sumnjivo ponasanje u poslednje vreme

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

kad otvorim vise IE ,komp jednostavno blokira...dugme pa restart...kad hocu da ga iskljucim i to moram na dugme,jer on krene u gasenje,skloni ikonice sa desktopa i tako stoji satima...i to sve poslednjih 7-8 dana...
p.s. imam telekom adsl 1024/128


DDS (Ver_09-07-30.01) - NTFSx86
Run by Familija B at 23:13:00,15 on 28.08.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.3071.2351 [GMT 2:00]

AV: avast! antivirus 4.8.1351 [VPS 090828-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Documents and Settings\All Users\Application Data\SeekService\seekservice119.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SeekService\seekservice.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Familija B\My Documents\Tata\usb av\USB.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Wi-Fi Defense\WiFiDefense.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Familija B\Desktop\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.rs/
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\searchsuggest\YSearchSuggest.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [USBStart] c:\documents and settings\familija b\my documents\tata\usb av\USB.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Wi-Fi Defense#Autostart] "c:\program files\wi-fi defense\WiFiDefense.exe"
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [USB Threat Defender] "c:\program files\arzoosoft solutions\usb threat defender\utdefender.exe" /b
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [FixCamera] c:\windows\FixCamera.exe
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RemoteControl] c:\program files\asus\asus remote\RemoteControlAppl.exe
mRun: [WinDVR SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: DisallowRun = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: DisallowRun = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Iz&vezi u Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\famili~1\applic~1\mozilla\firefox\profiles\ivckafg9.default\
FF - prefs.js: browser.startup.homepage - google.rs
FF - component: c:\documents and settings\familija b\application data\mozilla\firefox\profiles\ivckafg9.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-9 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-24 114768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-3-31 353672]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-24 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-24 138680]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-8-19 305936]
R2 SeekService Service;SeekService Service;c:\documents and settings\all users\application data\seekservice\seekservice119.exe [2009-8-14 54784]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2009-7-30 2831232]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-24 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-24 352920]
S3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2009-2-20 751104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-27 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-3-27 1095560]

=============== Created Last 30 ================

2009-08-24 06:23 <DIR> --d----- c:\program files\Call of Duty
2009-08-24 06:21 766 a------- c:\windows\CoD.INI
2009-08-20 20:41 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-20 20:40 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-20 20:40 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-20 20:40 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-20 20:40 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-20 20:40 <DIR> --d----- C:\909c2a9aa4a40b88d1
2009-08-20 20:40 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-20 20:40 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-20 20:40 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-20 09:43 73,216 ac------ c:\windows\system32\dllcache\setup50.exe
2009-08-19 17:29 <DIR> --d----- c:\program files\Return to Castle Wolfenstein
2009-08-19 17:28 810 a------- c:\windows\Rtcw.INI
2009-08-19 17:09 <DIR> --d----- c:\docume~1\famili~1\applic~1\IObit
2009-08-19 16:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit
2009-08-19 16:58 <DIR> --d----- c:\program files\IObit
2009-08-17 20:56 <DIR> --d----- c:\program files\ArzooSoft Solutions
2009-08-16 23:48 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-12 20:08 <DIR> --d-h--- c:\windows\PIF
2009-08-12 20:05 <DIR> --d----- C:\skocko
2009-08-12 20:05 <DIR> --d----- C:\POKER
2009-08-12 19:49 75 a------- c:\windows\system32\nvUnsupRes.dat
2009-08-12 18:56 <DIR> --d----- c:\program files\Morton Benson
2009-08-12 18:56 <DIR> --d----- c:\documents and settings\familija b\WINDOWS
2009-08-12 00:58 <DIR> --d----- c:\program files\Business-in-a-Box
2009-08-10 20:09 <DIR> --d----- c:\documents and settings\familija b\dwhelper
2009-08-10 19:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-10 19:54 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-10 19:54 <DIR> --d----- c:\docume~1\famili~1\applic~1\SUPERAntiSpyware.com
2009-08-09 19:37 <DIR> --d----- c:\program files\Max Payne
2009-08-09 17:52 <DIR> --d----- c:\program files\Professional Poker Machine v.1.0
2009-08-08 22:57 102,400 a------- c:\windows\Segmento_AlphaUninstall.exe
2009-08-08 22:55 77,824 a------- c:\windows\iRODUninstall.exe
2009-08-08 22:55 <DIR> --d----- c:\program files\ydt
2009-08-08 22:31 <DIR> --d----- c:\docume~1\famili~1\applic~1\Real Desktop
2009-08-08 22:30 <DIR> --d----- c:\program files\SeekService
2009-08-08 22:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SeekService
2009-07-31 00:00 9,856 -------- c:\windows\system32\drivers\pfc.sys
2009-07-30 21:14 <DIR> --d----- c:\program files\ASUS
2009-07-30 21:14 15,232 ac------ c:\windows\system32\dllcache\mpe.sys
2009-07-30 21:14 15,232 a------- c:\windows\system32\drivers\MPE.sys
2009-07-30 21:14 363,520 ac------ c:\windows\system32\dllcache\psisdecd.dll
2009-07-30 21:14 363,520 a------- c:\windows\system32\PsisDecd.dll
2009-07-30 21:14 56,832 ac------ c:\windows\system32\dllcache\msdvbnp.ax
2009-07-30 21:14 56,832 a------- c:\windows\system32\MSDvbNP.ax
2009-07-30 21:14 33,280 ac------ c:\windows\system32\dllcache\psisrndr.ax
2009-07-30 21:14 11,776 ac------ c:\windows\system32\dllcache\bdasup.sys
2009-07-30 21:14 33,280 a------- c:\windows\system32\PsisRndr.ax
2009-07-30 21:14 11,776 a------- c:\windows\system32\drivers\BdaSup.sys
2009-07-30 21:14 18,432 ac------ c:\windows\system32\dllcache\bdaplgin.ax
2009-07-30 21:14 18,432 a------- c:\windows\system32\BdaPlgIn.ax
2009-07-30 21:12 13,824 a------- c:\windows\system32\Ph3xIB32MV.dll
2009-07-30 21:12 2,831,232 a------- c:\windows\system32\drivers\3xHybrid.sys
2009-07-30 21:12 3,072 a------- c:\windows\system32\34CoInstaller.dll
2009-07-30 13:50 <DIR> --d--r-- c:\program files\Skype
2009-07-30 13:34 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-07-30 13:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation

==================== Find3M ====================

2009-08-24 17:31 3,001 a--sh--- c:\documents and settings\familija b\ppUser.dat
2009-08-05 11:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-29 11:51 3,152 a------- c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2009-07-29 11:50 3,365 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2009-07-29 11:50 1,844 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
2009-07-29 11:50 2,228 a------- c:\windows\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
2009-07-29 11:50 11,473 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
2009-07-29 11:49 3,008 a------- c:\windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
2009-07-29 11:49 3,061 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2009-07-29 11:49 3,107 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2009-07-29 11:49 2,987 a------- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2009-07-29 11:49 2,843 a------- c:\windows\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
2009-07-29 11:48 8,457 a------- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-07-29 11:48 13,281 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-07-26 17:53 17,488 a------- c:\windows\gdrv.sys
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 21:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-14 20:54 10,457,088 a------- c:\windows\system32\nvoglnt.dll
2009-07-14 20:54 7,741,664 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 20:54 5,842,816 a------- c:\windows\system32\nv4_disp.dll
2009-07-14 20:54 2,189,856 a------- c:\windows\system32\nvcuvid.dll
2009-07-14 20:54 2,002,944 a------- c:\windows\system32\nvcuda.dll
2009-07-14 20:54 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-07-14 20:54 1,597,690 a------- c:\windows\system32\nvdata.bin
2009-07-14 20:54 868,352 a------- c:\windows\system32\nvapi.dll
2009-07-14 20:54 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-14 20:54 151,552 a------- c:\windows\system32\nvcodins.dll
2009-07-14 20:54 151,552 a------- c:\windows\system32\nvcod.dll
2009-07-14 13:35 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-07-14 13:35 81,920 a------- c:\windows\system32\nvwddi.dll
2009-07-14 13:35 4,026,368 a------- c:\windows\system32\nvvitvs.dll
2009-07-14 13:35 3,170,304 a------- c:\windows\system32\nvwss.dll
2009-07-14 13:34 13,877,248 a------- c:\windows\system32\nvcpl.dll
2009-07-14 13:34 4,923,392 a------- c:\windows\system32\nvdisps.dll
2009-07-14 13:34 3,547,136 a------- c:\windows\system32\nvgames.dll
2009-07-14 13:34 1,286,144 a------- c:\windows\system32\nvmobls.dll
2009-07-14 13:34 188,416 a------- c:\windows\system32\nvmccss.dll
2009-07-14 13:34 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-07-14 13:34 143,360 a------- c:\windows\system32\nvcolor.exe
2009-07-14 13:34 86,016 a------- c:\windows\system32\nvmctray.dll
2009-07-14 13:34 229,376 a------- c:\windows\system32\nvmccs.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 19:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 10:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 10:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 10:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 10:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 10:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 10:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-21 08:46 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-06-16 16:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 16:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 14:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 14:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 16:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 08:29 1,724,416 a------- c:\windows\system32\nvwdmcpl.dll
2009-06-10 08:29 1,657,376 a------- c:\windows\system32\nwiz.exe
2009-06-10 08:29 1,101,824 a------- c:\windows\system32\nvwimg.dll
2009-06-10 08:29 466,944 a------- c:\windows\system32\nvshell.dll
2009-06-10 08:29 449,056 a------- c:\windows\system32\nvappbar.exe
2009-06-10 08:29 436,768 a------- c:\windows\system32\keystone.exe
2009-06-10 08:29 1,507,328 a------- c:\windows\system32\nview.dll
2009-06-10 08:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 21:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-25 07:48 2,828 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-03-12 20:39 8 -c-shr-- c:\docume~1\alluse~1\applic~1\71563C6ED1.sys

============= FINISH: 23:14:06,34 ===============



mycity.rs/must-login.png

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zamolio bih te da ispratiš ostatak uputstva (korak #3: skeniranje programom Gmer).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

evo gmer...
mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uploaduj sledeće file-ove:

C:\Program Files\SeekService\seekservice.dll
C:\Program Files\SeekService\seekservice.exe

preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

doktore ja sam ovo zakacio ali nema odgovora...hvala...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kao što piše nakon izvršenog upload-a, potrebno je javiti da je odrađeno.




Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-08-29.01 - Familija B 30.08.2009 12:09.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.3071.2370 [GMT 2:00]
Running from: c:\documents and settings\Familija B\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090829-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\Fonts\AcadEref.ttf

.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-26 09:11 . 2009-08-26 09:11 -------- d-----w- c:\program files\7-Zip
2009-08-24 04:23 . 2009-08-30 08:27 -------- d-----w- c:\program files\Call of Duty
2009-08-24 04:19 . 2008-11-27 04:45 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-08-20 18:41 . 2009-08-20 18:41 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-20 18:40 . 2009-08-20 18:40 -------- d-----w- c:\program files\MSBuild
2009-08-20 18:40 . 2009-08-20 18:40 -------- d-----w- c:\program files\Reference Assemblies
2009-08-20 18:40 . 2009-08-20 18:40 -------- d-----w- C:\909c2a9aa4a40b88d1
2009-08-20 18:40 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-20 18:40 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-20 18:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-20 18:40 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-20 18:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-20 18:40 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-20 18:40 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-20 07:43 . 2008-11-27 04:45 73216 -c--a-w- c:\windows\system32\dllcache\setup50.exe
2009-08-19 15:29 . 2009-08-19 16:23 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2009-08-19 15:09 . 2009-08-19 15:21 -------- d-----w- c:\docume~1\FAMILI~1\APPLIC~1\IObit
2009-08-19 14:59 . 2009-08-19 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-08-19 14:58 . 2009-08-19 15:09 -------- d-----w- c:\program files\IObit
2009-08-17 18:56 . 2009-08-17 18:56 -------- d-----w- c:\program files\ArzooSoft Solutions
2009-08-14 05:10 . 2009-08-13 19:39 54784 ----a-w- c:\documents and settings\All Users\Application Data\SeekService\seekservice119.exe
2009-08-12 18:08 . 2009-08-12 18:08 -------- d--h--w- c:\windows\PIF
2009-08-12 18:05 . 2009-08-19 15:20 -------- d-----w- C:\POKER
2009-08-12 18:05 . 2009-08-12 18:05 -------- d-----w- C:\skocko
2009-08-12 17:49 . 2009-08-12 17:49 75 ----a-w- c:\windows\system32\nvUnsupRes.dat
2009-08-12 16:57 . 2009-08-12 16:57 -------- d-----w- c:\documents and settings\Familija B\Local Settings\Application Data\Help
2009-08-12 16:56 . 2009-08-19 15:20 -------- d-----w- c:\program files\Morton Benson
2009-08-12 16:56 . 2009-08-12 16:56 -------- d-----w- c:\documents and settings\Familija B\WINDOWS
2009-08-11 22:58 . 2009-08-11 22:58 -------- d-----w- c:\program files\Business-in-a-Box
2009-08-10 18:09 . 2009-08-10 18:09 -------- d-----w- c:\documents and settings\Familija B\dwhelper
2009-08-10 17:54 . 2009-08-10 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-10 17:54 . 2009-08-16 21:48 -------- d-----w- c:\docume~1\FAMILI~1\APPLIC~1\SUPERAntiSpyware.com
2009-08-10 17:54 . 2009-08-16 21:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-09 17:37 . 2009-08-09 17:38 -------- d-----w- c:\program files\Max Payne
2009-08-09 15:52 . 2009-08-09 15:52 -------- d-----w- c:\program files\Professional Poker Machine v.1.0
2009-08-08 20:57 . 2009-08-08 20:57 102400 ----a-w- c:\windows\Segmento_AlphaUninstall.exe
2009-08-08 20:55 . 2009-08-16 22:06 -------- d-----w- c:\program files\ydt
2009-08-08 20:55 . 2009-08-08 20:55 77824 ----a-w- c:\windows\iRODUninstall.exe
2009-08-08 20:31 . 2009-08-08 20:31 -------- d-----w- c:\docume~1\FAMILI~1\APPLIC~1\Real Desktop
2009-08-08 20:30 . 2009-08-14 18:27 -------- d-----w- c:\program files\SeekService
2009-08-08 20:30 . 2009-08-14 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SeekService
2009-08-06 21:48 . 2009-08-06 21:48 -------- d-----w- c:\documents and settings\Familija B\Local Settings\Application Data\WinZip
2009-08-06 21:46 . 2009-08-06 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 10:06 . 2009-03-27 09:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-30 07:45 . 2009-03-27 09:54 -------- d-----w- c:\program files\Spyware Doctor
2009-08-29 09:55 . 2009-02-20 17:18 -------- d-----w- c:\docume~1\FAMILI~1\APPLIC~1\Skype
2009-08-29 09:49 . 2009-02-20 17:18 -------- d-----w- c:\docume~1\FAMILI~1\APPLIC~1\skypePM
2009-08-29 09:31 . 2009-02-28 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-24 15:31 . 2009-05-31 20:21 3001 --sha-w- c:\documents and settings\Familija B\ppUser.dat
2009-08-22 05:07 . 2009-04-14 10:39 -------- d-----w- c:\docume~1\FAMILI~1\APPLIC~1\Azureus
2009-08-20 19:01 . 2009-02-22 22:21 108432 ----a-w- c:\documents and settings\Familija B\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 16:59 . 2009-04-14 10:38 -------- d-----w- c:\program files\Vuze
2009-08-20 08:01 . 2009-07-03 14:23 5313808 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-08-19 15:20 . 2009-06-24 05:45 -------- d-----w- c:\program files\GameSpy Arcade
2009-08-19 15:20 . 2009-03-23 19:22 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-17 16:10 . 2009-03-24 11:31 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-03-24 11:31 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-03-24 11:31 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-03-24 11:31 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-03-24 11:31 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-03-24 11:31 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-03-24 11:31 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-03-24 11:31 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-03-24 11:31 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-16 21:48 . 2009-03-02 17:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-12 17:55 . 2009-04-08 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-08-12 10:42 . 2009-03-16 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-09 17:37 . 2009-02-20 10:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-09 14:08 . 2009-06-12 19:01 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-08-09 14:08 . 2009-06-12 19:00 -------- d-----w- c:\program files\AVS4YOU
2009-08-07 21:12 . 2009-02-23 09:35 -------- d-----w- c:\program files\InterVideo
2009-08-06 14:33 . 2009-02-20 11:23 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2008-11-27 04:45 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 19:40 . 2009-02-23 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-07-30 19:39 . 2009-07-30 19:39 -------- d-----w- c:\docume~1\FAMILI~1\APPLIC~1\Intervideo
2009-07-30 19:14 . 2009-07-30 19:14 -------- d-----w- c:\program files\ASUS
2009-07-30 11:50 . 2009-07-30 11:50 -------- d-----r- c:\program files\Skype
2009-07-30 11:50 . 2009-07-30 11:50 -------- d-----w- c:\program files\Common Files\Skype
2009-07-30 11:50 . 2009-02-20 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-30 11:34 . 2009-07-30 11:34 -------- d-----w- c:\program files\NVIDIA Corporation
2009-07-30 11:34 . 2009-07-30 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-07-30 06:44 . 2009-03-16 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 09:51 . 2009-07-29 09:49 3152 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2009-07-29 09:50 . 2009-07-29 09:50 3365 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2009-07-29 09:50 . 2009-07-29 09:50 1844 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
2009-07-29 09:50 . 2009-07-29 09:50 1224 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
2009-07-29 09:50 . 2009-07-29 09:50 2228 ----a-w- c:\windows\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
2009-07-29 09:50 . 2009-07-29 09:50 11473 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
2009-07-29 09:49 . 2009-07-29 09:49 1206 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Dalet Codec.dat
2009-07-29 09:49 . 2009-07-29 09:49 3008 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
2009-07-29 09:49 . 2009-07-29 09:49 3061 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2009-07-29 09:49 . 2009-07-29 09:49 3107 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2009-07-29 09:49 . 2009-07-29 09:49 2987 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2009-07-29 09:49 . 2009-07-29 09:49 2843 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
2009-07-29 09:48 . 2009-07-29 09:48 8457 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-07-29 09:48 . 2009-07-29 09:48 13281 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-07-29 09:48 . 2009-07-29 09:48 -------- d-----w- c:\program files\Illustrate
2009-07-29 09:34 . 2009-07-27 20:19 -------- d-----w- c:\program files\Music Fan's Factory
2009-07-28 14:51 . 2009-07-28 14:51 -------- d-----w- c:\program files\Activision Value
2009-07-28 04:57 . 2009-07-28 04:57 -------- d-----w- c:\program files\Wi-Fi Defense
2009-07-27 20:26 . 2009-07-27 20:24 -------- d-----w- c:\program files\KeyOPS
2009-07-26 19:18 . 2009-03-31 05:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-26 19:16 . 2009-07-26 19:16 -------- d-----w- c:\program files\Yahoo Funny 1.2 !
2009-07-26 19:16 . 2009-02-20 11:08 -------- d-----w- c:\program files\Yahoo!
2009-07-26 15:53 . 2009-02-25 09:09 17488 ----a-w- c:\windows\gdrv.sys
2009-07-25 03:23 . 2009-02-20 11:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 10:37 . 2009-02-20 10:39 -------- d-----w- c:\program files\Realtek
2009-07-19 12:30 . 2009-07-19 12:30 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-19 09:49 . 2009-07-19 09:49 -------- d-----w- c:\program files\obj
2009-07-17 19:01 . 2008-11-27 04:45 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 18:54 . 2009-04-30 20:02 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-14 18:54 . 2009-04-30 20:02 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-07-14 18:54 . 2009-03-02 16:55 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2009-02-09 12:18 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-02-09 12:18 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 18:54 . 2007-06-28 16:43 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2007-06-28 16:43 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2007-06-28 16:43 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 18:54 . 2007-06-28 16:43 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2007-06-28 16:43 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2007-06-28 16:43 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-07-14 11:35 . 2009-07-14 11:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-14 11:35 . 2009-07-14 11:35 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-07-14 11:35 . 2009-07-14 11:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-07-14 11:35 . 2009-07-14 11:35 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-07-14 11:34 . 2009-07-14 11:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 11:34 . 2009-07-14 11:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 11:34 . 2009-07-14 11:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 11:34 . 2009-07-14 11:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 11:34 . 2009-07-14 11:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 11:34 . 2009-07-14 11:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 11:34 . 2009-07-14 11:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 11:34 . 2009-07-14 11:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 11:34 . 2009-07-14 11:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-13 21:43 . 2008-11-27 04:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-05 16:20 . 2009-07-05 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2009-07-04 19:57 . 2009-07-04 19:57 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-07-03 22:56 . 2009-07-03 22:56 -------- d-----w- c:\program files\Microsoft WSE
2009-07-03 22:48 . 2009-03-13 07:35 -------- d-----w- c:\program files\Electronic Arts
2009-07-03 17:09 . 2008-11-27 04:45 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2008-11-27 04:45 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2008-11-27 04:45 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2008-11-27 04:45 54272 ----a-w- c:\windows\system32\wdigest.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-26 39408]
"USBStart"="c:\documents and settings\Familija B\My Documents\Tata\usb av\USB.exe" [2009-03-24 8704]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Wi-Fi Defense2009-08-30 10:13utostart"="c:\program files\Wi-Fi Defense\WiFiDefense.exe" [2005-02-16 5876224]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"USB Threat Defender"="c:\program files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe" [2009-07-01 1215488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-15 65536]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-02-16 106496]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-08-20 943888]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\GIGABYTE\\@BIOS\\GBTUpd.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\UpdExe.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [09.06.2009 12:56 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.03.2009 13:31 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.03.2009 13:31 20560]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [19.08.2009 16:59 305936]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [30.07.2009 21:12 2831232]
S2 SeekService Service;SeekService Service;c:\documents and settings\All Users\Application Data\SeekService\seekservice119.exe [14.08.2009 7:10 54784]
S3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [20.02.2009 14:53 751104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [27.03.2009 11:54 348752]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-08-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-21 22:45]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 10:10]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 10:10]

2009-08-30 c:\windows\Tasks\User_Feed_Synchronization-{C8A6C392-CB61-445F-8EB0-48321AEADB78}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Iz&vezi u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF - ProfilePath - c:\docume~1\FAMILI~1\APPLIC~1\Mozilla\Firefox\Profiles\ivckafg9.default\
FF - prefs.js: browser.startup.homepage - google.rs
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-30 12:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,34,f2,31,f9,99,13,49,89,f4,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,34,f2,31,f9,99,13,49,89,f4,4b,\

[HKEY_USERS\S-1-5-21-73586283-1757981266-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6A80947-FB92-1D6A-A833-06C5666D1CFA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abfmnoncnmhibbieoneennlaegbpinpfhp"=hex:69,61,61,6b,62,70,61,6e,6c,6a,64,6a,
69,6b,6d,69,63,6d,00,00
"padmgiedflpmbcdipmkldhmoohnhcmbi"=hex:69,61,61,6b,62,70,61,6e,6c,6a,64,6a,69,
6b,6d,69,63,6d,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-08-30 12:17
ComboFix-quarantined-files.txt 2009-08-30 10:17

Pre-Run: 24.097.247.232 bytes free
Post-Run: 24.103.960.576 bytes free

371 --- E O F --- 2009-08-26 12:38

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:


Folder::
c:\documents and settings\All Users\Application Data\SeekService
C:\Program Files\SeekService

Driver::
SeekService Service



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-08-29.01 - Familija B 30.08.2009 16:17.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.3071.2552 [GMT 2:00]
Running from: c:\documents and settings\Familija B\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090829-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\SeekService\seekservice119.exe
c:\program files\SeekService\seekservice.dll
c:\program files\SeekService\seekservice.exe
c:\program files\SeekService\uninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SEEKSERVICE_SERVICE
-------\Service_SeekService Service


((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-26 09:11 . 2009-08-26 09:11 -------- d-----w- c:\program files\7-Zip
2009-08-24 04:23 . 2009-08-30 08:27 -------- d-----w- c:\program files\Call of Duty
2009-08-24 04:19 . 2008-11-27 04:45 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-08-20 18:41 . 2009-08-20 18:41 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-20 18:40 . 2009-08-20 18:40 -------- d-----w- c:\program files\MSBuild
2009-08-20 18:40 . 2009-08-20 18:40 -------- d-----w- c:\program files\Reference Assemblies
2009-08-20 18:40 . 2009-08-20 18:40 -------- d-----w- C:\909c2a9aa4a40b88d1
2009-08-20 18:40 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-20 18:40 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-20 18:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-20 18:40 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-20 18:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-20 18:40 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-20 18:40 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-20 07:43 . 2008-11-27 04:45 73216 -c--a-w- c:\windows\system32\dllcache\setup50.exe
2009-08-19 15:29 . 2009-08-19 16:23 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2009-08-19 15:09 . 2009-08-19 15:21 -------- d-----w- c:\docume~1\FAMILI~1\APPLIC~1\IObit
2009-08-19 14:59 . 2009-08-19 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-08-19 14:58 . 2009-08-19 15:09 -------- d-----w- c:\program files\IObit
2009-08-17 18:56 . 2009-08-17 18:56 -------- d-----w- c:\program files\ArzooSoft Solutions
2009-08-12 18:08 . 2009-08-12 18:08 -------- d--h--w- c:\windows\PIF
2009-08-12 18:05 . 2009-08-19 15:20 -------- d-----w- C:\POKER
2009-08-12 18:05 . 2009-08-12 18:05 -------- d-----w- C:\skocko
2009-08-12 17:49 . 2009-08-12 17:49 75 ----a-w- c:\windows\system32\nvUnsupRes.dat
2009-08-12 16:57 . 2009-08-12 16:57 -------- d-----w- c:\documents and settings\Familija B\Local Settings\Application Data\Help
2009-08-12 16:56 . 2009-08-19 15:20 -------- d-----w- c:\program files\Morton Benson
2009-08-12 16:56 . 2009-08-12 16:56 -------- d-----w- c:\documents and settings\Familija B\WINDOWS
2009-08-11 22:58 . 2009-08-11 22:58 -------- d-----w- c:\program files\Business-in-a-Box
2009-08-10 18:09 . 2009-08-10 18:09 -------- d-----w- c:\documents and settings\Familija B\dwhelper
2009-08-10 17:54 . 2009-08-10 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-10 17:54 . 2009-08-16 21:48 -------- d-----w- c:\docume~1\FAMILI~1\APPLIC~1\SUPERAntiSpyware.com
2009-08-10 17:54 . 2009-08-16 21:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-09 17:37 . 2009-08-09 17:38 -------- d-----w- c:\program files\Max Payne
2009-08-09 15:52 . 2009-08-09 15:52 -------- d-----w- c:\program files\Professional Poker Machine v.1.0
2009-08-08 20:57 . 2009-08-08 20:57 102400 ----a-w- c:\windows\Segmento_AlphaUninstall.exe
2009-08-08 20:55 . 2009-08-16 22:06 -------- d-----w- c:\program files\ydt
2009-08-08 20:55 . 2009-08-08 20:55 77824 ----a-w- c:\windows\iRODUninstall.exe
2009-08-08 20:31 . 2009-08-08 20:31 -------- d-----w- c:\docume~1\FAMILI~1\APPLIC~1\Real Desktop
2009-08-06 21:48 . 2009-08-06 21:48 -------- d-----w- c:\documents and settings\Familija B\Local Settings\Application Data\WinZip
2009-08-06 21:46 . 2009-08-06 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 10:32 . 2009-02-28 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-30 10:06 . 2009-03-27 09:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-30 07:45 . 2009-03-27 09:54 -------- d-----w- c:\program files\Spyware Doctor
2009-08-29 09:55 . 2009-02-20 17:18 -------- d-----w- c:\docume~1\FAMILI~1\APPLIC~1\Skype
2009-08-29 09:49 . 2009-02-20 17:18 -------- d-----w- c:\docume~1\FAMILI~1\APPLIC~1\skypePM
2009-08-24 15:31 . 2009-05-31 20:21 3001 --sha-w- c:\documents and settings\Familija B\ppUser.dat
2009-08-22 05:07 . 2009-04-14 10:39 -------- d-----w- c:\docume~1\FAMILI~1\APPLIC~1\Azureus
2009-08-20 19:01 . 2009-02-22 22:21 108432 ----a-w- c:\documents and settings\Familija B\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 16:59 . 2009-04-14 10:38 -------- d-----w- c:\program files\Vuze
2009-08-20 08:01 . 2009-07-03 14:23 5313808 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-08-19 15:20 . 2009-06-24 05:45 -------- d-----w- c:\program files\GameSpy Arcade
2009-08-19 15:20 . 2009-03-23 19:22 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-17 16:10 . 2009-03-24 11:31 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-03-24 11:31 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-03-24 11:31 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-03-24 11:31 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-03-24 11:31 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-03-24 11:31 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-03-24 11:31 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-03-24 11:31 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-03-24 11:31 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-16 21:48 . 2009-03-02 17:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-12 17:55 . 2009-04-08 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-08-12 10:42 . 2009-03-16 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-09 17:37 . 2009-02-20 10:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-09 14:08 . 2009-06-12 19:01 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-08-09 14:08 . 2009-06-12 19:00 -------- d-----w- c:\program files\AVS4YOU
2009-08-07 21:12 . 2009-02-23 09:35 -------- d-----w- c:\program files\InterVideo
2009-08-06 14:33 . 2009-02-20 11:23 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2008-11-27 04:45 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 19:40 . 2009-02-23 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-07-30 19:39 . 2009-07-30 19:39 -------- d-----w- c:\docume~1\FAMILI~1\APPLIC~1\Intervideo
2009-07-30 19:14 . 2009-07-30 19:14 -------- d-----w- c:\program files\ASUS
2009-07-30 11:50 . 2009-07-30 11:50 -------- d-----r- c:\program files\Skype
2009-07-30 11:50 . 2009-07-30 11:50 -------- d-----w- c:\program files\Common Files\Skype
2009-07-30 11:50 . 2009-02-20 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-30 11:34 . 2009-07-30 11:34 -------- d-----w- c:\program files\NVIDIA Corporation
2009-07-30 11:34 . 2009-07-30 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-07-30 06:44 . 2009-03-16 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 09:51 . 2009-07-29 09:49 3152 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2009-07-29 09:50 . 2009-07-29 09:50 3365 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2009-07-29 09:50 . 2009-07-29 09:50 1844 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
2009-07-29 09:50 . 2009-07-29 09:50 1224 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
2009-07-29 09:50 . 2009-07-29 09:50 2228 ----a-w- c:\windows\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
2009-07-29 09:50 . 2009-07-29 09:50 11473 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
2009-07-29 09:49 . 2009-07-29 09:49 1206 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Dalet Codec.dat
2009-07-29 09:49 . 2009-07-29 09:49 3008 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
2009-07-29 09:49 . 2009-07-29 09:49 3061 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2009-07-29 09:49 . 2009-07-29 09:49 3107 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2009-07-29 09:49 . 2009-07-29 09:49 2987 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2009-07-29 09:49 . 2009-07-29 09:49 2843 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
2009-07-29 09:48 . 2009-07-29 09:48 8457 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-07-29 09:48 . 2009-07-29 09:48 13281 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-07-29 09:48 . 2009-07-29 09:48 -------- d-----w- c:\program files\Illustrate
2009-07-29 09:34 . 2009-07-27 20:19 -------- d-----w- c:\program files\Music Fan's Factory
2009-07-28 14:51 . 2009-07-28 14:51 -------- d-----w- c:\program files\Activision Value
2009-07-28 04:57 . 2009-07-28 04:57 -------- d-----w- c:\program files\Wi-Fi Defense
2009-07-27 20:26 . 2009-07-27 20:24 -------- d-----w- c:\program files\KeyOPS
2009-07-26 19:18 . 2009-03-31 05:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-26 19:16 . 2009-07-26 19:16 -------- d-----w- c:\program files\Yahoo Funny 1.2 !
2009-07-26 19:16 . 2009-02-20 11:08 -------- d-----w- c:\program files\Yahoo!
2009-07-26 15:53 . 2009-02-25 09:09 17488 ----a-w- c:\windows\gdrv.sys
2009-07-25 03:23 . 2009-02-20 11:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 10:37 . 2009-02-20 10:39 -------- d-----w- c:\program files\Realtek
2009-07-19 12:30 . 2009-07-19 12:30 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-19 09:49 . 2009-07-19 09:49 -------- d-----w- c:\program files\obj
2009-07-17 19:01 . 2008-11-27 04:45 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 18:54 . 2009-04-30 20:02 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-14 18:54 . 2009-04-30 20:02 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-07-14 18:54 . 2009-03-02 16:55 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2009-02-09 12:18 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-02-09 12:18 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 18:54 . 2007-06-28 16:43 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2007-06-28 16:43 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2007-06-28 16:43 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 18:54 . 2007-06-28 16:43 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2007-06-28 16:43 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2007-06-28 16:43 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-07-14 11:35 . 2009-07-14 11:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-14 11:35 . 2009-07-14 11:35 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-07-14 11:35 . 2009-07-14 11:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-07-14 11:35 . 2009-07-14 11:35 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-07-14 11:34 . 2009-07-14 11:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 11:34 . 2009-07-14 11:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 11:34 . 2009-07-14 11:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 11:34 . 2009-07-14 11:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 11:34 . 2009-07-14 11:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 11:34 . 2009-07-14 11:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 11:34 . 2009-07-14 11:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 11:34 . 2009-07-14 11:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 11:34 . 2009-07-14 11:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-13 21:43 . 2008-11-27 04:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-05 16:20 . 2009-07-05 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2009-07-04 19:57 . 2009-07-04 19:57 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-07-03 22:56 . 2009-07-03 22:56 -------- d-----w- c:\program files\Microsoft WSE
2009-07-03 22:48 . 2009-03-13 07:35 -------- d-----w- c:\program files\Electronic Arts
2009-07-03 17:09 . 2008-11-27 04:45 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2008-11-27 04:45 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2008-11-27 04:45 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2008-11-27 04:45 54272 ----a-w- c:\windows\system32\wdigest.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-30_10.15.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-30 13:03 . 2009-08-30 13:03 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-26 39408]
"USBStart"="c:\documents and settings\Familija B\My Documents\Tata\usb av\USB.exe" [2009-03-24 8704]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Wi-Fi Defense2009-08-30 14:21utostart"="c:\program files\Wi-Fi Defense\WiFiDefense.exe" [2005-02-16 5876224]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"USB Threat Defender"="c:\program files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe" [2009-07-01 1215488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-15 65536]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-02-16 106496]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-08-20 943888]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\GIGABYTE\\@BIOS\\GBTUpd.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\UpdExe.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [09.06.2009 12:56 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.03.2009 13:31 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.03.2009 13:31 20560]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [19.08.2009 16:59 305936]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [30.07.2009 21:12 2831232]
S3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [20.02.2009 14:53 751104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [27.03.2009 11:54 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-08-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-21 22:45]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 10:10]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 10:10]

2009-08-30 c:\windows\Tasks\User_Feed_Synchronization-{C8A6C392-CB61-445F-8EB0-48321AEADB78}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Iz&vezi u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF - ProfilePath - c:\docume~1\FAMILI~1\APPLIC~1\Mozilla\Firefox\Profiles\ivckafg9.default\
FF - prefs.js: browser.startup.homepage - google.rs
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-30 16:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,34,f2,31,f9,99,13,49,89,f4,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,34,f2,31,f9,99,13,49,89,f4,4b,\

[HKEY_USERS\S-1-5-21-73586283-1757981266-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6A80947-FB92-1D6A-A833-06C5666D1CFA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abfmnoncnmhibbieoneennlaegbpinpfhp"=hex:69,61,61,6b,62,70,61,6e,6c,6a,64,6a,
69,6b,6d,69,63,6d,00,00
"padmgiedflpmbcdipmkldhmoohnhcmbi"=hex:69,61,61,6b,62,70,61,6e,6c,6a,64,6a,69,
6b,6d,69,63,6d,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3168-)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-30 16:24
ComboFix-quarantined-files.txt 2009-08-30 14:24
ComboFix2.txt 2009-08-30 10:17

Pre-Run: 24.084.094.976 bytes free
Post-Run: 24.032.423.936 bytes free

389 --- E O F --- 2009-08-26 12:38

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo sada izgleda čisto (sem ono malo adware-a, ništa konkretno nije ni bilo).


Što se tiče problema koje pominješ... Imaš poveću (rekao bih i: veoma neobičnu) kolekciju zaštitnog softvera.

Preporučujem da deinstaliraš sve sem antivirusa i firewall-a. Ukoliko to ne učini da PC radi stabilnije/kako treba, potraži savete u Windows forumu.


Za kraj, potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.