-19 15:37 97280 ----a-w- c:\users\Dusko\AppData\Roaming\Mikrotik\Winbox\3.23-43329250\roting2.dll
2009-08-19 15:37 . 2009-08-19 15:37 95744 ----a-w- c:\users\Dusko\AppData\Roaming\Mikrotik\Winbox\3.23-43329250\ppp.dll
2009-08-19 15:37 . 2009-08-19 15:37 71168 ----a-w- c:\users\Dusko\AppData\Roaming\Mikrotik\Winbox\3.23-43329250\pim.dll
2009-08-19 15:37 . 2009-08-19 15:37 66560 ----a-w- c:\users\Dusko\AppData\Roaming\Mikrotik\Winbox\3.23-43329250\mpls.dll
2009-08-19 15:37 . 2009-08-19 15:37 69120 ----a-w- c:\users\Dusko\AppData\Roaming\Mikrotik\Winbox\3.23-43329250\dhcp.dll
2009-08-19 15:37 . 2009-08-19 15:37 69632 ----a-w- c:\users\Dusko\AppData\Roaming\Mikrotik\Winbox\3.23-43329250\advtool.dll
2009-08-19 15:37 . 2009-08-19 15:37 1484800 ----a-w- c:\users\Dusko\AppData\Roaming\Mikrotik\Winbox\3.23-43329250\roteros.dll
2009-08-19 15:13 . 2009-08-19 15:13 4152184 ----a-w- c:\windows\system32\wgaer_m.exe
2009-08-19 13:00 . 2009-08-19 13:00 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-18 21:40 . 2009-08-18 21:41 411368 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-03 289072]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2009-05-12 2181672]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"ReConnect"="c:\users\Dusko\Desktop\ReConnect.exe" [2007-03-19 225792]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2008-02-18 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-02-18 1057064]
"ReConnect"="c:\users\Dusko\Desktop\ReConnect.exe" [2007-03-19 225792]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-04-21 270336]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6e,b6,3d,95,61,22,ca,01

R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [x]
R3 AODDriver;AODDriver;c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [2009-02-22 7168]
R3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-03-26 12672]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2009-08-20 17488]
R3 gggen;Generic USB Flash Driver;c:\windows\system32\DRIVERS\gggen.sys [2006-09-28 11648]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2009-10-26 24944]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S0 crpf;crpf;c:\windows\System32\drivers\crpf.sys [2009-04-30 37920]
S0 csdf;cdsf;c:\windows\System32\drivers\csdf.sys [2009-04-30 40480]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-09-19 604488]
S3 rt61x86;Gigabyte RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [2009-06-10 335872]


--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-10-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: {C7E5E807-CA74-4E38-B983-0F3ABE4CE983} = 79.101.46.2 79.101.46.3
FF - ProfilePath - c:\users\Dusko\AppData\Roaming\Mozilla\Firefox\Profiles\tll1uzzt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-30 18:49
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3864106910-822230631-1102338558-1000)
"Progid"="ACDSee Photo Manager 2009.iff"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3864106910-822230631-1102338558-1000)
"Progid"="ACDSee Photo Manager 2009.raw"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-30 18:50
ComboFix-quarantined-files.txt 2009-10-30 17:50
ComboFix2.txt 2009-10-26 10:40

Pre-Run: 10.152.353.792 bytes free
Post-Run: 9.901.490.176 bytes free

- - End Of File - - 90425AFFF80BB8A3DC40E66AB8CE48F2

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Otvoriti Notepad i iskopirati sledeci tekst:

RegLock::
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
[HKEY_USERS\S-1-5-21-3864106910-822230631-1102338558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.


Kad zavrsis sa ovim postupkom odradi sledece:

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Duško Ljepić
  • Pridružio: 19 Jul 2008
  • Poruke: 221
  • Gde živiš: Apatin

Umeđuvremenu sam srusio sistem i instalirao win 7, hvala puno za pomoć!

Ko je trenutno na forumu
 

Ukupno su 666 korisnika na forumu :: 15 registrovanih, 4 sakrivenih i 647 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aBobban, Apok, Bane san, Drug pukovnik, ivan979, kovinacc, LeGrandCharles, Majstorr, Marko Marković, miodrag, MRUD, operniki, VJ, vlvl, yrraf