problem

1

problem

offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Avast stalno detektuje neke trojance.I kad proba da ih obrise nekad se pojavi plavi ekran!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\vmnat.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Actual Transparent Window\ActualTransparentWindowCenter.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\CbEvtSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\FLAMEO~1\LOCALS~1\Temp\tsz14.tmp
C:\WINDOWS\system32\svchost.exe
D:\vazno\Instalacije\INSTALACIJE\install\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - C:\WINDOWS\system32\iifgHwVN.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - (no file)
O2 - BHO: 3D Wonder IE Hooks - {F9ECC505-7863-46F3-B2BB-4423D168449D} - C:\WINDOWS\system32\_3DWonder_IEHooks.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Actual Transparent Window] "C:\Program Files\Actual Transparent Window\ActualTransparentWindowCenter.exe"
O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: iifgHwVN - C:\WINDOWS\SYSTEM32\iifgHwVN.dll
O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll
O20 - Winlogon Notify: yxxvgxzn - C:\WINDOWS\SYSTEM32\yxxvgxzn32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CbEvtSvc (cbevtsvc) - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 7540 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Pažljivo isprati sledeća uputstva.



Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings....

U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK.

Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.


Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja.


-------------------------------------------------------------------------------------



Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Evo novog problema combofix nisam ni mogao da skinem iz xp pa sam morao iz viste.Kasnije kliknem ja na combofix iz xp i nece uposte da se pokrene(cekao sam 15min)U medjuvremenu pocele su da mi se pojavljulju i nestaju ikonice i da mi iskace kako imam malware na kompu

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Probaj sa kopijom sa sledećeg linka:

http://amf.mycity.rs/programs/mirrored/C-F.exe

offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Evo loga napominjem da mi je trazio da restartujem komp jer je nasao rootkit i onda vise nisam mogao da se logujem na moj acc u xp pa sam to zavrsio u safe modu!Kada se ponovo restartovao uspeo sam da se ulogujem i izasao mi je log:
ComboFix 08-11-27.07 - FlAmE of HeLl 2008-11-28 18:44:55.7 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1732 [GMT 1:00]

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 25600 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\FlAmE of HeLl\Application Data\gadcom
c:\documents and settings\FlAmE of HeLl\Application Data\gadcom\gadcom.exe
c:\documents and settings\LocalService\Application Data\1041834537.exe
c:\documents and settings\LocalService\Application Data\1124283859.exe
c:\documents and settings\LocalService\Application Data\1181172579.exe
c:\program files\Internet Explorer\setupapi.dll
c:\program files\Mozilla Firefox\setupapi.dll
c:\windows\sysin.scr
c:\windows\system32\(zabranjeno).txt
c:\windows\system32\bJkkmnmp.ini
c:\windows\system32\bJkkmnmp.ini2
c:\windows\system32\CbEvtSvc.exe
c:\windows\system32\drivers\53c55139.sys
c:\windows\system32\drivers\ati7ffxx.sys
c:\windows\system32\drivers\TDSSmhct.sys
c:\windows\system32\Drivers\TDSSmqct.sys
c:\windows\system32\Dvbpws.dll
c:\windows\system32\finance.txt
c:\windows\system32\geBssqNF.dll
c:\windows\system32\lt.res
c:\windows\system32\other.txt
c:\windows\system32\pharma.txt
c:\windows\system32\pmnmkkJb.dll
c:\windows\system32\rqRLdExU.dll
c:\windows\system32\rs32net.exe
c:\windows\system32\sft.res
c:\windows\system32\sn.txt
c:\windows\system32\sxmg4.dll
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSfxwp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSoiqt.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSStkdv.log
c:\windows\system32\yxxvgxzn.dll
c:\windows\system32\yxxvgxzn32.dll
c:\windows\Tasks\sfzywxpf.job
c:\windows\Tasks\sypixgig.job
I:\Autorun.inf
I:\tel.xls.exe

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_ati7ffxx
-------\Legacy_cbevtsvc
-------\Legacy_icf
-------\Legacy_RESTORE
-------\Service_ati7ffxx
-------\Service_cbevtsvc
-------\Service_icf
-------\Service_restore


((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-29 01:30 . 2008-11-29 01:27 3,055,459 --a------ C:\ComboFix.exe
2008-11-28 11:57 . 2008-11-28 11:57 16,451 --a------ c:\windows\gmail.com-error.html
2008-11-28 11:57 . 2008-11-28 11:57 6,182 --a------ c:\windows\live.com-error.html
2008-11-28 11:57 . 2008-11-28 11:57 5,596 --a------ c:\windows\aol.com-error.html
2008-11-28 11:57 . 2008-11-28 11:57 3,696 --a------ c:\windows\google.com-error.html
2008-11-28 11:57 . 2008-11-28 11:57 2,258 --a------ c:\windows\search.yahoo.com-error.html
2008-11-28 11:49 . 2008-11-28 11:49 8,192 --a------ C:\blygxu.exe
2008-11-28 11:45 . 2008-11-28 11:51 104,448 --a------ C:\qthqdso.exe
2008-11-28 11:45 . 2008-11-28 11:45 39,424 --a------ c:\windows\system32\winjrs32.dll
2008-11-28 11:44 . 2008-11-28 11:44 40,448 --a------ c:\windows\system32\iifgHwVN.dll
2008-11-28 11:44 . 2008-11-28 11:51 705 --a------ C:\kxhvehm.exe
2008-11-28 11:44 . 2008-11-28 11:50 2 --a------ C:\-388535608
2008-11-28 11:40 . 2008-10-28 23:08 723,504 --a------ c:\windows\system32\vnetlib.dll
2008-11-28 11:40 . 2008-10-28 23:07 399,920 --a------ c:\windows\system32\vmnat.exe
2008-11-28 11:40 . 2008-10-28 23:08 326,192 --a------ c:\windows\system32\vmnetdhcp.exe
2008-11-28 11:40 . 2008-10-28 17:03 55,856 -ra------ c:\windows\system32\vnetinst.dll
2008-11-28 11:40 . 2008-10-28 17:03 50,736 -ra------ c:\windows\system32\vmnetbridge.dll
2008-11-28 11:40 . 2008-10-28 17:03 31,280 -ra------ c:\windows\system32\drivers\vmnetbridge.sys
2008-11-28 11:40 . 2008-10-28 23:08 26,288 --a------ c:\windows\system32\drivers\vmnetuserif.sys
2008-11-28 11:40 . 2008-10-28 17:03 18,736 -ra------ c:\windows\system32\drivers\vmnet.sys
2008-11-28 11:40 . 2008-10-28 17:03 16,560 -ra------ c:\windows\system32\drivers\vmnetadapter.sys
2008-11-28 11:39 . 2008-10-28 23:08 23,216 --a------ c:\windows\system32\drivers\VMkbd.sys
2008-11-28 11:39 . 2008-11-28 11:39 1,024 --a------ C:\.rnd
2008-11-28 11:38 . 2008-11-28 11:38 <DIR> d-------- c:\program files\VMware
2008-11-28 10:42 . 2008-11-28 10:42 <DIR> d-------- c:\program files\Color_Cop
2008-11-28 10:42 . 2008-11-28 10:42 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\ColorCop
2008-11-28 10:41 . 2008-11-28 10:41 <DIR> d-------- c:\program files\Actual Transparent Window
2008-11-28 10:41 . 2008-11-28 10:41 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Actual Tools
2008-11-28 10:40 . 2008-11-28 10:40 <DIR> d-------- c:\program files\Anders Kjersem
2008-11-27 22:21 . 2008-11-28 09:00 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\CoreFTP
2008-11-27 22:20 . 2008-11-27 22:20 <DIR> d-------- c:\program files\CoreFTP
2008-11-26 21:56 . 2008-11-26 21:56 447,958 --a------ C:\AnalysisLog.sr0
2008-11-26 11:23 . 2008-11-26 11:23 8,192 --ahs---- c:\windows\Thumbs.db
2008-11-26 10:12 . 2008-08-14 11:09 2,145,280 --a------ c:\windows\system32\ntoskrnl.exe.FlyakiteOSX
2008-11-26 10:12 . 2008-08-14 10:33 2,023,936 --a------ c:\windows\system32\ntkrnlpa.exe.FlyakiteOSX
2008-11-26 10:12 . 2008-04-14 05:42 514,560 --a------ c:\windows\system32\logonui.exe.FlyakiteOSX
2008-11-26 10:12 . 2008-04-14 05:42 220,672 --a------ c:\windows\system32\logon.scr.FlyakiteOSX
2008-11-25 20:03 . 2008-11-26 10:24 <DIR> d-------- c:\program files\Safari
2008-11-25 20:03 . 2008-11-25 20:03 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Apple Computer
2008-11-25 11:21 . 2008-11-26 20:46 <DIR> d-------- C:\tmp
2008-11-24 20:56 . 2008-11-24 20:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SimCity Societies
2008-11-24 12:34 . 2008-11-24 12:34 <DIR> d-------- c:\program files\RivaTuner v2.20
2008-11-24 09:39 . 2008-11-28 11:55 <DIR> d-------- c:\program files\Minefield
2008-11-24 08:38 . 2008-11-24 08:38 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Media Player Classic
2008-11-24 08:37 . 2008-11-24 08:37 <DIR> d-------- c:\program files\Real Alternative
2008-11-24 08:09 . 2008-11-24 08:09 <DIR> d-------- c:\program files\MediaInfo
2008-11-23 21:34 . 2008-11-23 21:34 <DIR> d-------- c:\program files\Sun
2008-11-23 14:43 . 2008-11-26 20:45 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-23 14:43 . 2008-11-23 14:43 1,409 --a------ c:\windows\QTFont.for
2008-11-20 20:06 . 2008-11-20 20:06 <DIR> d-------- C:\DVDVideoSoft
2008-11-18 20:51 . 2008-11-18 20:51 <DIR> d-------- c:\program files\PowerISO
2008-11-18 20:23 . 2008-11-18 20:23 <DIR> d-------- c:\program files\VirtualDJ
2008-11-18 20:04 . 2008-11-18 20:04 <DIR> d-------- c:\program files\Cadsoft
2008-11-18 20:04 . 2008-11-18 20:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Cadsoft
2008-11-17 21:09 . 2008-11-17 21:54 280 --a------ c:\windows\{21D15DED-F125-46C8-8017-CB9F1CEB5B4D}_WiseFW.ini
2008-11-17 21:04 . 2008-11-17 21:04 2,306,113 --a------ c:\windows\system32\GPhotos.scr
2008-11-17 20:44 . 2008-11-17 20:44 <DIR> d-------- c:\program files\DVDVideoSoft
2008-11-17 20:44 . 2008-11-17 20:44 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft
2008-11-17 14:33 . 2008-11-17 14:33 <DIR> d-------- c:\program files\Monte Cristo
2008-11-16 19:22 . 2008-11-16 19:23 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Sports Interactive
2008-11-16 19:22 . 2008-11-16 22:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2008-11-15 15:13 . 2008-11-15 15:13 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Skinux
2008-11-15 15:11 . 2008-11-15 15:11 <DIR> d-------- c:\program files\The Skins Factory
2008-11-15 12:16 . 2008-11-15 12:16 <DIR> d-------- c:\program files\Sony Ericsson
2008-11-15 08:25 . 2008-11-15 08:31 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Digsby
2008-11-15 08:22 . 2008-11-15 08:25 <DIR> d-------- c:\program files\Digsby
2008-11-14 13:33 . 2008-11-14 13:33 <DIR> d-------- c:\program files\TGTSoft
2008-11-14 08:18 . 2008-11-14 08:18 <DIR> d-------- c:\program files\TeamViewer3
2008-11-14 08:18 . 2008-11-14 08:18 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\temp
2008-11-14 08:18 . 2008-11-14 08:18 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\TeamViewer
2008-11-14 08:14 . 2008-11-14 08:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-14 08:14 . 2008-11-14 08:14 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Malwarebytes
2008-11-14 08:14 . 2008-11-14 08:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-14 08:14 . 2008-10-22 16:27 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-14 08:14 . 2008-10-22 16:27 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-12 21:39 . 2008-11-12 21:39 <DIR> d-------- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2008-11-12 20:39 . 2008-11-12 20:39 <DIR> d-------- c:\program files\YouTube Downloader
2008-11-12 11:13 . 2008-11-12 11:13 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-11 22:22 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-11-11 22:22 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-11-11 22:22 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-11-11 22:22 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-11-11 22:22 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-11-11 22:22 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-11-11 22:22 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-11-11 22:21 . 2008-11-11 22:21 <DIR> d-------- C:\dx
2008-11-11 22:03 . 2008-11-11 22:03 <DIR> d-------- c:\program files\Audacity
2008-11-11 22:00 . 2008-11-11 22:00 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-11-11 21:59 . 2008-11-11 21:59 <DIR> d-------- c:\program files\IObit
2008-11-10 13:14 . 2008-11-10 13:14 2,915,944 --a------ c:\windows\system32\drivers\appdrv01.sys
2008-11-10 13:14 . 2008-11-10 13:14 304,528 --a------ c:\windows\system32\appdrvrem01.exe
2008-11-10 12:47 . 2008-11-10 13:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-10 12:44 . 2008-11-10 12:44 <DIR> d-------- c:\program files\Adobe Media Player
2008-11-10 12:41 . 2008-11-10 12:41 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-09 11:21 . 2008-11-09 11:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-11-09 11:09 . 2008-11-09 11:12 <DIR> d-------- C:\HLserver
2008-11-08 21:54 . 2008-11-09 09:36 <DIR> d-------- c:\program files\Valvee
2008-11-08 21:53 . 2008-11-08 21:53 <DIR> d-------- c:\program files\Valvebre
2008-11-08 21:48 . 2008-11-08 21:48 <DIR> d-------- c:\program files\MSN Messenger
2008-11-06 14:27 . 2008-11-06 14:27 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\OpenOffice.org
2008-11-06 13:25 . 2008-11-06 13:25 <DIR> d-------- c:\program files\Readon Technology
2008-11-06 13:21 . 2008-11-06 13:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\dtv
2008-11-06 13:17 . 2008-11-06 13:18 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\SoftMaker
2008-11-06 13:16 . 2008-11-06 13:22 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Ashampoo
2008-11-06 13:16 . 2008-11-06 13:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2008-11-06 13:15 . 2008-11-06 13:22 <DIR> d-------- c:\program files\Ashampoo
2008-11-05 22:36 . 2008-11-05 22:36 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Thinstall
2008-11-05 22:27 . 2008-11-05 22:27 <DIR> d-------- c:\program files\Gordian Knot v0.35.0 Portable
2008-11-05 15:26 . 2008-11-05 15:26 <DIR> d-------- c:\program files\BS.Player ControlBar
2008-11-05 15:26 . 2008-11-05 18:09 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\BSplayer
2008-11-05 15:23 . 2008-11-05 15:23 <DIR> d-------- c:\program files\OpenOffice.org 3
2008-11-05 14:42 . 2008-11-05 14:42 <DIR> d-------- c:\program files\Pidgin
2008-11-05 14:42 . 2008-11-05 14:42 <DIR> d-------- c:\program files\Common Files\GTK
2008-11-05 14:42 . 2008-11-10 11:12 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\.purple
2008-11-05 14:40 . 2008-11-05 14:40 <DIR> d-------- c:\program files\AskBarDis
2008-11-05 14:40 . 2008-11-23 19:06 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Azureus
2008-11-05 14:40 . 2008-11-05 14:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus
2008-11-05 14:39 . 2008-11-05 14:40 <DIR> d-------- c:\program files\Vuze
2008-11-05 14:39 . 2008-11-05 14:39 <DIR> d-------- c:\program files\Shareaza
2008-11-05 14:09 . 2008-11-05 14:10 5,423 --a------ c:\windows\BricoPackFoldersDelete.cmd
2008-11-05 13:44 . 2008-11-05 13:44 <DIR> d-------- c:\program files\FastStone MaxView
2008-11-05 13:44 . 2008-11-05 13:44 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\FastStone
2008-11-05 13:22 . 2008-11-06 13:23 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\LimeWire
2008-11-04 21:35 . 2008-11-05 14:15 1,092,784 --a------ c:\windows\system32\Desaturated Win7.exe
2008-11-03 20:18 . 2008-11-03 20:21 <DIR> d-------- c:\program files\Wise Registry Cleaner 3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 00:47 --------- d-----w c:\program files\Garena
2008-11-28 08:08 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\BitTorrent
2008-11-26 09:26 --------- d-----w c:\program files\Bonjour
2008-11-26 09:24 --------- d-----w c:\program files\WinRarce
2008-11-24 19:51 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-24 19:51 22,328 ----a-w c:\documents and settings\FlAmE of HeLl\Application Data\PnkBstrK.sys
2008-11-24 19:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 07:36 --------- d-----w c:\program files\Common Files\Real
2008-11-23 19:45 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\BearShare
2008-11-23 11:56 --------- d-----w c:\program files\Valve
2008-11-22 20:13 --------- d-----w c:\program files\Flock
2008-11-21 14:12 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Hamachi
2008-11-21 12:10 --------- d-----w c:\program files\nLite
2008-11-18 19:45 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Activision
2008-11-18 19:45 --------- d-----w c:\documents and settings\All Users\Application Data\Activision
2008-11-17 21:07 --------- d-----w c:\program files\Google
2008-11-17 21:06 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Skype
2008-11-17 20:09 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-15 17:37 --------- d-----w c:\program files\Songbird
2008-11-15 10:42 --------- d-----w c:\program files\Common Files\Adobe
2008-11-15 10:40 --------- d-----w c:\program files\Opera
2008-11-12 10:13 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-12 10:12 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2008-11-11 18:18 --------- d-----w c:\program files\Stardock
2008-11-11 18:18 --------- d-----w c:\program files\Common Files\Stardock
2008-11-08 20:44 --------- d-----w c:\program files\Windows Live
2008-11-06 13:04 --------- d-----w c:\program files\SpeedFan
2008-11-06 12:23 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\FrostWire
2008-11-05 14:26 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-05 14:23 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-11-05 13:46 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\OpenOffice.org2
2008-11-05 13:44 --------- d-----w c:\program files\Recuva
2008-11-05 13:10 71,268 ----a-w c:\windows\BricoPackUninst.cmd
2008-11-05 12:22 --------- d-----w c:\program files\LimeWire
2008-11-03 13:52 --------- d-----w c:\program files\AlienGUIse
2008-11-03 11:55 --------- d-----w c:\documents and settings\All Users\Application Data\Codemasters
2008-11-02 14:12 --------- d-----w c:\program files\World of Warcraft
2008-10-28 07:49 --------- d-----w c:\program files\AIMP2
2008-10-28 07:46 --------- d-----w c:\program files\Miranda IM
2008-10-26 18:57 --------- d-----w c:\program files\MacSearch_v.1.4.3
2008-10-26 18:41 --------- d-----w c:\program files\CursorXP
2008-10-26 16:57 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\FindeXer
2008-10-26 16:05 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-26 12:55 --------- d-----w c:\program files\Blender Foundation
2008-10-26 12:55 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Blender Foundation
2008-10-25 19:37 --------- d-----w c:\program files\Invisible IP Map
2008-10-23 21:39 96,016 ----a-w c:\windows\system32\drivers\VBoxDrv.sys
2008-10-23 21:39 41,744 ----a-w c:\windows\system32\drivers\VBoxUSBMon.sys
2008-10-20 17:19 --------- d-----w c:\program files\Launchy
2008-10-20 17:17 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Launchy
2008-10-19 17:18 --------- d-----w c:\program files\MSXML 4.0
2008-10-19 13:11 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-10-18 17:59 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\MxBoost
2008-10-18 12:50 --------- d--h--w c:\program files\InstallJammer Registry
2008-10-18 08:10 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Dev-Cpp
2008-10-17 10:00 --------- d-----w c:\program files\AGEIA Technologies
2008-10-17 06:32 --------- d-----w c:\program files\GIMP-2.0
2008-10-16 18:42 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-10-16 18:37 --------- d-----w c:\program files\Pivot Stickfigure Animator
2008-10-16 18:32 --------- d-----w c:\program files\ESET
2008-10-16 18:30 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-10-16 06:33 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Miranda
2008-10-13 20:06 --------- d-----w c:\program files\LocalCooling
2008-10-13 06:53 --------- d-----w c:\program files\PhotoFiltre
2008-10-12 15:32 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\AIMP
2008-10-11 07:30 --------- d-----w c:\program files\SecondLife
2008-10-11 07:23 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\SecondLife
2008-10-10 16:10 --------- d-----w c:\program files\Game_Maker7
2008-10-09 16:46 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-09 16:46 47,360 ----a-w c:\documents and settings\FlAmE of HeLl\Application Data\pcouffin.sys
2008-10-09 16:46 --------- d-----w c:\program files\DVDFab 5
2008-10-09 16:46 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Vso
2008-10-09 16:44 --------- d-----w c:\program files\7-Zip
2008-10-07 11:33 6,133,856 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-10-05 19:30 --------- d-----w c:\program files\Windows Journal Viewer
2008-10-05 06:31 --------- d-----w c:\program files\KGB Archiver 2
2008-10-04 15:44 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-10-04 08:23 --------- d-----w c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2008-10-03 09:54 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Nero
2008-10-03 09:51 --------- d-----w c:\program files\Common Files\Nero
2008-10-03 09:42 --------- d-----w c:\program files\Windows Sidebar
2008-10-03 09:38 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-02 20:28 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Disney Interactive Studios
2008-10-02 20:08 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Leadertech
2008-10-02 17:26 64,960 ----a-w c:\windows\system32\drivers\stcp2v30.sys
2008-10-01 18:46 --------- d-----w c:\program files\Free MSN Emoticons Pack 2
2008-10-01 17:26 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\InstallShield Installation Information
2008-10-01 11:12 --------- d-----w c:\program files\Real Desktop
2008-10-01 11:09 --------- d-----w c:\program files\Gamers Tower
2008-10-01 11:09 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Gamers Tower
2008-09-28 11:50 --------- d-----w c:\program files\Paint.NET
2008-09-14 17:58 45,056 ----a-w c:\windows\NCUNINST.EXE
2008-08-13 07:48 20,500 ----a-w c:\documents and settings\FlAmE of HeLl\FMCodec.dat
2006-10-03 00:43 2,402,550 ----a-w c:\windows\inf\SETD2.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-02 16:44 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-11-28 11:44 40448 --a------ c:\windows\system32\iifgHwVN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\windows live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Actual Transparent Window"="c:\program files\Actual Transparent Window\ActualTransparentWindowCenter.exe" [2008-10-14 937984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-10-28 96816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\iifgHwVN.dll" [2008-11-28 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgHwVN]
2008-11-28 11:44 40448 c:\windows\system32\iifgHwVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjrs32]
2008-11-28 11:45 39424 c:\windows\system32\winjrs32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7ylxx.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk]
backup=c:\windows\pss\Launchy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^hamachi.lnk]
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\FlAmE of HeLl\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^MacSearch.lnk]
backup=c:\windows\pss\MacSearch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\FlAmE of HeLl\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Pure Registration.lnk]
backup=c:\windows\pss\Pure Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^RK Launcher.lnk]
backup=c:\windows\pss\RK Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnkStartup
path=c:\documents and settings\FlAmE of HeLl\Start Menu\Programs\Startup\RocketDock.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^tclock2.lnk]
backup=c:\windows\pss\tclock2.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^TransBar.lnk]
backup=c:\windows\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^TrueTransparency.lnk]
backup=c:\windows\pss\TrueTransparency.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^UberIcon.lnk]
backup=c:\windows\pss\UberIcon.lnkStartup
path=c:\documents and settings\FlAmE of HeLl\Start Menu\Programs\Startup\UberIcon.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Y'z Shadow.lnk]
path=c:\documents and settings\FlAmE of HeLl\Start Menu\Programs\Startup\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alt+Q Hotkey Tool
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdgiosStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RK Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSpy
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Files Updater
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinRoll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yz Shadow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-ra------ 2007-08-29 09:55 1966080 c:\windows\system32\xRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 07:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
--a------ 2005-01-19 16:34 128000 c:\program files\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 16:09 171464 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-09-28 17:56 30192 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-08-31 13:38 133104 c:\documents and settings\FlAmE of HeLl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 22:22 3739648 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 14:49 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InvisibleIPMap]
--a------ 2007-09-18 21:21 2475520 c:\program files\Invisible IP Map\InvisibleIP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2007-03-20 07:36 36864 c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-02-07 15:21 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling]
--a------ 2006-12-01 17:09 2056875 c:\program files\LocalCooling\localcooling.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 02:34 5724184 c:\windows live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 12:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 12:33 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-11-02 09:38 167936 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 19:16 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean]
--a------ 2008-10-29 07:22 8475880 c:\program files\RegClean\RegClean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2008-07-08 16:41 2828184 c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-14 20:01 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 12:58 495616 c:\program files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-07-23 13:11 21738792 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
--a------ 2002-12-16 15:51 36864 c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
--a------ 2003-03-31 18:28 155648 c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2008-06-29 23:01 52168 c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
--a------ 2008-09-19 18:16 2145280 c:\program files\Vista Start Menu\VistaStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-11-15 14:55 2850816 c:\program files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2007-11-16 15:13 90112 c:\program files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 12:33 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-05-07 14:39 16862208 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"MONyog"=2 (0x2)
"gupdate1c90b651dea8622"=2 (0x2)
"UserAccess7"=2 (0x2)
"NMSAccessU"=2 (0x2)
"gusvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"odserv"=3 (0x3)
"GoogleDesktopManager-090808-172447"=3 (0x3)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"AVP"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"NVSvc"=2 (0x2)
"ASKService"=2 (0x2)
"appdrvrem01"=2 (0x2)
"StyleXPService"=2 (0x2)
"PnkBstrB"=2 (0x2)
"HdThemeEnabler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"d:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"d:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"d:\\Program Files\\CapCom\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"=
"d:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"d:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"d:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"d:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"d:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"d:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"d:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\Activision\\Quantum of Solace(TM)\\JB_LiveEngine_s.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

R1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2008-11-10 2915944]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-16 110160]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2008-10-07 96016]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2008-10-07 41744]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51:58 13560]
R2 adfs;adfs;c:\windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-16 20560]
R2 vmci;VMware vmci;\??\c:\windows\system32\Drivers\vmci.sys [2008-10-28 54960]
S0 ati7ylxx;ati7ylxx;c:\windows\system32\Drivers\ati7ylxx.sys []
S1 53c55139;53c55139;c:\windows\system32\drivers\53c55139.sys []
S2 bevtservice;bevtservice;c:\windows\System32\bEvtService.exe -k netsvcs []
S2 bevtsvce;bEvtSvcE;c:\windows\System32\bEvtSvcE.exe -k netsvcs []
S2 EsetNod32Fix;Nod32 AV;c:\windows\Regedit.exe /s c:\windows\Fix.reg [2004-08-03 146432]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp []
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2008-10-07 31824]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS [2008-08-06 9446]
S3 WFLR6654;WinFast TV2000 XP Global/Global TV (Video);c:\windows\system32\drivers\wfeaglxt.sys [2008-08-06 405632]
S4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc []
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-11-05 460168]
S4 GoogleDesktopManager-090808-172447;Google Desktop Manager 5.8.809.8522;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-28 30192]
S4 gupdate1c90b651dea8622;Google Update Service (gupdate1c90b651dea8622);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-08-31 133104]
S4 HdThemeEnabler;Hyperdesk Theme Enabler;"c:\program files\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe" -service [2008-07-21 106496]
S4 MONyog;MONyog;c:\program files\MONyog\bin\MONyog.exe -s []
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{a744f16c-b2d5-4138-81a2-085cdfcde83a}]
rundll32 sxmg4.dll,InitModule
.
Contents of the 'Scheduled Tasks' folder

2008-11-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17]

2008-11-04 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean\RegClean.exe [2008-10-29 07:22]

2008-11-04 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean [2008-11-03 20:15]

2008-11-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 22:21]

2008-10-31 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 22:21]
.
- - - - ORPHANS REMOVED - - - -

BHO-{62069377-22BF-4D68-ADCB-714D42961CB7} - c:\windows\system32\pmnmkkJb.dll
WebBrowser-{C9642A6B-9467-4EB5-9168-F141744AA27F} - (no file)
HKCU-Run-rs32net - c:\windows\System32\rs32net.exe
MSConfigStartUp-STYLEXP - c:\program files\TGTSoft\StyleXP\StyleXP.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-VMware hqtray - c:\program files\VMware\VMware Player\hqtray.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\FlAmE of HeLl\Application Data\Mozilla\Firefox\Profiles\bpgka871.default\
FF -: plugin - c:\documents and settings\FlAmE of HeLl\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - c:\program files\Google\Lively\nplively.dll
FF -: plugin - c:\program files\Google\Picasa3\npPicasa3.dll
FF -: plugin - c:\program files\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - c:\program files\Opera\program\plugins\NPOFF12.DLL
FF -: plugin - c:\program files\Opera\program\plugins\nppl3260.dll
FF -: plugin - c:\program files\Opera\program\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 18:50:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\program files\AlienGUIse\fastload.dll
c:\windows\system32\winjrs32.dll
c:\windows\system32\iifgHwVN.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-11-28 18:54:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-28 17:54:16

Pre-Run: 4,843,610,112 bytes free
Post-Run: 2,670,166,016 bytes free

656 --- E O F --- 2008-10-25 19:59:58

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\gmail.com-error.html
c:\windows\live.com-error.html
c:\windows\aol.com-error.html
c:\windows\google.com-error.html
c:\windows\search.yahoo.com-error.html
C:\blygxu.exe
C:\qthqdso.exe
c:\windows\system32\winjrs32.dll
c:\windows\system32\iifgHwVN.dll
C:\kxhvehm.exe
C:\-388535608

DirLook::
95FC26FB19FD4A96BBB1B1062E8648F5.TMP

Driver::
ati7ylxx
53c55139
bevtservice
bevtsvce

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgHwVN]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjrs32]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7ylxx.sys]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSpy]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MyWebSearchService"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{a744f16c-b2d5-4138-81a2-085cdfcde83a}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Izvoli:
ComboFix 08-11-27.07 - FlAmE of HeLl 2008-11-28 21:08:37.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1477 [GMT 1:00]
Running from: c:\documents and settings\FlAmE of HeLl\Desktop\C-F.exe
Command switches used :: c:\documents and settings\FlAmE of HeLl\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\-388535608
C:\blygxu.exe
C:\kxhvehm.exe
C:\qthqdso.exe
c:\windows\aol.com-error.html
c:\windows\gmail.com-error.html
c:\windows\google.com-error.html
c:\windows\live.com-error.html
c:\windows\search.yahoo.com-error.html
c:\windows\system32\iifgHwVN.dll
c:\windows\system32\winjrs32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-388535608
C:\blygxu.exe
C:\kxhvehm.exe
C:\tel.xls.exe
c:\windows\aol.com-error.html
c:\windows\gmail.com-error.html
c:\windows\google.com-error.html
c:\windows\live.com-error.html
c:\windows\search.yahoo.com-error.html
c:\windows\system32\algsrv.exe
c:\windows\system32\cbXOGYSJ.dll
c:\windows\system32\filekan.exe
c:\windows\system32\iifgHwVN.dll
c:\windows\system32\JSYGOXbc.ini
c:\windows\system32\JSYGOXbc.ini2
c:\windows\system32\socksa.exe
c:\windows\system32\winjrs32.dll
G:\tel.xls.exe
I:\Autorun.inf
I:\tel.xls.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_bevtservice
-------\Legacy_bevtsvce
-------\Service_53c55139
-------\Service_ati7ylxx
-------\Service_bevtservice
-------\Service_bevtsvce


((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-29 01:30 . 2008-11-29 01:27 3,055,459 --a------ C:\ComboFix.exe
2008-11-28 20:42 . 2008-11-28 20:42 26 --a------ c:\windows\ExplorerXP.INI
2008-11-28 20:27 . 2008-11-28 20:27 <DIR> d-------- c:\program files\mozilla.org
2008-11-28 20:27 . 2008-11-28 20:27 118,784 --a------ c:\windows\SeaMonkeyUninstall.exe
2008-11-28 20:27 . 2008-11-28 20:27 118,784 --a------ c:\windows\GREUninstall.exe
2008-11-28 20:27 . 2008-11-28 20:27 8,653 --a------ c:\windows\mozver.dat
2008-11-28 20:22 . 2008-11-28 20:27 <DIR> d-------- c:\program files\ExplorerXP
2008-11-28 20:12 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-28 20:12 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-28 20:12 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-28 20:12 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-28 20:12 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-28 20:12 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-28 20:12 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-28 20:12 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-28 20:12 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-28 20:12 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-28 20:12 . 2008-11-28 20:12 1,402 --a------ c:\windows\system32\tmp.reg
2008-11-28 20:02 . 2008-11-28 20:03 <DIR> d-------- C:\totalcmd
2008-11-28 19:19 . 2008-11-28 19:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-28 11:40 . 2008-10-28 23:08 723,504 --a------ c:\windows\system32\vnetlib.dll
2008-11-28 11:40 . 2008-10-28 23:07 399,920 --a------ c:\windows\system32\vmnat.exe
2008-11-28 11:40 . 2008-10-28 23:08 326,192 --a------ c:\windows\system32\vmnetdhcp.exe
2008-11-28 11:40 . 2008-10-28 17:03 55,856 -ra------ c:\windows\system32\vnetinst.dll
2008-11-28 11:40 . 2008-10-28 17:03 50,736 -ra------ c:\windows\system32\vmnetbridge.dll
2008-11-28 11:40 . 2008-10-28 17:03 31,280 -ra------ c:\windows\system32\drivers\vmnetbridge.sys
2008-11-28 11:40 . 2008-10-28 23:08 26,288 --a------ c:\windows\system32\drivers\vmnetuserif.sys
2008-11-28 11:40 . 2008-10-28 17:03 18,736 -ra------ c:\windows\system32\drivers\vmnet.sys
2008-11-28 11:40 . 2008-10-28 17:03 16,560 -ra------ c:\windows\system32\drivers\vmnetadapter.sys
2008-11-28 11:39 . 2008-10-28 23:08 23,216 --a------ c:\windows\system32\drivers\VMkbd.sys
2008-11-28 11:39 . 2008-11-28 11:39 1,024 --a------ C:\.rnd
2008-11-28 11:38 . 2008-11-28 11:38 <DIR> d-------- c:\program files\VMware
2008-11-28 10:42 . 2008-11-28 10:42 <DIR> d-------- c:\program files\Color_Cop
2008-11-28 10:42 . 2008-11-28 10:42 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\ColorCop
2008-11-28 10:41 . 2008-11-28 10:41 <DIR> d-------- c:\program files\Actual Transparent Window
2008-11-28 10:41 . 2008-11-28 10:41 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Actual Tools
2008-11-28 10:40 . 2008-11-28 10:40 <DIR> d-------- c:\program files\Anders Kjersem
2008-11-27 22:21 . 2008-11-28 09:00 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\CoreFTP
2008-11-27 22:20 . 2008-11-27 22:20 <DIR> d-------- c:\program files\CoreFTP
2008-11-26 21:56 . 2008-11-26 21:56 447,958 --a------ C:\AnalysisLog.sr0
2008-11-26 11:23 . 2008-11-26 11:23 8,192 --ahs---- c:\windows\Thumbs.db
2008-11-26 10:12 . 2008-08-14 11:09 2,145,280 --a------ c:\windows\system32\ntoskrnl.exe.FlyakiteOSX
2008-11-26 10:12 . 2008-08-14 10:33 2,023,936 --a------ c:\windows\system32\ntkrnlpa.exe.FlyakiteOSX
2008-11-26 10:12 . 2008-04-14 05:42 514,560 --a------ c:\windows\system32\logonui.exe.FlyakiteOSX
2008-11-26 10:12 . 2008-04-14 05:42 220,672 --a------ c:\windows\system32\logon.scr.FlyakiteOSX
2008-11-25 20:03 . 2008-11-26 10:24 <DIR> d-------- c:\program files\Safari
2008-11-25 20:03 . 2008-11-25 20:03 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Apple Computer
2008-11-25 11:21 . 2008-11-26 20:46 <DIR> d-------- C:\tmp
2008-11-24 20:56 . 2008-11-24 20:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SimCity Societies
2008-11-24 12:34 . 2008-11-24 12:34 <DIR> d-------- c:\program files\RivaTuner v2.20
2008-11-24 09:39 . 2008-11-28 11:55 <DIR> d-------- c:\program files\Minefield
2008-11-24 08:38 . 2008-11-24 08:38 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Media Player Classic
2008-11-24 08:37 . 2008-11-24 08:37 <DIR> d-------- c:\program files\Real Alternative
2008-11-24 08:09 . 2008-11-24 08:09 <DIR> d-------- c:\program files\MediaInfo
2008-11-23 21:34 . 2008-11-23 21:34 <DIR> d-------- c:\program files\Sun
2008-11-23 14:43 . 2008-11-26 20:45 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-23 14:43 . 2008-11-23 14:43 1,409 --a------ c:\windows\QTFont.for
2008-11-20 20:06 . 2008-11-20 20:06 <DIR> d-------- C:\DVDVideoSoft
2008-11-18 20:51 . 2008-11-18 20:51 <DIR> d-------- c:\program files\PowerISO
2008-11-18 20:23 . 2008-11-18 20:23 <DIR> d-------- c:\program files\VirtualDJ
2008-11-18 20:04 . 2008-11-18 20:04 <DIR> d-------- c:\program files\Cadsoft
2008-11-18 20:04 . 2008-11-18 20:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Cadsoft
2008-11-17 21:09 . 2008-11-17 21:54 280 --a------ c:\windows\{21D15DED-F125-46C8-8017-CB9F1CEB5B4D}_WiseFW.ini
2008-11-17 21:04 . 2008-11-17 21:04 2,306,113 --a------ c:\windows\system32\GPhotos.scr
2008-11-17 20:44 . 2008-11-17 20:44 <DIR> d-------- c:\program files\DVDVideoSoft
2008-11-17 20:44 . 2008-11-17 20:44 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft
2008-11-17 14:33 . 2008-11-17 14:33 <DIR> d-------- c:\program files\Monte Cristo
2008-11-16 19:22 . 2008-11-16 19:23 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Sports Interactive
2008-11-16 19:22 . 2008-11-16 22:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2008-11-15 15:13 . 2008-11-15 15:13 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Skinux
2008-11-15 15:11 . 2008-11-15 15:11 <DIR> d-------- c:\program files\The Skins Factory
2008-11-15 12:16 . 2008-11-15 12:16 <DIR> d-------- c:\program files\Sony Ericsson
2008-11-15 08:25 . 2008-11-15 08:31 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Digsby
2008-11-15 08:22 . 2008-11-15 08:25 <DIR> d-------- c:\program files\Digsby
2008-11-14 13:33 . 2008-11-14 13:33 <DIR> d-------- c:\program files\TGTSoft
2008-11-14 08:18 . 2008-11-14 08:18 <DIR> d-------- c:\program files\TeamViewer3
2008-11-14 08:18 . 2008-11-14 08:18 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\temp
2008-11-14 08:18 . 2008-11-14 08:18 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\TeamViewer
2008-11-14 08:14 . 2008-11-14 08:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-14 08:14 . 2008-11-14 08:14 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Malwarebytes
2008-11-14 08:14 . 2008-11-14 08:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-14 08:14 . 2008-10-22 16:27 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-14 08:14 . 2008-10-22 16:27 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-12 21:39 . 2008-11-12 21:39 <DIR> d-------- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2008-11-12 20:39 . 2008-11-12 20:39 <DIR> d-------- c:\program files\YouTube Downloader
2008-11-12 11:13 . 2008-11-12 11:13 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-11 22:22 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-11-11 22:22 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-11-11 22:22 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-11-11 22:22 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-11-11 22:22 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-11-11 22:22 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-11-11 22:22 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-11-11 22:21 . 2008-11-11 22:21 <DIR> d-------- C:\dx
2008-11-11 22:03 . 2008-11-11 22:03 <DIR> d-------- c:\program files\Audacity
2008-11-11 22:00 . 2008-11-11 22:00 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-11-11 21:59 . 2008-11-11 21:59 <DIR> d-------- c:\program files\IObit
2008-11-10 13:14 . 2008-11-10 13:14 2,915,944 --a------ c:\windows\system32\drivers\appdrv01.sys
2008-11-10 13:14 . 2008-11-10 13:14 304,528 --a------ c:\windows\system32\appdrvrem01.exe
2008-11-10 12:47 . 2008-11-10 13:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-10 12:44 . 2008-11-10 12:44 <DIR> d-------- c:\program files\Adobe Media Player
2008-11-10 12:41 . 2008-11-10 12:41 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-09 11:21 . 2008-11-09 11:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-11-09 11:09 . 2008-11-09 11:12 <DIR> d-------- C:\HLserver
2008-11-08 21:54 . 2008-11-09 09:36 <DIR> d-------- c:\program files\Valvee
2008-11-08 21:53 . 2008-11-08 21:53 <DIR> d-------- c:\program files\Valvebre
2008-11-08 21:48 . 2008-11-08 21:48 <DIR> d-------- c:\program files\MSN Messenger
2008-11-06 14:27 . 2008-11-06 14:27 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\OpenOffice.org
2008-11-06 13:25 . 2008-11-06 13:25 <DIR> d-------- c:\program files\Readon Technology
2008-11-06 13:21 . 2008-11-06 13:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\dtv
2008-11-06 13:17 . 2008-11-06 13:18 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\SoftMaker
2008-11-06 13:16 . 2008-11-06 13:22 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Ashampoo
2008-11-06 13:16 . 2008-11-06 13:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2008-11-06 13:15 . 2008-11-06 13:22 <DIR> d-------- c:\program files\Ashampoo
2008-11-05 22:36 . 2008-11-05 22:36 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Thinstall
2008-11-05 22:27 . 2008-11-05 22:27 <DIR> d-------- c:\program files\Gordian Knot v0.35.0 Portable
2008-11-05 15:26 . 2008-11-05 15:26 <DIR> d-------- c:\program files\BS.Player ControlBar
2008-11-05 15:26 . 2008-11-05 18:09 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\BSplayer
2008-11-05 15:23 . 2008-11-05 15:23 <DIR> d-------- c:\program files\OpenOffice.org 3
2008-11-05 14:42 . 2008-11-05 14:42 <DIR> d-------- c:\program files\Pidgin
2008-11-05 14:42 . 2008-11-05 14:42 <DIR> d-------- c:\program files\Common Files\GTK
2008-11-05 14:42 . 2008-11-10 11:12 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\.purple
2008-11-05 14:40 . 2008-11-05 14:40 <DIR> d-------- c:\program files\AskBarDis
2008-11-05 14:40 . 2008-11-23 19:06 <DIR> d-------- c:\documents and settings\FlAmE of HeLl\Application Data\Azureus
2008-11-05 14:40 . 2008-11-05 14:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 00:47 --------- d-----w c:\program files\Garena
2008-11-28 08:08 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\BitTorrent
2008-11-26 09:26 --------- d-----w c:\program files\Bonjour
2008-11-26 09:24 --------- d-----w c:\program files\WinRarce
2008-11-24 19:51 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-24 19:51 22,328 ----a-w c:\documents and settings\FlAmE of HeLl\Application Data\PnkBstrK.sys
2008-11-24 19:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 07:36 --------- d-----w c:\program files\Common Files\Real
2008-11-23 19:45 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\BearShare
2008-11-23 11:56 --------- d-----w c:\program files\Valve
2008-11-22 20:13 --------- d-----w c:\program files\Flock
2008-11-21 14:12 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Hamachi
2008-11-21 12:10 --------- d-----w c:\program files\nLite
2008-11-18 19:45 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Activision
2008-11-18 19:45 --------- d-----w c:\documents and settings\All Users\Application Data\Activision
2008-11-17 21:07 --------- d-----w c:\program files\Google
2008-11-17 21:06 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Skype
2008-11-17 20:09 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-15 17:37 --------- d-----w c:\program files\Songbird
2008-11-15 10:42 --------- d-----w c:\program files\Common Files\Adobe
2008-11-15 10:40 --------- d-----w c:\program files\Opera
2008-11-12 10:13 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-12 10:12 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2008-11-11 18:18 --------- d-----w c:\program files\Stardock
2008-11-11 18:18 --------- d-----w c:\program files\Common Files\Stardock
2008-11-08 20:44 --------- d-----w c:\program files\Windows Live
2008-11-06 13:04 --------- d-----w c:\program files\SpeedFan
2008-11-06 12:23 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\FrostWire
2008-11-05 14:26 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-05 14:23 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-11-05 13:46 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\OpenOffice.org2
2008-11-05 13:44 --------- d-----w c:\program files\Recuva
2008-11-05 13:10 71,268 ----a-w c:\windows\BricoPackUninst.cmd
2008-11-05 12:22 --------- d-----w c:\program files\LimeWire
2008-11-03 13:52 --------- d-----w c:\program files\AlienGUIse
2008-11-03 11:55 --------- d-----w c:\documents and settings\All Users\Application Data\Codemasters
2008-10-28 07:49 --------- d-----w c:\program files\AIMP2
2008-10-28 07:46 --------- d-----w c:\program files\Miranda IM
2008-10-26 18:57 --------- d-----w c:\program files\MacSearch_v.1.4.3
2008-10-26 18:41 --------- d-----w c:\program files\CursorXP
2008-10-26 16:57 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\FindeXer
2008-10-26 16:05 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-26 12:55 --------- d-----w c:\program files\Blender Foundation
2008-10-26 12:55 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Blender Foundation
2008-10-25 19:37 --------- d-----w c:\program files\Invisible IP Map
2008-10-23 21:39 96,016 ----a-w c:\windows\system32\drivers\VBoxDrv.sys
2008-10-23 21:39 41,744 ----a-w c:\windows\system32\drivers\VBoxUSBMon.sys
2008-10-20 17:19 --------- d-----w c:\program files\Launchy
2008-10-20 17:17 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Launchy
2008-10-19 17:18 --------- d-----w c:\program files\MSXML 4.0
2008-10-19 13:11 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-10-18 17:59 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\MxBoost
2008-10-18 12:50 --------- d--h--w c:\program files\InstallJammer Registry
2008-10-18 08:10 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Dev-Cpp
2008-10-17 10:00 --------- d-----w c:\program files\AGEIA Technologies
2008-10-17 06:32 --------- d-----w c:\program files\GIMP-2.0
2008-10-16 18:42 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-10-16 18:37 --------- d-----w c:\program files\Pivot Stickfigure Animator
2008-10-16 18:32 --------- d-----w c:\program files\ESET
2008-10-16 18:30 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-10-16 06:33 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Miranda
2008-10-13 20:06 --------- d-----w c:\program files\LocalCooling
2008-10-13 06:53 --------- d-----w c:\program files\PhotoFiltre
2008-10-12 15:32 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\AIMP
2008-10-11 07:30 --------- d-----w c:\program files\SecondLife
2008-10-11 07:23 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\SecondLife
2008-10-10 16:10 --------- d-----w c:\program files\Game_Maker7
2008-10-09 16:46 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-09 16:46 47,360 ----a-w c:\documents and settings\FlAmE of HeLl\Application Data\pcouffin.sys
2008-10-09 16:46 --------- d-----w c:\program files\DVDFab 5
2008-10-09 16:46 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Vso
2008-10-09 16:44 --------- d-----w c:\program files\7-Zip
2008-10-07 11:33 6,133,856 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-10-05 19:30 --------- d-----w c:\program files\Windows Journal Viewer
2008-10-05 06:31 --------- d-----w c:\program files\KGB Archiver 2
2008-10-04 15:44 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-10-04 08:23 --------- d-----w c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2008-10-03 09:54 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Nero
2008-10-03 09:51 --------- d-----w c:\program files\Common Files\Nero
2008-10-03 09:42 --------- d-----w c:\program files\Windows Sidebar
2008-10-03 09:38 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-02 20:28 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Disney Interactive Studios
2008-10-02 20:08 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Leadertech
2008-10-02 17:26 64,960 ----a-w c:\windows\system32\drivers\stcp2v30.sys
2008-10-01 18:46 --------- d-----w c:\program files\Free MSN Emoticons Pack 2
2008-10-01 17:26 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\InstallShield Installation Information
2008-10-01 11:12 --------- d-----w c:\program files\Real Desktop
2008-10-01 11:09 --------- d-----w c:\program files\Gamers Tower
2008-10-01 11:09 --------- d-----w c:\documents and settings\FlAmE of HeLl\Application Data\Gamers Tower
2008-09-28 11:50 --------- d-----w c:\program files\Paint.NET
2008-09-14 17:58 45,056 ----a-w c:\windows\NCUNINST.EXE
2008-08-13 07:48 20,500 ----a-w c:\documents and settings\FlAmE of HeLl\FMCodec.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-28_18.53.55.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-01-09 08:36:06 40,960 ----a-w c:\windows\system32\swsc.exe
+ 2008-11-28 20:13:54 16,384 ----atw c:\windows\temp\Perflib_Perfdata_3f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-02 16:44 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk]
backup=c:\windows\pss\Launchy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^hamachi.lnk]
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\FlAmE of HeLl\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^MacSearch.lnk]
backup=c:\windows\pss\MacSearch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\FlAmE of HeLl\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Pure Registration.lnk]
backup=c:\windows\pss\Pure Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^RK Launcher.lnk]
backup=c:\windows\pss\RK Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnkStartup
path=c:\documents and settings\FlAmE of HeLl\Start Menu\Programs\Startup\RocketDock.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^tclock2.lnk]
backup=c:\windows\pss\tclock2.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^TransBar.lnk]
backup=c:\windows\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^TrueTransparency.lnk]
backup=c:\windows\pss\TrueTransparency.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^UberIcon.lnk]
backup=c:\windows\pss\UberIcon.lnkStartup
path=c:\documents and settings\FlAmE of HeLl\Start Menu\Programs\Startup\UberIcon.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Y'z Shadow.lnk]
path=c:\documents and settings\FlAmE of HeLl\Start Menu\Programs\Startup\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-ra------ 2007-08-29 09:55 1966080 c:\windows\system32\xRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Actual Transparent Window]
--a------ 2008-10-14 05:02 937984 c:\program files\Actual Transparent Window\ActualTransparentWindowCenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 07:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
--a------ 2005-01-19 16:34 128000 c:\program files\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 16:09 171464 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-09-28 17:56 30192 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-08-31 13:38 133104 c:\documents and settings\FlAmE of HeLl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 22:22 3739648 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 14:49 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InvisibleIPMap]
--a------ 2007-09-18 21:21 2475520 c:\program files\Invisible IP Map\InvisibleIP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2007-03-20 07:36 36864 c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-02-07 15:21 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling]
--a------ 2006-12-01 17:09 2056875 c:\program files\LocalCooling\localcooling.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 02:34 5724184 c:\windows live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 12:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 12:33 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-11-02 09:38 167936 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 19:16 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean]
--a------ 2008-10-29 07:22 8475880 c:\program files\RegClean\RegClean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2008-07-08 16:41 2828184 c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-14 20:01 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 12:58 495616 c:\program files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-07-23 13:11 21738792 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
--a------ 2002-12-16 15:51 36864 c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
--a------ 2003-03-31 18:28 155648 c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2008-06-29 23:01 52168 c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
--a------ 2008-09-19 18:16 2145280 c:\program files\Vista Start Menu\VistaStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
--a------ 2008-10-28 23:07 96816 c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-11-15 14:55 2850816 c:\program files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2007-11-16 15:13 90112 c:\program files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 12:33 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-05-07 14:39 16862208 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"MONyog"=2 (0x2)
"gupdate1c90b651dea8622"=2 (0x2)
"UserAccess7"=2 (0x2)
"NMSAccessU"=2 (0x2)
"gusvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"odserv"=3 (0x3)
"GoogleDesktopManager-090808-172447"=3 (0x3)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"AVP"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"NVSvc"=2 (0x2)
"ASKService"=2 (0x2)
"appdrvrem01"=2 (0x2)
"StyleXPService"=2 (0x2)
"PnkBstrB"=2 (0x2)
"HdThemeEnabler"=2 (0x2)
"bevtsvce"=2 (0x2)
"bevtservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"d:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"=
"d:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"d:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"d:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"d:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"d:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"d:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"d:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\Activision\\Quantum of Solace(TM)\\JB_LiveEngine_s.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

R1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2008-11-10 2915944]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-16 110160]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2008-10-07 96016]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2008-10-07 41744]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51:58 13560]
R2 adfs;adfs;c:\windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-16 20560]
R2 vmci;VMware vmci;\??\c:\windows\system32\Drivers\vmci.sys [2008-10-28 54960]
S2 EsetNod32Fix;Nod32 AV;c:\windows\Regedit.exe /s c:\windows\Fix.reg [2004-08-03 146432]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp []
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2008-10-07 31824]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS [2008-08-06 9446]
S3 WFLR6654;WinFast TV2000 XP Global/Global TV (Video);c:\windows\system32\drivers\wfeaglxt.sys [2008-08-06 405632]
S4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc []
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-11-05 460168]
S4 GoogleDesktopManager-090808-172447;Google Desktop Manager 5.8.809.8522;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-28 30192]
S4 gupdate1c90b651dea8622;Google Update Service (gupdate1c90b651dea8622);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-08-31 133104]
S4 HdThemeEnabler;Hyperdesk Theme Enabler;"c:\program files\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe" -service [2008-07-21 106496]
S4 MONyog;MONyog;c:\program files\MONyog\bin\MONyog.exe -s []
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-11-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17]

2008-11-04 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean\RegClean.exe [2008-10-29 07:22]

2008-11-04 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean [2008-11-03 20:15]

2008-11-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 22:21]

2008-10-31 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 22:21]
.
- - - - ORPHANS REMOVED - - - -

BHO-{70C97F33-1436-41F8-9B63-6C25F31D487A} - c:\windows\system32\cbXOGYSJ.dll
MSConfigStartUp-ASocksrv - SocksA.exe
MSConfigStartUp-BSserver - FileKan.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 21:14:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\program files\AlienGUIse\fastload.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-11-28 21:17:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-28 20:17:09
ComboFix2.txt 2008-11-28 17:54:19

Pre-Run: 13,219,291,136 bytes free
Post-Run: 13,205,544,960 bytes free

591 --- E O F --- 2008-10-25 19:59:58

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Kakvo je sada stanje?

offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Kada sam ponovo upalio komp pojavio mi se plavi ekran.PIsalo je valjda bad_pool_... ili nesto tako.Onda sam ga restartovao i uspeo da se ulogujem i avast me je sacekao sa upozorenjima o virusima tako da nazalost mislim da jos nismo zavrsili Sad

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Znaš, pomoglo bi kada bi napisao šta to avast! detektuje.



Arrow Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Ko je trenutno na forumu
 

Ukupno su 1381 korisnika na forumu :: 34 registrovanih, 7 sakrivenih i 1340 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Ageofloneliness, Aleksandar Tomić, Arahne, Bubili, celik, d bos, Dorcolac, Dukelander, Dvojac005, GandorCC, hatman, kinez88, Kubovac, Magistar78, MB120mm, Mixelotti, nedeljkovici, Nemanja.M, nenaddz, powSrb, procesor, royst33, S2M, Shinobi, Skywhaler, Toper, Trpe Grozni, vathra, VitezKoja, Vlada78, YugoSlav, zixmix, zlaya011