lsass.exe

lsass.exe

offline
  • Pridružio: 11 Sep 2007
  • Poruke: 3271

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:35, on 1.6.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\System32\rundll32.exe
c:\Win\lsass.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\Zarko\Desktop\HiJackThis folder\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: desktop.exe
O8 - Extra context menu item: &Preuzmi sa FlashGet-om - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Preuzmi sve sa FlashGet-om - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{62DEC95B-3E84-46DF-943D-B571E15D2E11}: NameServer = 62.240.12.1 62.240.12.2
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 6318 bytes

Sta da radim? Smile

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Citat:
Sta da radim?


Samo se zavali u fotelju i uzivaj Mr. Green

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 11 Sep 2007
  • Poruke: 3271

Napisano: 01 Jun 2009 22:18

ComboFix 09-05-31.06 - Zarko 01.06.2009 20:57.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.381.1033.18.3326.2217 [GMT 2:00]
Running from: c:\users\Zarko\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\win\lsass.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 19:00 . 2009-06-01 19:00 -------- d-----w- c:\users\Zarko\AppData\Local\temp
2009-06-01 13:33 . 2009-06-01 13:44 -------- d-----w- c:\users\Zarko\AppData\Roaming\Apple Computer
2009-06-01 13:33 . 2009-06-01 13:33 -------- d-----w- c:\users\Zarko\AppData\Local\Apple Computer
2009-06-01 13:32 . 2009-06-01 13:32 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-01 13:32 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-01 13:32 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\iPod
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\iTunes
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\Bonjour
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\QuickTime
2009-06-01 13:31 . 2009-06-01 13:32 -------- d-----w- c:\programdata\Apple Computer
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\users\Zarko\AppData\Local\Apple
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\program files\Apple Software Update
2009-06-01 13:31 . 2009-06-01 13:32 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\programdata\Apple
2009-05-31 17:43 . 2008-12-19 13:35 228692 ----a-w- c:\users\Zarko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe
2009-05-31 17:43 . 2009-06-01 18:57 -------- d-sh--r- C:\Win
2009-05-29 12:11 . 2009-05-29 12:11 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-05-29 12:11 . 2009-05-29 12:11 -------- d-----w- c:\program files\Acronis
2009-05-29 12:11 . 2009-05-29 12:11 -------- d-----w- c:\program files\Common Files\Acronis
2009-05-29 11:10 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-05-29 11:09 . 2009-05-29 11:09 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-29 11:09 . 2009-05-29 11:09 -------- d-----w- c:\program files\Microsoft.NET
2009-05-28 23:46 . 2009-05-28 23:47 -------- d-----w- c:\users\Zarko\AppData\Local\Microsoft Games
2009-05-28 23:46 . 2009-05-28 23:46 -------- d-----w- c:\users\Zarko\AppData\Local\Scansoft
2009-05-28 23:36 . 2007-07-19 23:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2009-05-28 23:36 . 2009-05-28 23:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-28 23:36 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-05-28 22:12 . 2009-05-28 22:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-28 19:47 . 2009-05-28 19:47 -------- d-----w- c:\program files\Common Files\ABBYY
2009-05-28 19:45 . 2009-05-28 19:49 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2009-05-28 19:42 . 2008-05-16 03:51 -------- d-----w- C:\FR90PE_VOL
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\programdata\InstallShield
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\users\Zarko\AppData\Roaming\ScanSoft
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\programdata\ScanSoft
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-05-28 11:03 . 2009-05-28 11:03 -------- d-----w- c:\program files\ScanSoft
2009-05-27 23:54 . 2009-05-27 23:55 -------- d-----w- c:\windows\system32\ca-ES
2009-05-27 23:54 . 2009-05-27 23:54 -------- d-----w- c:\windows\system32\eu-ES
2009-05-27 23:54 . 2009-05-27 23:54 -------- d-----w- c:\windows\system32\vi-VN
2009-05-27 23:52 . 2009-05-27 23:52 -------- d-----w- c:\windows\system32\SPReview
2009-05-27 23:44 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-05-27 23:42 . 2009-04-10 21:28 469504 ----a-w- c:\windows\system32\newdev.dll
2009-05-27 23:40 . 2009-05-27 23:40 -------- d-----w- c:\windows\system32\EventProviders
2009-05-27 20:10 . 2009-05-28 22:13 -------- d-----w- c:\users\Zarko\AppData\Local\Adobe
2009-05-27 20:06 . 2009-05-27 20:06 -------- d-----w- c:\users\Zarko\AppData\Roaming\ABBYY
2009-05-27 19:12 . 2009-05-27 19:12 -------- d-----w- c:\users\Zarko\AppData\Local\Apps
2009-05-27 19:04 . 2009-05-28 19:45 -------- d-----w- c:\users\Zarko\AppData\Local\ABBYY
2009-05-27 19:04 . 2009-05-27 20:07 -------- d-----w- c:\programdata\ABBYY
2009-05-27 19:01 . 2009-05-27 19:02 -------- d-----w- c:\temp\FR90PE
2009-05-27 19:01 . 2009-05-27 19:01 -------- d-----w- C:\temp
2009-05-27 17:24 . 2009-05-27 23:40 -------- d-----w- C:\Downloads
2009-05-27 17:24 . 2009-05-27 17:24 -------- d-----w- c:\users\Zarko\AppData\Roaming\FlashGet
2009-05-27 17:23 . 2009-05-27 17:24 -------- d-----w- c:\program files\FlashGet
2009-05-27 17:20 . 2009-05-27 17:20 -------- d-----w- c:\users\Zarko\AppData\Roaming\Ahead
2009-05-27 17:14 . 2009-05-27 17:16 -------- d-----w- c:\users\Zarko\AppData\Roaming\Canon
2009-05-26 08:55 . 2009-05-26 08:19 4152184 ----a-w- c:\windows\system32\wgaer_m.exe
2009-05-26 02:57 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-05-26 02:54 . 2009-05-26 02:54 -------- d-----w- c:\program files\MSXML 4.0
2009-05-26 00:57 . 2008-02-29 06:35 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-05-26 00:26 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-05-26 00:26 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-05-26 00:26 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-26 00:26 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-05-26 00:26 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-26 00:26 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-26 00:26 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-05-26 00:26 . 2008-10-16 12:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-05-26 00:26 . 2008-10-16 11:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-05-25 23:43 . 2009-05-25 23:43 -------- d-----w- c:\users\Zarko\AppData\Local\BuildAGadget Content
2009-05-25 23:41 . 2009-05-27 17:20 -------- d-----w- c:\users\Zarko\AppData\Local\Ahead
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\programdata\Nero
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\program files\Nero
2009-05-25 23:38 . 2009-06-01 17:19 -------- d-----w- c:\users\Zarko\Tracing
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Microsoft
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Windows Live
2009-05-25 23:15 . 2009-05-25 23:15 -------- d-----w- C:\PerfLogs
2009-05-25 22:49 . 2008-01-18 21:33 193024 ----a-w- c:\windows\system32\recdisc.exe
2009-05-25 22:49 . 2008-01-18 21:36 6656 ----a-w- c:\windows\system32\sdspres.dll
2009-05-25 22:49 . 2008-01-18 21:36 28160 ----a-w- c:\windows\system32\sxproxy.dll
2009-05-25 22:47 . 2008-01-18 21:33 88064 ----a-w- c:\windows\system32\wiaacmgr.exe
2009-05-25 22:30 . 2009-05-25 22:30 -------- d-----w- c:\users\Zarko\AppData\Local\Microsoft Help
2009-05-25 22:30 . 2009-05-27 21:50 -------- d-----w- c:\programdata\Microsoft Help
2009-05-25 21:36 . 2009-05-25 21:36 -------- d-----w- c:\windows\PCHEALTH
2009-05-25 18:57 . 2009-05-25 09:02 -------- d-----w- c:\windows\Panther
2009-05-25 18:56 . 2009-05-28 00:00 -------- d-sh--w- C:\Boot
2009-05-25 16:47 . 2009-05-25 16:47 -------- d-----w- c:\users\Zarko\AppData\Roaming\Media Player Classic
2009-05-25 16:20 . 2009-05-25 16:20 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-25 16:16 . 2009-05-25 16:16 -------- d-----w- c:\program files\Canon
2009-05-25 16:15 . 2005-02-28 11:20 57344 ----a-w- c:\windows\system32\CNQU110.DLL
2009-05-25 16:14 . 2009-05-25 16:14 -------- d--h--w- C:\CanoScan
2009-05-25 16:14 . 2005-06-23 20:17 352256 ----a-w- c:\windows\system32\CNQL1213.DLL
2009-05-25 16:08 . 2009-05-25 16:08 -------- d-----w- c:\program files\CCleaner
2009-05-25 16:08 . 2009-05-25 16:08 -------- d-----w- c:\program files\Defraggler
2009-05-25 16:05 . 2009-05-25 16:05 -------- d-----w- c:\users\Zarko\AppData\Local\Mozilla
2009-05-25 16:05 . 2009-05-25 16:05 -------- d-----w- c:\windows\system32\Macromed
2009-05-25 16:04 . 2009-05-25 16:04 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-25 16:04 . 2009-05-25 16:04 -------- d-----w- c:\program files\Java
2009-05-25 16:02 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-25 16:02 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-25 16:02 . 2009-05-25 16:02 -------- d-----w- c:\program files\Real Alternative
2009-05-25 16:02 . 2009-05-25 16:02 -------- d-----w- c:\users\Zarko\AppData\Local\Real
2009-05-25 16:01 . 2009-05-25 16:01 0 ----a-w- c:\windows\nsreg.dat
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\users\Zarko\AppData\Local\Thunderbird
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\users\Zarko\AppData\Roaming\Thunderbird
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-25 15:57 . 2009-05-25 15:57 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-25 15:57 . 2009-05-27 14:08 -------- d-----w- c:\users\Zarko\AppData\Roaming\Winamp
2009-05-25 15:57 . 2009-05-25 15:58 -------- d-----w- c:\program files\Winamp
2009-05-25 15:55 . 2009-05-25 15:55 -------- d-----w- c:\programdata\NVIDIA
2009-05-25 15:42 . 2007-07-23 01:41 753664 ----a-w- c:\windows\system32\nvcplui.exe
2009-05-25 15:42 . 2007-07-23 01:41 307200 ----a-w- c:\windows\system32\nvexpbar.dll
2009-05-25 15:42 . 2007-07-23 01:41 1073152 ----a-w- c:\windows\system32\nvcpluir.dll
2009-05-25 15:41 . 2007-07-23 01:41 356352 ----a-w- c:\windows\system32\nvuninst.exe
2009-05-25 15:41 . 2007-07-23 01:41 356352 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-25 15:40 . 2009-05-25 16:21 -------- d-----w- c:\windows\UI
2009-05-25 15:39 . 2007-06-26 06:56 2173480 ----a-w- c:\windows\TBPanel.exe
2009-05-25 15:39 . 2007-03-16 02:11 12256 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2009-05-25 15:39 . 2007-01-31 02:56 32768 ----a-w- c:\windows\TBPanelExt.dll
2009-05-25 15:39 . 2004-07-17 15:48 36864 ----a-w- c:\windows\GWLib.dll
2009-05-25 15:39 . 1998-11-17 23:27 26624 ----a-w- c:\windows\TBZoom.exe
2009-05-25 15:39 . 1998-10-31 02:55 5120 ----a-w- c:\windows\TBManage.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 12:19 . 2009-06-01 12:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-05-29 11:15 . 2009-05-25 09:11 74696 ----a-w- c:\users\Zarko\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-28 23:36 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-05-27 23:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-05-27 23:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-26 17:20 . 2009-05-26 17:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-25 23:06 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-25 23:06 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-25 16:03 . 2009-05-25 16:03 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-25 15:36 . 2009-05-25 09:11 680 ----a-w- c:\users\Zarko\AppData\Local\d3d9caps.dat
2009-05-25 15:34 . 2009-05-25 15:34 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-04-10 21:33 . 2009-05-27 23:42 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-10 21:33 . 2009-05-27 23:42 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-10 21:33 . 2009-05-27 23:43 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-10 21:33 . 2009-05-27 23:42 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-10 21:33 . 2009-05-27 23:42 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-10 21:28 . 2009-05-27 23:42 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-10 21:27 . 2009-05-27 23:43 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-04-10 21:22 . 2009-05-27 23:43 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-10 21:21 . 2009-05-27 23:43 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-10 20:42 . 2009-05-27 23:43 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-10 20:03 . 2009-05-27 23:43 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-10 20:03 . 2009-05-27 23:43 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 19:57 . 2009-05-27 23:42 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-10 19:55 . 2009-05-27 23:42 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-10 19:52 . 2009-05-27 23:43 248320 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-04-10 19:51 . 2009-05-27 23:43 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-10 19:47 . 2009-05-27 23:43 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-10 19:46 . 2009-05-27 23:43 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-10 19:46 . 2009-05-27 23:43 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-10 19:46 . 2009-05-27 23:43 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-10 19:46 . 2009-05-27 23:42 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-10 19:46 . 2009-05-27 23:43 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-10 19:46 . 2009-05-27 23:42 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-10 19:45 . 2009-05-27 23:42 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-10 19:45 . 2009-05-27 23:43 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-10 19:45 . 2009-05-27 23:43 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-10 19:45 . 2009-05-27 23:43 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-10 19:45 . 2009-05-27 23:43 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-10 19:45 . 2009-05-27 23:42 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-10 19:43 . 2009-05-27 23:43 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-10 19:43 . 2009-05-27 23:42 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-10 19:43 . 2009-05-27 23:43 148992 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2009-04-10 19:43 . 2009-05-27 23:43 22528 ----a-w- c:\windows\system32\drivers\bthenum.sys
2009-04-10 19:43 . 2009-05-27 23:43 507904 ----a-w- c:\windows\system32\drivers\bthport.sys
2009-04-10 19:43 . 2009-05-27 23:43 29696 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2009-04-10 19:42 . 2009-05-27 23:42 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-10 19:42 . 2009-05-27 23:42 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-10 19:42 . 2009-05-27 23:42 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-10 19:42 . 2009-05-27 23:42 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-04-10 19:42 . 2009-05-27 23:42 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-10 19:42 . 2009-05-27 23:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-10 19:42 . 2009-05-27 23:42 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-10 19:42 . 2009-05-27 23:43 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-10 19:39 . 2009-05-27 23:42 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-10 19:39 . 2009-05-27 23:43 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-10 19:39 . 2009-05-27 23:43 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-10 19:38 . 2009-05-27 23:42 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-10 19:27 . 2009-05-27 23:43 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-10 19:24 . 2009-05-27 23:42 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-04-10 19:23 . 2009-05-27 23:43 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-10 19:23 . 2009-05-27 23:43 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-10 19:23 . 2009-05-27 23:43 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-10 19:22 . 2009-05-27 23:42 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-10 19:15 . 2009-05-27 23:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-10 19:15 . 2009-05-27 23:42 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-10 19:15 . 2009-05-27 23:42 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-10 19:14 . 2009-05-27 23:43 351744 ----a-w- c:\windows\system32\drivers\csc.sys
2009-04-10 19:14 . 2009-05-27 23:43 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-10 19:14 . 2009-05-27 23:43 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-10 19:14 . 2009-05-27 23:43 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-10 19:14 . 2009-05-27 23:43 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-10 19:14 . 2009-05-27 23:43 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-10 19:14 . 2009-05-27 23:43 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-10 19:14 . 2009-05-27 23:43 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-10 19:14 . 2009-05-27 23:42 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2009-04-10 19:13 . 2009-05-27 23:43 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2009-04-10 19:13 . 2009-05-27 23:43 142848 ----a-w- c:\windows\system32\drivers\fastfat.sys
2009-04-10 19:12 . 2009-05-27 23:43 617984 ----a-w- c:\windows\system32\adtschema.dll
2009-04-10 17:52 . 2009-05-27 23:42 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2009-04-10 16:59 . 2009-05-27 23:42 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-04-10 16:59 . 2009-05-27 23:42 107612 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2009-04-02 14:29 . 2009-04-02 14:29 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-29 19:42 . 2009-05-27 23:43 93512 ----a-w- c:\windows\system32\dfshim.dll
2009-03-29 19:42 . 2009-05-27 23:43 80720 ----a-w- c:\windows\system32\mscories.dll
2009-03-29 19:42 . 2009-05-27 23:43 278848 ----a-w- c:\windows\system32\mscoree.dll
2009-03-29 19:42 . 2009-05-27 23:43 155456 ----a-w- c:\windows\system32\mscorier.dll
2009-03-26 13:23 . 2009-03-26 13:23 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-26 13:23 . 2009-03-26 13:23 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-08 11:34 . 2009-05-26 08:08 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-26 08:08 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-26 08:08 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-26 08:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-10 21:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-05-07 1826816]

c:\users\Zarko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
desktop.exe [2008-12-19 228692]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cf,a9,b1,3f,27,df,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3421091432-1391080257-1961547046-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{57C92971-2986-4DBF-B2D6-DB0F1285B1CA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A1D713C3-0C8A-472F-A0B6-DB90D63EDA7E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4306053B-B32D-444B-97D1-19A09170A7EB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{16D0D73E-A47D-408A-ABDB-23B9319F31FA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25.5.2009 11:22 108289]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [2.11.2006 12:25 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [2.11.2006 12:25 251904]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [26.2.2007 14:03 2217416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
IE: &Preuzmi sa FlashGet-om - c:\program files\FlashGet\jc_link.htm
IE: &Preuzmi sve sa FlashGet-om - c:\program files\FlashGet\jc_all.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Zarko\AppData\Roaming\Mozilla\Firefox\Profiles\s4p2095y.default\
FF - prefs.js: browser.startup.homepage - www.google.rs
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 21:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-01 21:01
ComboFix-quarantined-files.txt 2009-06-01 19:01

Pre-Run: 3.570.413.568 bytes free
Post-Run: 3.555.860.480 bytes free

334 --- E O F --- 2009-05-28 23:37

Dopuna: 01 Jun 2009 22:19

ComboFix 09-05-31.06 - Zarko 01.06.2009 20:57.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.381.1033.18.3326.2217 [GMT 2:00]
Running from: c:\users\Zarko\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\win\lsass.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 19:00 . 2009-06-01 19:00 -------- d-----w- c:\users\Zarko\AppData\Local\temp
2009-06-01 13:33 . 2009-06-01 13:44 -------- d-----w- c:\users\Zarko\AppData\Roaming\Apple Computer
2009-06-01 13:33 . 2009-06-01 13:33 -------- d-----w- c:\users\Zarko\AppData\Local\Apple Computer
2009-06-01 13:32 . 2009-06-01 13:32 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-01 13:32 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-01 13:32 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\iPod
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\iTunes
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\Bonjour
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\QuickTime
2009-06-01 13:31 . 2009-06-01 13:32 -------- d-----w- c:\programdata\Apple Computer
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\users\Zarko\AppData\Local\Apple
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\program files\Apple Software Update
2009-06-01 13:31 . 2009-06-01 13:32 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\programdata\Apple
2009-05-31 17:43 . 2008-12-19 13:35 228692 ----a-w- c:\users\Zarko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe
2009-05-31 17:43 . 2009-06-01 18:57 -------- d-sh--r- C:\Win
2009-05-29 12:11 . 2009-05-29 12:11 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-05-29 12:11 . 2009-05-29 12:11 -------- d-----w- c:\program files\Acronis
2009-05-29 12:11 . 2009-05-29 12:11 -------- d-----w- c:\program files\Common Files\Acronis
2009-05-29 11:10 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-05-29 11:09 . 2009-05-29 11:09 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-29 11:09 . 2009-05-29 11:09 -------- d-----w- c:\program files\Microsoft.NET
2009-05-28 23:46 . 2009-05-28 23:47 -------- d-----w- c:\users\Zarko\AppData\Local\Microsoft Games
2009-05-28 23:46 . 2009-05-28 23:46 -------- d-----w- c:\users\Zarko\AppData\Local\Scansoft
2009-05-28 23:36 . 2007-07-19 23:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2009-05-28 23:36 . 2009-05-28 23:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-28 23:36 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-05-28 22:12 . 2009-05-28 22:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-28 19:47 . 2009-05-28 19:47 -------- d-----w- c:\program files\Common Files\ABBYY
2009-05-28 19:45 . 2009-05-28 19:49 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2009-05-28 19:42 . 2008-05-16 03:51 -------- d-----w- C:\FR90PE_VOL
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\programdata\InstallShield
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\users\Zarko\AppData\Roaming\ScanSoft
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\programdata\ScanSoft
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-05-28 11:03 . 2009-05-28 11:03 -------- d-----w- c:\program files\ScanSoft
2009-05-27 23:54 . 2009-05-27 23:55 -------- d-----w- c:\windows\system32\ca-ES
2009-05-27 23:54 . 2009-05-27 23:54 -------- d-----w- c:\windows\system32\eu-ES
2009-05-27 23:54 . 2009-05-27 23:54 -------- d-----w- c:\windows\system32\vi-VN
2009-05-27 23:52 . 2009-05-27 23:52 -------- d-----w- c:\windows\system32\SPReview
2009-05-27 23:44 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-05-27 23:42 . 2009-04-10 21:28 469504 ----a-w- c:\windows\system32\newdev.dll
2009-05-27 23:40 . 2009-05-27 23:40 -------- d-----w- c:\windows\system32\EventProviders
2009-05-27 20:10 . 2009-05-28 22:13 -------- d-----w- c:\users\Zarko\AppData\Local\Adobe
2009-05-27 20:06 . 2009-05-27 20:06 -------- d-----w- c:\users\Zarko\AppData\Roaming\ABBYY
2009-05-27 19:12 . 2009-05-27 19:12 -------- d-----w- c:\users\Zarko\AppData\Local\Apps
2009-05-27 19:04 . 2009-05-28 19:45 -------- d-----w- c:\users\Zarko\AppData\Local\ABBYY
2009-05-27 19:04 . 2009-05-27 20:07 -------- d-----w- c:\programdata\ABBYY
2009-05-27 19:01 . 2009-05-27 19:02 -------- d-----w- c:\temp\FR90PE
2009-05-27 19:01 . 2009-05-27 19:01 -------- d-----w- C:\temp
2009-05-27 17:24 . 2009-05-27 23:40 -------- d-----w- C:\Downloads
2009-05-27 17:24 . 2009-05-27 17:24 -------- d-----w- c:\users\Zarko\AppData\Roaming\FlashGet
2009-05-27 17:23 . 2009-05-27 17:24 -------- d-----w- c:\program files\FlashGet
2009-05-27 17:20 . 2009-05-27 17:20 -------- d-----w- c:\users\Zarko\AppData\Roaming\Ahead
2009-05-27 17:14 . 2009-05-27 17:16 -------- d-----w- c:\users\Zarko\AppData\Roaming\Canon
2009-05-26 08:55 . 2009-05-26 08:19 4152184 ----a-w- c:\windows\system32\wgaer_m.exe
2009-05-26 02:57 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-05-26 02:54 . 2009-05-26 02:54 -------- d-----w- c:\program files\MSXML 4.0
2009-05-26 00:57 . 2008-02-29 06:35 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-05-26 00:26 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-05-26 00:26 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-05-26 00:26 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-26 00:26 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-05-26 00:26 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-26 00:26 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-26 00:26 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-05-26 00:26 . 2008-10-16 12:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-05-26 00:26 . 2008-10-16 11:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-05-25 23:43 . 2009-05-25 23:43 -------- d-----w- c:\users\Zarko\AppData\Local\BuildAGadget Content
2009-05-25 23:41 . 2009-05-27 17:20 -------- d-----w- c:\users\Zarko\AppData\Local\Ahead
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\programdata\Nero
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\program files\Nero
2009-05-25 23:38 . 2009-06-01 17:19 -------- d-----w- c:\users\Zarko\Tracing
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Microsoft
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Windows Live
2009-05-25 23:15 . 2009-05-25 23:15 -------- d-----w- C:\PerfLogs
2009-05-25 22:49 . 2008-01-18 21:33 193024 ----a-w- c:\windows\system32\recdisc.exe
2009-05-25 22:49 . 2008-01-18 21:36 6656 ----a-w- c:\windows\system32\sdspres.dll
2009-05-25 22:49 . 2008-01-18 21:36 28160 ----a-w- c:\windows\system32\sxproxy.dll
2009-05-25 22:47 . 2008-01-18 21:33 88064 ----a-w- c:\windows\system32\wiaacmgr.exe
2009-05-25 22:30 . 2009-05-25 22:30 -------- d-----w- c:\users\Zarko\AppData\Local\Microsoft Help
2009-05-25 22:30 . 2009-05-27 21:50 -------- d-----w- c:\programdata\Microsoft Help
2009-05-25 21:36 . 2009-05-25 21:36 -------- d-----w- c:\windows\PCHEALTH
2009-05-25 18:57 . 2009-05-25 09:02 -------- d-----w- c:\windows\Panther
2009-05-25 18:56 . 2009-05-28 00:00 -------- d-sh--w- C:\Boot
2009-05-25 16:47 . 2009-05-25 16:47 -------- d-----w- c:\users\Zarko\AppData\Roaming\Media Player Classic
2009-05-25 16:20 . 2009-05-25 16:20 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-25 16:16 . 2009-05-25 16:16 -------- d-----w- c:\program files\Canon
2009-05-25 16:15 . 2005-02-28 11:20 57344 ----a-w- c:\windows\system32\CNQU110.DLL
2009-05-25 16:14 . 2009-05-25 16:14 -------- d--h--w- C:\CanoScan
2009-05-25 16:14 . 2005-06-23 20:17 352256 ----a-w- c:\windows\system32\CNQL1213.DLL
2009-05-25 16:08 . 2009-05-25 16:08 -------- d-----w- c:\program files\CCleaner
2009-05-25 16:08 . 2009-05-25 16:08 -------- d-----w- c:\program files\Defraggler
2009-05-25 16:05 . 2009-05-25 16:05 -------- d-----w- c:\users\Zarko\AppData\Local\Mozilla
2009-05-25 16:05 . 2009-05-25 16:05 -------- d-----w- c:\windows\system32\Macromed
2009-05-25 16:04 . 2009-05-25 16:04 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-25 16:04 . 2009-05-25 16:04 -------- d-----w- c:\program files\Java
2009-05-25 16:02 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-25 16:02 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-25 16:02 . 2009-05-25 16:02 -------- d-----w- c:\program files\Real Alternative
2009-05-25 16:02 . 2009-05-25 16:02 -------- d-----w- c:\users\Zarko\AppData\Local\Real
2009-05-25 16:01 . 2009-05-25 16:01 0 ----a-w- c:\windows\nsreg.dat
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\users\Zarko\AppData\Local\Thunderbird
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\users\Zarko\AppData\Roaming\Thunderbird
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-25 15:57 . 2009-05-25 15:57 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-25 15:57 . 2009-05-27 14:08 -------- d-----w- c:\users\Zarko\AppData\Roaming\Winamp
2009-05-25 15:57 . 2009-05-25 15:58 -------- d-----w- c:\program files\Winamp
2009-05-25 15:55 . 2009-05-25 15:55 -------- d-----w- c:\programdata\NVIDIA
2009-05-25 15:42 . 2007-07-23 01:41 753664 ----a-w- c:\windows\system32\nvcplui.exe
2009-05-25 15:42 . 2007-07-23 01:41 307200 ----a-w- c:\windows\system32\nvexpbar.dll
2009-05-25 15:42 . 2007-07-23 01:41 1073152 ----a-w- c:\windows\system32\nvcpluir.dll
2009-05-25 15:41 . 2007-07-23 01:41 356352 ----a-w- c:\windows\system32\nvuninst.exe
2009-05-25 15:41 . 2007-07-23 01:41 356352 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-25 15:40 . 2009-05-25 16:21 -------- d-----w- c:\windows\UI
2009-05-25 15:39 . 2007-06-26 06:56 2173480 ----a-w- c:\windows\TBPanel.exe
2009-05-25 15:39 . 2007-03-16 02:11 12256 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2009-05-25 15:39 . 2007-01-31 02:56 32768 ----a-w- c:\windows\TBPanelExt.dll
2009-05-25 15:39 . 2004-07-17 15:48 36864 ----a-w- c:\windows\GWLib.dll
2009-05-25 15:39 . 1998-11-17 23:27 26624 ----a-w- c:\windows\TBZoom.exe
2009-05-25 15:39 . 1998-10-31 02:55 5120 ----a-w- c:\windows\TBManage.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 12:19 . 2009-06-01 12:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-05-29 11:15 . 2009-05-25 09:11 74696 ----a-w- c:\users\Zarko\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-28 23:36 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-05-27 23:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-05-27 23:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-26 17:20 . 2009-05-26 17:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-25 23:06 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-25 23:06 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-25 16:03 . 2009-05-25 16:03 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-25 15:36 . 2009-05-25 09:11 680 ----a-w- c:\users\Zarko\AppData\Local\d3d9caps.dat
2009-05-25 15:34 . 2009-05-25 15:34 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-04-10 21:33 . 2009-05-27 23:42 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-10 21:33 . 2009-05-27 23:42 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-10 21:33 . 2009-05-27 23:43 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-10 21:33 . 2009-05-27 23:42 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-10 21:33 . 2009-05-27 23:42 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-10 21:28 . 2009-05-27 23:42 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-10 21:27 . 2009-05-27 23:43 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-04-10 21:22 . 2009-05-27 23:43 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-10 21:21 . 2009-05-27 23:43 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-10 20:42 . 2009-05-27 23:43 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-10 20:03 . 2009-05-27 23:43 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-10 20:03 . 2009-05-27 23:43 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 19:57 . 2009-05-27 23:42 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-10 19:55 . 2009-05-27 23:42 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-10 19:52 . 2009-05-27 23:43 248320 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-04-10 19:51 . 2009-05-27 23:43 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-10 19:47 . 2009-05-27 23:43 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-10 19:46 . 2009-05-27 23:43 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-10 19:46 . 2009-05-27 23:43 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-10 19:46 . 2009-05-27 23:43 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-10 19:46 . 2009-05-27 23:42 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-10 19:46 . 2009-05-27 23:43 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-10 19:46 . 2009-05-27 23:42 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-10 19:45 . 2009-05-27 23:42 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-10 19:45 . 2009-05-27 23:43 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-10 19:45 . 2009-05-27 23:43 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-10 19:45 . 2009-05-27 23:43 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-10 19:45 . 2009-05-27 23:43 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-10 19:45 . 2009-05-27 23:42 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-10 19:43 . 2009-05-27 23:43 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-10 19:43 . 2009-05-27 23:42 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-10 19:43 . 2009-05-27 23:43 148992 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2009-04-10 19:43 . 2009-05-27 23:43 22528 ----a-w- c:\windows\system32\drivers\bthenum.sys
2009-04-10 19:43 . 2009-05-27 23:43 507904 ----a-w- c:\windows\system32\drivers\bthport.sys
2009-04-10 19:43 . 2009-05-27 23:43 29696 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2009-04-10 19:42 . 2009-05-27 23:42 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-10 19:42 . 2009-05-27 23:42 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-10 19:42 . 2009-05-27 23:42 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-10 19:42 . 2009-05-27 23:42 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-04-10 19:42 . 2009-05-27 23:42 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-10 19:42 . 2009-05-27 23:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-10 19:42 . 2009-05-27 23:42 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-10 19:42 . 2009-05-27 23:43 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-10 19:39 . 2009-05-27 23:42 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-10 19:39 . 2009-05-27 23:43 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-10 19:39 . 2009-05-27 23:43 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-10 19:38 . 2009-05-27 23:42 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-10 19:27 . 2009-05-27 23:43 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-10 19:24 . 2009-05-27 23:42 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-04-10 19:23 . 2009-05-27 23:43 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-10 19:23 . 2009-05-27 23:43 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-10 19:23 . 2009-05-27 23:43 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-10 19:22 . 2009-05-27 23:42 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-10 19:15 . 2009-05-27 23:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-10 19:15 . 2009-05-27 23:42 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-10 19:15 . 2009-05-27 23:42 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-10 19:14 . 2009-05-27 23:43 351744 ----a-w- c:\windows\system32\drivers\csc.sys
2009-04-10 19:14 . 2009-05-27 23:43 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-10 19:14 . 2009-05-27 23:43 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-10 19:14 . 2009-05-27 23:43 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-10 19:14 . 2009-05-27 23:43 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-10 19:14 . 2009-05-27 23:43 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-10 19:14 . 2009-05-27 23:43 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-10 19:14 . 2009-05-27 23:43 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-10 19:14 . 2009-05-27 23:42 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2009-04-10 19:13 . 2009-05-27 23:43 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2009-04-10 19:13 . 2009-05-27 23:43 142848 ----a-w- c:\windows\system32\drivers\fastfat.sys
2009-04-10 19:12 . 2009-05-27 23:43 617984 ----a-w- c:\windows\system32\adtschema.dll
2009-04-10 17:52 . 2009-05-27 23:42 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2009-04-10 16:59 . 2009-05-27 23:42 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-04-10 16:59 . 2009-05-27 23:42 107612 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2009-04-02 14:29 . 2009-04-02 14:29 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-29 19:42 . 2009-05-27 23:43 93512 ----a-w- c:\windows\system32\dfshim.dll
2009-03-29 19:42 . 2009-05-27 23:43 80720 ----a-w- c:\windows\system32\mscories.dll
2009-03-29 19:42 . 2009-05-27 23:43 278848 ----a-w- c:\windows\system32\mscoree.dll
2009-03-29 19:42 . 2009-05-27 23:43 155456 ----a-w- c:\windows\system32\mscorier.dll
2009-03-26 13:23 . 2009-03-26 13:23 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-26 13:23 . 2009-03-26 13:23 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-08 11:34 . 2009-05-26 08:08 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-26 08:08 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-26 08:08 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-26 08:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-10 21:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-05-07 1826816]

c:\users\Zarko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
desktop.exe [2008-12-19 228692]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cf,a9,b1,3f,27,df,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3421091432-1391080257-1961547046-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{57C92971-2986-4DBF-B2D6-DB0F1285B1CA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A1D713C3-0C8A-472F-A0B6-DB90D63EDA7E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4306053B-B32D-444B-97D1-19A09170A7EB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{16D0D73E-A47D-408A-ABDB-23B9319F31FA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25.5.2009 11:22 108289]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [2.11.2006 12:25 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [2.11.2006 12:25 251904]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [26.2.2007 14:03 2217416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
IE: &Preuzmi sa FlashGet-om - c:\program files\FlashGet\jc_link.htm
IE: &Preuzmi sve sa FlashGet-om - c:\program files\FlashGet\jc_all.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Zarko\AppData\Roaming\Mozilla\Firefox\Profiles\s4p2095y.default\
FF - prefs.js: browser.startup.homepage - www.google.rs
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 21:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-01 21:01
ComboFix-quarantined-files.txt 2009-06-01 19:01

Pre-Run: 3.570.413.568 bytes free
Post-Run: 3.555.860.480 bytes free

334 --- E O F --- 2009-05-28 23:37

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\users\Zarko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe

Folder::
C:\Win


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 11 Sep 2007
  • Poruke: 3271

ComboFix 09-05-31.06 - Zarko 02.06.2009 11:31.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.381.1033.18.3326.2128 [GMT 2:00]
Running from: c:\users\Zarko\Desktop\ComboFix.exe
Command switches used :: c:\users\Zarko\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\users\Zarko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Zarko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe
C:\Win
c:\win\1.exe
c:\win\desktop.exe
c:\win\lsass.exe
c:\win\names.txt

.
((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
.

2009-06-02 09:33 . 2009-06-02 09:33 -------- d-----w- c:\users\Zarko\AppData\Local\temp
2009-06-01 13:33 . 2009-06-01 13:44 -------- d-----w- c:\users\Zarko\AppData\Roaming\Apple Computer
2009-06-01 13:33 . 2009-06-01 13:33 -------- d-----w- c:\users\Zarko\AppData\Local\Apple Computer
2009-06-01 13:32 . 2009-06-01 13:32 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-01 13:32 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-01 13:32 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\iPod
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\iTunes
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\Bonjour
2009-06-01 13:32 . 2009-06-01 13:32 -------- d-----w- c:\program files\QuickTime
2009-06-01 13:31 . 2009-06-01 13:32 -------- d-----w- c:\programdata\Apple Computer
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\users\Zarko\AppData\Local\Apple
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\program files\Apple Software Update
2009-06-01 13:31 . 2009-06-01 13:32 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 13:31 . 2009-06-01 13:31 -------- d-----w- c:\programdata\Apple
2009-05-29 12:11 . 2009-05-29 12:11 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-05-29 12:11 . 2009-05-29 12:11 -------- d-----w- c:\program files\Acronis
2009-05-29 12:11 . 2009-05-29 12:11 -------- d-----w- c:\program files\Common Files\Acronis
2009-05-29 11:10 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-05-29 11:09 . 2009-05-29 11:09 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-29 11:09 . 2009-05-29 11:09 -------- d-----w- c:\program files\Microsoft.NET
2009-05-28 23:46 . 2009-05-28 23:47 -------- d-----w- c:\users\Zarko\AppData\Local\Microsoft Games
2009-05-28 23:46 . 2009-05-28 23:46 -------- d-----w- c:\users\Zarko\AppData\Local\Scansoft
2009-05-28 23:36 . 2007-07-19 23:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2009-05-28 23:36 . 2009-05-28 23:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-28 23:36 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-05-28 22:12 . 2009-05-28 22:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-28 19:47 . 2009-05-28 19:47 -------- d-----w- c:\program files\Common Files\ABBYY
2009-05-28 19:45 . 2009-05-28 19:49 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2009-05-28 19:42 . 2008-05-16 03:51 -------- d-----w- C:\FR90PE_VOL
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\programdata\InstallShield
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\users\Zarko\AppData\Roaming\ScanSoft
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\programdata\ScanSoft
2009-05-28 11:04 . 2009-05-28 11:04 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-05-28 11:03 . 2009-05-28 11:03 -------- d-----w- c:\program files\ScanSoft
2009-05-27 23:54 . 2009-05-27 23:55 -------- d-----w- c:\windows\system32\ca-ES
2009-05-27 23:54 . 2009-05-27 23:54 -------- d-----w- c:\windows\system32\eu-ES
2009-05-27 23:54 . 2009-05-27 23:54 -------- d-----w- c:\windows\system32\vi-VN
2009-05-27 23:52 . 2009-05-27 23:52 -------- d-----w- c:\windows\system32\SPReview
2009-05-27 23:44 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-05-27 23:42 . 2009-04-10 21:28 469504 ----a-w- c:\windows\system32\newdev.dll
2009-05-27 23:40 . 2009-05-27 23:40 -------- d-----w- c:\windows\system32\EventProviders
2009-05-27 20:10 . 2009-05-28 22:13 -------- d-----w- c:\users\Zarko\AppData\Local\Adobe
2009-05-27 20:06 . 2009-05-27 20:06 -------- d-----w- c:\users\Zarko\AppData\Roaming\ABBYY
2009-05-27 19:12 . 2009-05-27 19:12 -------- d-----w- c:\users\Zarko\AppData\Local\Apps
2009-05-27 19:04 . 2009-05-28 19:45 -------- d-----w- c:\users\Zarko\AppData\Local\ABBYY
2009-05-27 19:04 . 2009-05-27 20:07 -------- d-----w- c:\programdata\ABBYY
2009-05-27 19:01 . 2009-05-27 19:02 -------- d-----w- c:\temp\FR90PE
2009-05-27 19:01 . 2009-05-27 19:01 -------- d-----w- C:\temp
2009-05-27 17:24 . 2009-05-27 23:40 -------- d-----w- C:\Downloads
2009-05-27 17:24 . 2009-05-27 17:24 -------- d-----w- c:\users\Zarko\AppData\Roaming\FlashGet
2009-05-27 17:23 . 2009-05-27 17:24 -------- d-----w- c:\program files\FlashGet
2009-05-27 17:20 . 2009-05-27 17:20 -------- d-----w- c:\users\Zarko\AppData\Roaming\Ahead
2009-05-27 17:14 . 2009-05-27 17:16 -------- d-----w- c:\users\Zarko\AppData\Roaming\Canon
2009-05-26 08:55 . 2009-05-26 08:19 4152184 ----a-w- c:\windows\system32\wgaer_m.exe
2009-05-26 02:57 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-05-26 02:54 . 2009-05-26 02:54 -------- d-----w- c:\program files\MSXML 4.0
2009-05-26 00:57 . 2008-02-29 06:35 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-05-26 00:26 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-05-26 00:26 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-05-26 00:26 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-26 00:26 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-05-26 00:26 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-26 00:26 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-26 00:26 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-05-26 00:26 . 2008-10-16 12:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-05-26 00:26 . 2008-10-16 11:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-05-25 23:43 . 2009-05-25 23:43 -------- d-----w- c:\users\Zarko\AppData\Local\BuildAGadget Content
2009-05-25 23:41 . 2009-05-27 17:20 -------- d-----w- c:\users\Zarko\AppData\Local\Ahead
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\programdata\Nero
2009-05-25 23:40 . 2009-05-25 23:40 -------- d-----w- c:\program files\Nero
2009-05-25 23:38 . 2009-06-02 06:26 -------- d-----w- c:\users\Zarko\Tracing
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Microsoft
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-25 23:37 . 2009-05-25 23:37 -------- d-----w- c:\program files\Windows Live
2009-05-25 23:15 . 2009-05-25 23:15 -------- d-----w- C:\PerfLogs
2009-05-25 22:49 . 2008-01-18 21:33 193024 ----a-w- c:\windows\system32\recdisc.exe
2009-05-25 22:49 . 2008-01-18 21:36 6656 ----a-w- c:\windows\system32\sdspres.dll
2009-05-25 22:49 . 2008-01-18 21:36 28160 ----a-w- c:\windows\system32\sxproxy.dll
2009-05-25 22:47 . 2008-01-18 21:33 88064 ----a-w- c:\windows\system32\wiaacmgr.exe
2009-05-25 22:30 . 2009-05-25 22:30 -------- d-----w- c:\users\Zarko\AppData\Local\Microsoft Help
2009-05-25 22:30 . 2009-05-27 21:50 -------- d-----w- c:\programdata\Microsoft Help
2009-05-25 21:36 . 2009-05-25 21:36 -------- d-----w- c:\windows\PCHEALTH
2009-05-25 18:57 . 2009-05-25 09:02 -------- d-----w- c:\windows\Panther
2009-05-25 18:56 . 2009-05-28 00:00 -------- d-sh--w- C:\Boot
2009-05-25 16:47 . 2009-05-25 16:47 -------- d-----w- c:\users\Zarko\AppData\Roaming\Media Player Classic
2009-05-25 16:20 . 2009-05-25 16:20 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-25 16:16 . 2009-05-25 16:16 -------- d-----w- c:\program files\Canon
2009-05-25 16:15 . 2005-02-28 11:20 57344 ----a-w- c:\windows\system32\CNQU110.DLL
2009-05-25 16:14 . 2009-05-25 16:14 -------- d--h--w- C:\CanoScan
2009-05-25 16:14 . 2005-06-23 20:17 352256 ----a-w- c:\windows\system32\CNQL1213.DLL
2009-05-25 16:08 . 2009-05-25 16:08 -------- d-----w- c:\program files\CCleaner
2009-05-25 16:08 . 2009-05-25 16:08 -------- d-----w- c:\program files\Defraggler
2009-05-25 16:05 . 2009-05-25 16:05 -------- d-----w- c:\users\Zarko\AppData\Local\Mozilla
2009-05-25 16:05 . 2009-05-25 16:05 -------- d-----w- c:\windows\system32\Macromed
2009-05-25 16:04 . 2009-05-25 16:04 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-25 16:04 . 2009-05-25 16:04 -------- d-----w- c:\program files\Java
2009-05-25 16:02 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-25 16:02 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-25 16:02 . 2009-05-25 16:02 -------- d-----w- c:\program files\Real Alternative
2009-05-25 16:02 . 2009-05-25 16:02 -------- d-----w- c:\users\Zarko\AppData\Local\Real
2009-05-25 16:01 . 2009-05-25 16:01 0 ----a-w- c:\windows\nsreg.dat
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\users\Zarko\AppData\Local\Thunderbird
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\users\Zarko\AppData\Roaming\Thunderbird
2009-05-25 16:01 . 2009-05-25 16:01 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-25 15:57 . 2009-05-25 15:57 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-25 15:57 . 2009-05-27 14:08 -------- d-----w- c:\users\Zarko\AppData\Roaming\Winamp
2009-05-25 15:57 . 2009-05-25 15:58 -------- d-----w- c:\program files\Winamp
2009-05-25 15:55 . 2009-05-25 15:55 -------- d-----w- c:\programdata\NVIDIA
2009-05-25 15:42 . 2007-07-23 01:41 753664 ----a-w- c:\windows\system32\nvcplui.exe
2009-05-25 15:42 . 2007-07-23 01:41 307200 ----a-w- c:\windows\system32\nvexpbar.dll
2009-05-25 15:42 . 2007-07-23 01:41 1073152 ----a-w- c:\windows\system32\nvcpluir.dll
2009-05-25 15:41 . 2007-07-23 01:41 356352 ----a-w- c:\windows\system32\nvuninst.exe
2009-05-25 15:41 . 2007-07-23 01:41 356352 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-25 15:40 . 2009-05-25 16:21 -------- d-----w- c:\windows\UI
2009-05-25 15:39 . 2007-06-26 06:56 2173480 ----a-w- c:\windows\TBPanel.exe
2009-05-25 15:39 . 2007-03-16 02:11 12256 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2009-05-25 15:39 . 2007-01-31 02:56 32768 ----a-w- c:\windows\TBPanelExt.dll
2009-05-25 15:39 . 2004-07-17 15:48 36864 ----a-w- c:\windows\GWLib.dll
2009-05-25 15:39 . 1998-11-17 23:27 26624 ----a-w- c:\windows\TBZoom.exe
2009-05-25 15:39 . 1998-10-31 02:55 5120 ----a-w- c:\windows\TBManage.dll
2009-05-25 15:39 . 1997-07-15 02:00 33280 ----a-w- c:\windows\DXTool.exe
2009-05-25 15:33 . 2009-05-25 15:33 315392 ----a-w- c:\windows\HideWin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 12:19 . 2009-06-01 12:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-05-29 11:15 . 2009-05-25 09:11 74696 ----a-w- c:\users\Zarko\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-28 23:36 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-05-27 23:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-27 23:55 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-05-27 23:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-26 17:20 . 2009-05-26 17:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-25 23:06 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-25 23:06 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-25 16:03 . 2009-05-25 16:03 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-25 15:36 . 2009-05-25 09:11 680 ----a-w- c:\users\Zarko\AppData\Local\d3d9caps.dat
2009-05-25 15:34 . 2009-05-25 15:34 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-04-10 21:33 . 2009-05-27 23:42 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-10 21:33 . 2009-05-27 23:42 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-10 21:33 . 2009-05-27 23:43 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-10 21:33 . 2009-05-27 23:42 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-10 21:33 . 2009-05-27 23:42 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-10 21:28 . 2009-05-27 23:42 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-10 21:27 . 2009-05-27 23:43 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-04-10 21:22 . 2009-05-27 23:43 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-10 21:21 . 2009-05-27 23:43 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-10 20:42 . 2009-05-27 23:43 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-10 20:03 . 2009-05-27 23:43 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-10 20:03 . 2009-05-27 23:43 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 19:57 . 2009-05-27 23:42 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-10 19:55 . 2009-05-27 23:42 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-10 19:52 . 2009-05-27 23:43 248320 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-04-10 19:51 . 2009-05-27 23:43 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-10 19:47 . 2009-05-27 23:43 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-10 19:46 . 2009-05-27 23:43 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-10 19:46 . 2009-05-27 23:43 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-10 19:46 . 2009-05-27 23:43 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-10 19:46 . 2009-05-27 23:42 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-10 19:46 . 2009-05-27 23:43 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-10 19:46 . 2009-05-27 23:42 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-10 19:45 . 2009-05-27 23:42 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-10 19:45 . 2009-05-27 23:43 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-10 19:45 . 2009-05-27 23:43 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-10 19:45 . 2009-05-27 23:43 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-10 19:45 . 2009-05-27 23:43 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-10 19:45 . 2009-05-27 23:42 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-10 19:43 . 2009-05-27 23:43 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-10 19:43 . 2009-05-27 23:42 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-10 19:43 . 2009-05-27 23:43 148992 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2009-04-10 19:43 . 2009-05-27 23:43 22528 ----a-w- c:\windows\system32\drivers\bthenum.sys
2009-04-10 19:43 . 2009-05-27 23:43 507904 ----a-w- c:\windows\system32\drivers\bthport.sys
2009-04-10 19:43 . 2009-05-27 23:43 29696 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2009-04-10 19:42 . 2009-05-27 23:42 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-10 19:42 . 2009-05-27 23:42 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-10 19:42 . 2009-05-27 23:42 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-10 19:42 . 2009-05-27 23:42 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-04-10 19:42 . 2009-05-27 23:42 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-10 19:42 . 2009-05-27 23:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-10 19:42 . 2009-05-27 23:42 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-10 19:42 . 2009-05-27 23:43 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-10 19:39 . 2009-05-27 23:42 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-10 19:39 . 2009-05-27 23:43 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-10 19:39 . 2009-05-27 23:43 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-10 19:38 . 2009-05-27 23:42 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-10 19:27 . 2009-05-27 23:43 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-10 19:24 . 2009-05-27 23:42 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-04-10 19:23 . 2009-05-27 23:43 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-10 19:23 . 2009-05-27 23:43 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-10 19:23 . 2009-05-27 23:43 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-10 19:22 . 2009-05-27 23:42 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-10 19:15 . 2009-05-27 23:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-10 19:15 . 2009-05-27 23:42 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-10 19:15 . 2009-05-27 23:42 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-10 19:14 . 2009-05-27 23:43 351744 ----a-w- c:\windows\system32\drivers\csc.sys
2009-04-10 19:14 . 2009-05-27 23:43 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-10 19:14 . 2009-05-27 23:43 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-10 19:14 . 2009-05-27 23:43 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-10 19:14 . 2009-05-27 23:43 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-10 19:14 . 2009-05-27 23:43 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-10 19:14 . 2009-05-27 23:43 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-10 19:14 . 2009-05-27 23:43 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-10 19:14 . 2009-05-27 23:42 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2009-04-10 19:13 . 2009-05-27 23:43 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2009-04-10 19:13 . 2009-05-27 23:43 142848 ----a-w- c:\windows\system32\drivers\fastfat.sys
2009-04-10 19:12 . 2009-05-27 23:43 617984 ----a-w- c:\windows\system32\adtschema.dll
2009-04-10 17:52 . 2009-05-27 23:42 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2009-04-10 16:59 . 2009-05-27 23:42 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-04-10 16:59 . 2009-05-27 23:42 107612 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2009-04-02 14:29 . 2009-04-02 14:29 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-29 19:42 . 2009-05-27 23:43 93512 ----a-w- c:\windows\system32\dfshim.dll
2009-03-29 19:42 . 2009-05-27 23:43 80720 ----a-w- c:\windows\system32\mscories.dll
2009-03-29 19:42 . 2009-05-27 23:43 278848 ----a-w- c:\windows\system32\mscoree.dll
2009-03-29 19:42 . 2009-05-27 23:43 155456 ----a-w- c:\windows\system32\mscorier.dll
2009-03-26 13:23 . 2009-03-26 13:23 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-26 13:23 . 2009-03-26 13:23 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-08 11:34 . 2009-05-26 08:08 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-26 08:08 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-26 08:08 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-26 08:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-01_19.00.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:03 . 2009-06-02 06:27 43432 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-05-25 09:12 . 2009-06-01 17:20 4924 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3421091432-1391080257-1961547046-1000_UserData.bin
+ 2009-05-25 09:12 . 2009-06-02 06:27 4924 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3421091432-1391080257-1961547046-1000_UserData.bin
- 2009-06-01 17:09 . 2009-06-01 17:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-01 17:09 . 2009-06-02 06:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-01 17:09 . 2009-06-01 17:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-01 17:09 . 2009-06-02 06:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-06-02 08:59 586980 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-01 18:31 586980 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-01 18:31 101052 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-02 08:59 101052 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-10 21:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-05-07 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cf,a9,b1,3f,27,df,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3421091432-1391080257-1961547046-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{57C92971-2986-4DBF-B2D6-DB0F1285B1CA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A1D713C3-0C8A-472F-A0B6-DB90D63EDA7E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4306053B-B32D-444B-97D1-19A09170A7EB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{16D0D73E-A47D-408A-ABDB-23B9319F31FA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25.5.2009 11:22 108289]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [2.11.2006 12:25 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [2.11.2006 12:25 251904]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [26.2.2007 14:03 2217416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
.
------- Supplementary Scan -------
.
IE: &Preuzmi sa FlashGet-om - c:\program files\FlashGet\jc_link.htm
IE: &Preuzmi sve sa FlashGet-om - c:\program files\FlashGet\jc_all.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {62DEC95B-3E84-46DF-943D-B571E15D2E11} = 62.240.12.1 62.240.12.2
FF - ProfilePath - c:\users\Zarko\AppData\Roaming\Mozilla\Firefox\Profiles\s4p2095y.default\
FF - prefs.js: browser.startup.homepage - www.google.rs
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-02 11:33
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-02 11:35
ComboFix-quarantined-files.txt 2009-06-02 09:34
ComboFix2.txt 2009-06-01 19:01

Pre-Run: 3.551.592.448 bytes free
Post-Run: 3.527.180.288 bytes free

354 --- E O F --- 2009-05-28 23:37

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Tell me some good news Mr. Green

offline
  • Pridružio: 11 Sep 2007
  • Poruke: 3271

Well, what should I say, thx, bro, it worked Mr. Green

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ok.. to bi bilo to


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.


PoZzz

offline
  • Pridružio: 11 Sep 2007
  • Poruke: 3271

All done, clean Smile
Duboko hvala Mr. Green

Ko je trenutno na forumu
 

Ukupno su 1345 korisnika na forumu :: 33 registrovanih, 5 sakrivenih i 1307 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aleksandarbl, amaterSRB, Andrija357, Atomski čoban, babaroga, Bane san, Bobrock1, Cobi026, Dorcolac, drimer, GandorCC, Georgius, Litostroton, Lukaaa, Mi lao shu, mile23, milutin134, MiroslavD, mrav pesadinac, naki011, nesa1962, Panter, pein, Posmatrac77OKB, raptorsi, ruma, S2M, sevenino, Sloven, taz1cl, vasa.93, vladulns, zlaya011