Problemi.

1

Problemi.

offline
  • Pridružio: 07 Mar 2009
  • Poruke: 33

Napisano: 22 Apr 2010 13:59

na koji način se ispoljava problem oko koga tražite pomoć;

evo gasi mi se racunar, ne mogu pokrenuti programe - izbacuje mi da ne obavještenja......C./windows/............rundll.exe ne radi

kada se taj problem počeo ispoljavati;
juče

ukoliko zaštitni softver koji koristite nešto detektuje, a ne može da ukloni, napišite/iskopirajte nazive detektovanih datoteka u poruku;
juče sam skenirao i strpao u karantin al ne znam koji su
i da, mislim da je u pitanju antivirus XP 2010 malware ili sta vec, jer mi se njegovi prozori izbacuju.

na koji način ste pokušali rešiti problem;
ništa konkretno jer mi je onemogućena bilo kakva akcija, u principu

kakvom internet konekcijom raspolažete (tip i brzina konekcije);
ADSL; 768/64
bilo kakve dodatne informacije koje bi mogle pobliže opisati stanje na vašem računaru.
kada radim sa gmerom ili mi blokira na pola ili mi se ugasi racunar tako da cu stavato logove koliko budem stigao da skeniram, recimo kada obradi sistemske fajlove???

Evo sad cu postaviti ovo za početak da ne pisem po hiljaditi put jer mi se racunar moze ugasitisvakog trenutka

Dopuna: 22 Apr 2010 14:02

DDS (Ver_10-03-17.01) - NTFSx86
Run by Davorin at 14:02:41,96 on 22/04/10
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.485 [GMT 2:00]

AV: avast! antivirus 4.8.1335 [VPS 100422-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Awast Software\Avast4\aswUpdSv.exe
C:\Program Files\Awast Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\windows\system32\wuaucldt.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Documents and Settings\Davorin\Local Settings\Application Data\ave.exe
C:\Documents and Settings\Davorin\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\Awast Software\Avast4\ashMaiSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Awast Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Davorin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ba/
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
uInternet Connection Wizard,ShellNext = hxxp://www.megaupload.com/toolbar2.0/?c=installed
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: {A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} - No File
uRun: [amva] c:\windows\system32\amvo.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DriverUpdaterPro] c:\program files\xpc tools\driver updater pro\DriverUpdaterPro.exe -t
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Google Update] "c:\documents and settings\davorin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [syncman] c:\documents and settings\davorin\wuaucldt.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [avast!] c:\progra~1\awasts~1\avast4\ashDisp.exe
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [syncman] c:\windows\system32\wuaucldt.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\davorin\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\techland\call of juarez\register\RegistrationReminder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: Crawler Search - tbr:iemenu
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davorin\applic~1\mozilla\firefox\profiles\zw3zablm.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\documents and settings\davorin\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\innova-engineering gmbh\3d-viewer-innoplus\npIno3DViewer.dll
FF - plugin: c:\program files\mozilla firefox 3.1 beta 2\plugins\npbittorrent.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.1 beta 2\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.1 beta 2\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.1 beta 2\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.1 beta 2\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox 3.1 beta 2\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-15 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-15 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\awast software\avast4\ashServ.exe [2009-3-15 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\awast software\avast4\ashMaiSv.exe [2009-3-15 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\awast software\avast4\ashWebSv.exe [2009-3-15 352920]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-7-14 33792]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [2008-4-2 48928]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-6 133104]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-04-22 08:02:20 1 ----a-w- c:\documents and settings\davorin\oashdihasidhasuidhiasdhiashdiuasdhasd
2010-04-21 18:15:40 0 d-----w- c:\docume~1\alluse~1\applic~1\avG
2010-04-21 18:14:17 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-04-21 18:14:02 29440 ----a-w- c:\windows\system32\wuaucldt.exe

==================== Find3M ====================

2010-04-13 21:44:19 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-01-19 16:16:21 88 --sh--r- c:\windows\system32\058A633A32.sys
2009-01-15 21:00:38 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011520090116\index.dat

============= FINISH: 14:03:00,84 ===============

mycity.rs/must-login.png

Dopuna: 22 Apr 2010 14:32

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 22 Apr 2010 14:58

Pokusao sam opet da napravim prvi log iz gmer-a i nije mi uspjelo.

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pozdrav.


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 07 Mar 2009
  • Poruke: 33

Napisano: 22 Apr 2010 16:12

Ovo nisam uspio:
Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem desnom uglu ekrana i izaberi Zaustavi Stalnu zaštitu.

Pošto mi ikonice nema u desnom donjem uglu, a i ne mogu da pokrenem normalno avast već idem desnim pa run uspio sam samo onaj dio "........samoodbrambeni modul".

Ovaj drugi ne mogu da pronađem : "Zaustavi stalnu zastitu".

Dopuna: 22 Apr 2010 16:24

combofix mi je polupokrenut, tj, čeka da riješim ovo.
Ovaj me virus pegla ko nikad.

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Idi na Start > Control Panel > Add or Remove Programs;

Klikni na Avast pa zatim na opciju Change/Remove;

Otvoriće se prozor Avast-a u kome ćeš odabrati opciju Repair.


To bi trebalo da vrati Tray ikonicu.

offline
  • Pridružio: 07 Mar 2009
  • Poruke: 33

ComboFix 10-04-21.01 - Davorin 22/04/10 17:04:16.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.593 [GMT 2:00]
Running from: c:\documents and settings\Davorin\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100422-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk
c:\documents and settings\Davorin\Local Settings\Application Data\ave.exe
c:\documents and settings\Davorin\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\config\systemprofile\wuaucldt.exe
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\Thumbs.db
c:\windows\system32\wuaucldt.exe

c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\system volume information\_restore{4570F90D-273F-4CBA-84B7-003E35D5A7B1}\RP367\A0205162.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZXSDERFBUKJFYSHLHDFRSTDZHDFASHTG


((((((((((((((((((((((((( Files Created from 2010-03-22 to 2010-04-22 )))))))))))))))))))))))))))))))
.

2010-04-22 15:09 . 2004-08-03 20:59 49536 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-04-22 15:09 . 2004-08-03 20:59 49536 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-04-22 10:32 . 2010-04-22 10:32 -------- d-----w- c:\documents and settings\Davorin\Local Settings\Application Data\avG
2010-04-21 18:15 . 2010-04-21 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-14 14:15 . 2010-04-14 14:16 -------- d-----w- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 07:45 . 2008-03-05 18:39 116352 -c--a-w- c:\documents and settings\Davorin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-21 18:13 . 2009-03-05 12:06 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 2
2010-04-19 19:06 . 2008-05-13 18:54 -------- d-----w- c:\documents and settings\Davorin\Application Data\BitTorrent
2010-04-16 10:11 . 2008-02-14 10:10 -------- d-----w- c:\program files\Google
2010-04-14 14:11 . 2008-05-09 15:30 -------- d-----w- c:\documents and settings\Arhitektura\Application Data\DNA
2010-04-14 10:08 . 2008-05-09 15:30 -------- d-----w- c:\program files\DNA
2010-04-13 21:44 . 2008-01-17 11:18 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-10 12:39 . 2010-03-05 18:19 -------- d-----w- c:\documents and settings\Davorin\Application Data\Audacity
2010-03-27 13:35 . 2008-04-18 14:50 -------- d-----w- c:\program files\Common Files\Real
2010-03-22 15:55 . 2010-03-04 14:36 439816 ----a-w- c:\documents and settings\Davorin\Application Data\Real\Update\setup3.10\setup.exe
2010-03-17 11:34 . 2010-03-17 11:34 -------- d-----w- c:\program files\Common Files\Apple
2010-03-17 11:34 . 2010-03-17 11:33 -------- d-----w- c:\program files\QuickTime
2010-03-17 11:33 . 2010-03-17 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-16 13:11 . 2010-03-04 08:43 439816 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\setup.exe
2010-03-07 21:46 . 2008-09-04 15:37 116352 -c--a-w- c:\documents and settings\Arhitektura\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-07 13:28 . 2007-08-25 10:56 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-03-07 13:24 . 2010-03-04 07:27 -------- d-----w- c:\program files\TeamViewer
2010-03-05 20:59 . 2010-03-05 20:55 20829680 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-05 20:55 . 2010-03-05 20:55 8405312 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-05 20:54 . 2010-03-05 20:54 149000 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-05 20:54 . 2010-03-05 20:54 10309448 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-05 20:52 . 2010-03-05 20:52 283280 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-05 20:52 . 2010-03-05 20:52 181768 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-05 20:52 . 2010-03-05 20:52 79368 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-05 20:52 . 2010-03-05 20:52 64000 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-05 20:52 . 2010-03-05 20:52 52288 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-05 20:52 . 2010-03-05 20:52 50688 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-05 20:52 . 2010-03-05 20:52 49152 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-05 20:52 . 2010-03-05 20:52 118784 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-02 16:44 . 2010-03-02 16:44 -------- d-----w- c:\program files\PowerTracks DirectX Plugins
2010-01-31 17:19 . 2008-04-02 20:43 48928 ----a-w- c:\windows\system32\drivers\Tetris.sys
2010-01-24 18:16 . 2010-01-24 18:16 152576 -c--a-w- c:\documents and settings\Davorin\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-24 18:15 . 2010-01-24 18:15 79488 -c--a-w- c:\documents and settings\Davorin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2008-01-19 16:16 . 2008-01-17 11:18 88 --sh--r- c:\windows\system32\058A633A32.sys
.

------- Sigcheck -------

[-] 2007-02-15 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-28_19.56.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-29 14:10 . 2009-07-29 14:12 13556 c:\windows\unins000.dat
+ 2010-04-22 15:11 . 2010-04-22 15:11 16384 c:\windows\temp\Perflib_Perfdata_684.dat
+ 2010-03-09 18:13 . 2010-03-09 18:13 16384 c:\windows\temp\Perflib_Perfdata_674.dat
+ 2010-04-22 15:11 . 2010-04-22 15:11 16384 c:\windows\temp\Perflib_Perfdata_2e0.dat
+ 2004-08-10 23:45 . 2004-08-10 23:45 10752 c:\windows\system32\wpdtrace.dll
+ 2004-08-10 23:45 . 2004-08-10 23:45 66560 c:\windows\system32\wpdmtpus.dll
+ 2004-08-10 23:45 . 2004-08-10 23:45 61952 c:\windows\system32\wpdconns.dll
+ 2004-08-10 23:45 . 2004-08-10 23:45 38912 c:\windows\system32\wpd_ci.dll
+ 2009-09-24 10:34 . 1999-09-10 10:06 45056 c:\windows\system32\WNASPI32.DLL
+ 2004-08-03 21:56 . 2004-08-10 23:45 34304 c:\windows\system32\WMDMPS.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 30208 c:\windows\system32\WMDMLOG.dll
+ 2004-08-10 23:45 . 2004-08-10 23:45 38912 c:\windows\system32\wdfmgr.exe
+ 2004-08-10 23:45 . 2004-08-10 23:45 15872 c:\windows\system32\wdfapi.dll
+ 2004-08-10 23:45 . 2004-08-10 23:45 47104 c:\windows\system32\uwdf.exe
+ 2009-07-16 16:37 . 2005-11-03 15:14 45056 c:\windows\system32\Synsopos.exe
+ 2009-07-16 16:37 . 2005-05-09 18:08 33792 c:\windows\system32\ReinstallBackups\0009\DriverFiles\cledx.sys
+ 2009-07-14 18:27 . 2005-06-04 07:08 87040 c:\windows\system32\ra32sipr.dll
+ 2009-07-14 18:27 . 2005-06-04 07:09 21504 c:\windows\system32\ra32dnet.dll
+ 2009-07-14 18:27 . 2005-06-04 07:09 72704 c:\windows\system32\ra3228_8.dll
+ 2009-07-14 18:27 . 2005-06-04 07:09 81920 c:\windows\system32\ra3214_4.dll
- 2001-08-23 10:00 . 2009-03-29 09:00 63334 c:\windows\system32\perfc009.dat
+ 2001-08-23 10:00 . 2010-04-09 07:35 63334 c:\windows\system32\perfc009.dat
+ 2004-08-03 21:56 . 2004-08-10 23:45 25088 c:\windows\system32\MsPMSNSv.dll
+ 2009-07-03 17:25 . 2009-07-14 21:36 85956 c:\windows\system32\mlfcache.dat
+ 2007-08-25 11:31 . 2009-08-09 12:26 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2007-08-25 11:31 . 2009-06-15 16:49 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-07-31 17:06 . 2009-09-14 21:33 89101 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2004-08-03 21:56 . 2004-08-10 23:45 96768 c:\windows\system32\logagent.exe
+ 2010-01-09 11:57 . 2004-08-03 23:56 21504 c:\windows\system32\hidserv.dll
+ 2009-07-14 18:27 . 2005-06-04 07:11 85504 c:\windows\system32\encdnet.dll
+ 2009-07-10 11:43 . 2007-08-31 12:14 38656 c:\windows\system32\DRVSTORE\embda_754491038463AF55DC013DBF40581C2B1BFEE429\emOEM.sys
+ 2009-07-10 11:43 . 2006-12-15 14:54 61440 c:\windows\system32\DRVSTORE\embda_754491038463AF55DC013DBF40581C2B1BFEE429\emMON.exe
+ 2009-07-10 11:43 . 2007-08-31 12:15 24448 c:\windows\system32\DRVSTORE\emaudio_754491038463AF55DC013DBF40581C2B1BFEE429\emAudio.sys
+ 2004-08-03 21:56 . 2004-08-10 23:45 95232 c:\windows\system32\drmstor.dll
+ 2004-08-10 23:45 . 2004-08-10 23:45 18944 c:\windows\system32\drivers\wpdusb.sys
+ 2010-01-09 11:56 . 2004-08-03 22:08 31616 c:\windows\system32\drivers\usbccgp.sys
+ 2009-07-14 18:25 . 2005-11-03 10:17 16896 c:\windows\system32\drivers\synasUSB.sys
- 2008-02-23 02:38 . 2008-02-23 02:38 43872 c:\windows\system32\drivers\pxhelp20.sys
+ 2008-11-20 19:19 . 2008-11-20 19:19 43872 c:\windows\system32\drivers\pxhelp20.sys
+ 2009-07-30 08:40 . 2005-11-03 10:15 17688 c:\windows\system32\drivers\NSynas32.sys
+ 2010-02-23 13:57 . 2004-08-03 21:58 14848 c:\windows\system32\drivers\kbdhid.sys
+ 2009-07-14 18:25 . 2005-05-09 18:08 33792 c:\windows\system32\drivers\cledx.sys
+ 2009-03-15 21:41 . 2009-11-24 22:49 48560 c:\windows\system32\drivers\aswTdi.sys
+ 2009-03-15 21:41 . 2009-11-24 22:48 23120 c:\windows\system32\drivers\aswRdr.sys
+ 2009-03-15 21:41 . 2009-11-24 22:50 94160 c:\windows\system32\drivers\aswmon2.sys
+ 2009-03-15 21:41 . 2009-11-24 22:51 93424 c:\windows\system32\drivers\aswmon.sys
- 2009-03-15 21:41 . 2009-02-05 21:07 20560 c:\windows\system32\drivers\aswFsBlk.sys
+ 2009-03-15 21:41 . 2009-11-24 22:50 20560 c:\windows\system32\drivers\aswFsBlk.sys
+ 2009-09-24 10:34 . 1999-09-10 10:06 25244 c:\windows\system32\drivers\ASPI32.SYS
+ 2009-03-15 21:41 . 2009-11-24 22:47 27408 c:\windows\system32\drivers\aavmker4.sys
+ 2004-08-03 21:56 . 2004-08-10 23:45 34304 c:\windows\system32\dllcache\wmdmps.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 30208 c:\windows\system32\dllcache\wmdmlog.dll
+ 2010-01-09 11:56 . 2004-08-03 22:08 31616 c:\windows\system32\dllcache\usbccgp.sys
+ 2004-08-03 21:56 . 2004-08-10 23:45 25088 c:\windows\system32\dllcache\mspmsnsv.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 96768 c:\windows\system32\dllcache\logagent.exe
+ 2010-01-09 11:57 . 2004-08-03 23:56 21504 c:\windows\system32\dllcache\hidserv.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 95232 c:\windows\system32\dllcache\drmstor.dll
+ 2009-06-28 19:56 . 2007-07-30 18:19 53080 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-28 19:56 . 2004-08-03 21:56 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-28 19:56 . 2004-08-03 21:56 24576 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-28 19:56 . 2004-08-03 21:56 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-28 19:56 . 2004-08-03 21:56 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-28 19:56 . 2004-08-03 21:56 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-28 19:56 . 2004-08-03 21:56 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-28 19:56 . 2004-08-03 19:58 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-28 19:56 . 2004-08-03 20:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-28 19:56 . 2004-08-03 21:56 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-07-14 18:27 . 2005-06-04 07:09 61952 c:\windows\system32\decdnet.dll
- 2009-03-10 16:50 . 2009-06-13 14:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-10 16:50 . 2010-04-21 21:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-25 10:21 . 2010-04-21 21:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-25 10:21 . 2009-06-13 14:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-25 10:21 . 2009-06-13 14:12 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-08-25 10:21 . 2010-04-21 21:11 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-15 21:41 . 2009-11-24 22:47 97480 c:\windows\system32\AvastSS.scr
- 2009-03-15 21:41 . 2009-02-05 21:04 97480 c:\windows\system32\AvastSS.scr
+ 2009-08-22 19:43 . 2004-08-10 23:45 95232 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 87040 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmstor.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 96768 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
+ 2009-08-22 19:43 . 2004-08-10 23:45 18944 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
+ 2009-08-22 19:43 . 2004-08-10 23:45 10752 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 66560 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 61952 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 38912 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 38912 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
+ 2009-08-22 19:43 . 2004-08-10 23:45 15872 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 47104 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
+ 2009-08-22 19:43 . 2004-08-10 23:45 34304 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 30208 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 25088 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 23552 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMPS.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 27136 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMLOG.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 52224 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
+ 2010-03-18 08:59 . 2010-03-18 08:59 22528 c:\windows\Installer\336771.msi
+ 2009-12-23 16:01 . 2009-12-23 16:01 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-12-08 09:59 . 2009-12-08 09:59 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-10-06 19:51 . 2009-10-06 19:51 25214 c:\windows\Installer\{3A05B900-A3E7-11DE-A9B7-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-01-28 17:00 . 2010-03-15 20:02 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-04-16 10:11 . 2010-04-16 10:11 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-04-16 10:11 . 2010-04-16 10:11 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-04-16 10:11 . 2010-04-16 10:11 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-04-16 10:11 . 2010-04-16 10:11 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-04-16 10:11 . 2010-04-16 10:11 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-04-16 10:11 . 2010-04-16 10:11 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-04-16 10:11 . 2010-04-16 10:11 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\ARPPRODUCTICON.exe
+ 2009-12-21 18:09 . 2009-12-21 18:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-21 23:57 . 2009-12-21 23:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-21 18:02 . 2009-12-21 18:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-21 21:21 . 2009-12-21 21:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-11 13:57 . 2009-12-11 13:57 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobeextractfiles.dll
+ 2009-12-21 21:37 . 2009-12-21 21:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 16:39 . 2009-12-21 16:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 16:27 . 2009-12-21 16:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 16:27 . 2009-12-21 16:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2004-08-03 21:56 . 2004-08-03 21:56 51200 c:\windows\dcax32.dll
+ 2009-07-30 12:31 . 2009-07-30 12:31 7016 c:\windows\unins001.dat
+ 2004-08-03 21:56 . 2004-08-10 23:45 6656 c:\windows\system32\laprxy.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 6656 c:\windows\system32\dllcache\laprxy.dll
+ 2009-09-24 10:34 . 1999-09-10 10:06 4672 c:\windows\system\WOWPOST.EXE
+ 2009-09-24 10:34 . 1999-09-10 10:06 5600 c:\windows\system\WINASPI.DLL
+ 2010-01-22 20:34 . 2007-06-03 13:58 5120 c:\windows\system\vdsvrlnk.dll
+ 2010-01-22 20:34 . 2007-06-03 13:58 7168 c:\windows\system\vdremote.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 6656 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 6656 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\laprxy.dll
+ 2009-07-12 00:12 . 2009-07-12 00:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 00:09 . 2009-07-12 00:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 00:08 . 2009-07-12 00:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2009-07-30 12:31 . 2009-07-30 12:31 697690 c:\windows\unins001.exe
+ 2009-07-29 14:10 . 2009-07-29 14:11 697690 c:\windows\unins000.exe
+ 2004-08-10 23:45 . 2004-08-10 23:45 327680 c:\windows\system32\wpdsp.dll
+ 2004-08-10 23:45 . 2004-08-10 23:45 331776 c:\windows\system32\wpdmtpdr.dll
+ 2004-08-10 23:45 . 2004-08-10 23:45 114176 c:\windows\system32\wpdmtp.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 999424 c:\windows\system32\wmvdmoe2.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 871160 c:\windows\system32\wmvdmod.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 936960 c:\windows\system32\wmspdmoe.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 531192 c:\windows\system32\wmspdmod.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 773368 c:\windows\system32\wmsdmod.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 150016 c:\windows\system32\wmidx.dll
+ 2004-08-10 23:45 . 2004-08-10 23:45 290816 c:\windows\system32\WMDRMNet.dll
+ 2004-08-10 23:45 . 2004-08-10 23:45 344064 c:\windows\system32\WMDRMdev.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 229376 c:\windows\system32\wmasf.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 712704 c:\windows\system32\wmadmoe.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 380144 c:\windows\system32\wmadmod.dll
+ 2009-07-16 16:37 . 2005-11-08 09:20 147456 c:\windows\system32\SynsoLChk.dll
+ 2009-07-16 16:37 . 2005-11-08 18:02 708608 c:\windows\system32\SYNSOACC.dll
+ 2009-07-14 18:27 . 2005-06-04 07:08 487936 c:\windows\system32\rmbe3260.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 221184 c:\windows\system32\qasf.dll
+ 2009-07-14 18:27 . 2005-06-04 07:09 352768 c:\windows\system32\pngu3263.dll
+ 2009-07-14 18:27 . 2005-06-04 07:09 131072 c:\windows\system32\pneng50.dll
+ 2009-07-14 18:27 . 2005-06-04 07:09 130560 c:\windows\system32\pnc3250.dll
+ 2001-08-23 10:00 . 2010-04-09 07:35 403858 c:\windows\system32\perfh009.dat
- 2001-08-23 10:00 . 2009-03-29 09:00 403858 c:\windows\system32\perfh009.dat
+ 2004-08-03 21:56 . 2004-08-10 23:45 311296 c:\windows\system32\MSWMDM.dll
- 2002-01-05 00:37 . 2002-01-05 00:37 344064 c:\windows\system32\msvcr70.dll
+ 2002-01-05 00:37 . 2005-06-04 07:08 344064 c:\windows\system32\msvcr70.dll
+ 2002-01-05 01:40 . 2005-06-04 07:08 487424 c:\windows\system32\msvcp70.dll
- 2002-01-05 01:40 . 2002-01-05 01:40 487424 c:\windows\system32\msvcp70.dll
+ 2004-08-03 21:57 . 2004-08-10 23:45 360176 c:\windows\system32\MSSCP.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 169472 c:\windows\system32\MsPMSP.dll
+ 2004-08-03 21:57 . 2004-08-10 23:45 141312 c:\windows\system32\msnetobj.dll
+ 2004-08-03 21:56 . 2004-08-03 21:56 240640 c:\windows\system32\mpg4dmod.dll
+ 2004-08-03 21:56 . 2004-08-03 21:56 384512 c:\windows\system32\mp4sdmod.dll
+ 2004-08-03 21:56 . 2004-08-03 21:56 310272 c:\windows\system32\mp43dmod.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
+ 2010-01-24 18:17 . 2009-10-11 03:17 149280 c:\windows\system32\javaws.exe
+ 2010-01-24 18:17 . 2009-10-11 03:17 145184 c:\windows\system32\javaw.exe
+ 2010-01-24 18:17 . 2009-10-11 03:17 145184 c:\windows\system32\java.exe
+ 2009-08-22 19:51 . 2002-06-04 14:48 309248 c:\windows\system32\Incinerator.dll
+ 2007-08-25 12:05 . 2010-03-03 14:30 361728 c:\windows\system32\FNTCACHE.DAT
+ 2003-10-28 17:07 . 2003-10-28 17:07 372736 c:\windows\system32\ffvfw.dll
+ 2003-10-28 14:51 . 2003-10-28 14:51 106496 c:\windows\system32\ff_theora.dll
+ 2009-07-10 11:43 . 2007-08-31 15:33 479744 c:\windows\system32\DRVSTORE\embda_754491038463AF55DC013DBF40581C2B1BFEE429\emBDA.sys
+ 2004-08-03 21:57 . 2004-08-10 23:45 527360 c:\windows\system32\drmv2clt.dll
+ 2004-08-03 21:57 . 2004-08-10 23:45 253688 c:\windows\system32\drmclien.dll
+ 2009-03-15 21:41 . 2009-11-24 22:50 114768 c:\windows\system32\drivers\aswSP.sys
- 2009-03-15 21:41 . 2009-02-05 21:07 114768 c:\windows\system32\drivers\aswSP.sys
+ 2004-08-03 21:56 . 2004-08-10 23:45 999424 c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 871160 c:\windows\system32\dllcache\wmvdmod.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 936960 c:\windows\system32\dllcache\wmspdmoe.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 531192 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 773368 c:\windows\system32\dllcache\wmsdmod.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 150016 c:\windows\system32\dllcache\wmidx.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 229376 c:\windows\system32\dllcache\wmasf.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 712704 c:\windows\system32\dllcache\wmadmoe.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 380144 c:\windows\system32\dllcache\wmadmod.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 221184 c:\windows\system32\dllcache\qasf.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 311296 c:\windows\system32\dllcache\mswmdm.dll
+ 2004-08-03 21:57 . 2004-08-10 23:45 360176 c:\windows\system32\dllcache\msscp.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 169472 c:\windows\system32\dllcache\mspmsp.dll
+ 2004-08-03 21:57 . 2004-08-10 23:45 141312 c:\windows\system32\dllcache\msnetobj.dll
+ 2004-08-03 21:56 . 2004-08-03 21:56 240640 c:\windows\system32\dllcache\mpg4dmod.dll
+ 2004-08-03 21:56 . 2004-08-03 21:56 384512 c:\windows\system32\dllcache\mp4sdmod.dll
+ 2004-08-03 21:56 . 2004-08-03 21:56 310272 c:\windows\system32\dllcache\mp43dmod.dll
+ 2004-08-03 21:57 . 2004-08-10 23:45 527360 c:\windows\system32\dllcache\drmv2clt.dll
+ 2004-08-03 21:57 . 2004-08-10 23:45 253688 c:\windows\system32\dllcache\drmclien.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 161792 c:\windows\system32\dllcache\cewmdm.dll
+ 2009-06-28 19:56 . 2004-08-03 21:56 502272 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-28 19:56 . 2006-10-17 11:33 818688 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-28 19:56 . 2004-08-03 21:56 577024 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-28 19:56 . 2004-08-03 21:56 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-28 19:56 . 2004-08-03 20:14 359040 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-28 19:56 . 2004-08-03 21:56 108032 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-28 19:56 . 2004-08-03 20:14 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-28 19:56 . 2004-08-03 21:56 983552 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-28 19:56 . 2004-08-03 21:56 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-28 19:56 . 2004-08-03 21:56 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 233472 c:\windows\system32\dllcache\blackbox.dll
+ 2009-01-18 10:24 . 2009-10-11 03:17 411368 c:\windows\system32\deploytk.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 161792 c:\windows\system32\cewmdm.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 233472 c:\windows\system32\blackbox.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 141312 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 527360 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 253688 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 233472 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
+ 2009-07-14 18:28 . 2004-08-03 21:57 259072 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\msnetobj.dll
+ 2009-07-14 18:28 . 2004-08-03 21:57 695296 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmv2clt.dll
+ 2009-07-14 18:28 . 2004-08-03 21:57 299520 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmclien.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 286208 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\blackbox.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 999424 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 936960 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 150016 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 290816 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 344064 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 229376 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 712704 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 221184 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 896512 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmspdmoe.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 151552 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmidx.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 230400 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmasf.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 670720 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmadmoe.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 237568 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\qasf.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 103936 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
+ 2009-08-22 19:43 . 2004-08-10 23:45 871160 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 531192 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 773368 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 380144 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 809984 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvdmod.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 484864 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmspdmod.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 759296 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmsdmod.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 408064 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmadmod.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 327680 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 331776 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 114176 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 311296 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 360176 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 169472 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 161792 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 245760 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSWMDM.dll
+ 2009-07-14 18:28 . 2004-08-03 21:57 356352 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSSCP.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 201728 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSP.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 159232 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\cewmdm.dll
+ 2010-01-31 16:07 . 2009-07-16 16:31 597674 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
+ 2008-03-06 18:44 . 2008-03-06 18:44 621056 c:\windows\Installer\ec5c8f.msi
+ 2008-03-06 19:05 . 2008-03-06 19:05 289792 c:\windows\Installer\d5b93.msi
+ 2009-11-20 11:45 . 2009-11-20 11:45 802304 c:\windows\Installer\c0597.msi
+ 2008-08-19 14:46 . 2008-08-19 14:46 360960 c:\windows\Installer\b59b52.msi
+ 2008-08-19 14:45 . 2008-08-19 14:45 289792 c:\windows\Installer\b59b4d.msi
+ 2010-03-17 11:34 . 2010-03-17 11:34 796672 c:\windows\Installer\ae6b9.msi
+ 2009-01-18 10:24 . 2009-01-18 10:24 562176 c:\windows\Installer\aca99.msi
+ 2010-01-08 13:03 . 2010-01-08 13:03 137216 c:\windows\Installer\a624bb.msi
+ 2007-12-09 13:07 . 2007-12-09 13:07 331264 c:\windows\Installer\a4717a.msi
+ 2008-02-26 18:34 . 2008-02-26 18:34 243712 c:\windows\Installer\9f352f.msi
+ 2008-02-26 18:34 . 2008-02-26 18:34 190464 c:\windows\Installer\9f3529.msi
+ 2008-01-17 11:16 . 2008-01-17 11:16 492032 c:\windows\Installer\764592.msi
+ 2009-11-24 12:14 . 2009-11-24 12:14 972800 c:\windows\Installer\72ea88.msi
+ 2008-07-02 10:30 . 2008-07-02 10:30 532992 c:\windows\Installer\61f27c.msi
+ 2008-07-22 17:20 . 2008-07-22 17:20 265216 c:\windows\Installer\601975.msi
+ 2009-09-24 21:22 . 2009-09-24 21:22 218112 c:\windows\Installer\597234.msi
+ 2009-05-22 21:07 . 2009-05-22 21:07 101376 c:\windows\Installer\566561.msi
+ 2007-08-25 10:22 . 2007-08-25 10:22 264704 c:\windows\Installer\47243.msi
+ 2007-12-05 20:20 . 2007-12-05 20:20 176640 c:\windows\Installer\312ec8.msi
+ 2009-03-04 14:09 . 2009-03-04 14:09 236032 c:\windows\Installer\3094d.msi
+ 2009-10-31 20:01 . 2009-10-31 20:01 218112 c:\windows\Installer\284539.msi
+ 2008-06-30 12:08 . 2008-06-30 12:08 864768 c:\windows\Installer\26a64c.msi
+ 2009-07-10 11:43 . 2009-07-10 11:43 774144 c:\windows\Installer\22a306.msi
+ 2008-03-24 19:47 . 2008-03-24 19:47 467456 c:\windows\Installer\1f2132.msi
+ 2009-08-11 09:43 . 2009-08-11 09:43 721408 c:\windows\Installer\1d6855.msi
+ 2007-12-04 11:47 . 2007-12-04 11:47 726528 c:\windows\Installer\198081.msi
+ 2007-12-04 11:47 . 2007-12-04 11:47 224768 c:\windows\Installer\198079.msi
+ 2007-12-04 11:47 . 2007-12-04 11:47 252928 c:\windows\Installer\198071.msi
+ 2007-12-04 11:47 . 2007-12-04 11:47 242688 c:\windows\Installer\198069.msi
+ 2007-12-04 11:47 . 2007-12-04 11:47 289280 c:\windows\Installer\198061.msi
+ 2007-12-04 11:47 . 2007-12-04 11:47 210944 c:\windows\Installer\198059.msi
+ 2007-12-04 11:47 . 2007-12-04 11:47 315392 c:\windows\Installer\198051.msi
+ 2007-12-04 11:47 . 2007-12-04 11:47 212992 c:\windows\Installer\198049.msi
+ 2007-12-04 11:47 . 2007-12-04 11:47 297472 c:\windows\Installer\198041.msi
+ 2007-12-04 11:47 . 2007-12-04 11:47 288256 c:\windows\Installer\198039.msi
+ 2009-07-25 15:50 . 2009-07-25 15:50 100352 c:\windows\Installer\1165996.msi
+ 2009-11-20 11:45 . 2009-11-20 11:45 295606 c:\windows\Installer\{AC76BA86-7AD7-5464-3428-900000000004}\ARPPRODUCTICON.exe
+ 2009-12-11 13:57 . 2009-12-11 13:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\readerupdater.exe
+ 2009-12-21 16:35 . 2009-12-21 16:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-21 18:05 . 2009-12-21 18:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
+ 2009-12-21 16:34 . 2009-12-21 16:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-09 17:18 . 2009-11-09 17:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-21 18:02 . 2009-12-21 18:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-11 13:57 . 2009-12-11 13:57 948672 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobearm.exe
+ 2009-12-21 16:43 . 2009-12-21 16:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-21 23:57 . 2009-12-21 23:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 16:15 . 2009-12-21 16:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-21 17:32 . 2009-12-21 17:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-11 13:57 . 2009-12-11 13:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobatupdater.exe
+ 2009-12-21 17:15 . 2009-12-21 17:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
+ 2006-03-20 15:34 . 2006-03-20 15:34 484272 c:\windows\Downloaded Program Files\isusweb.dll
+ 2004-08-03 21:57 . 2004-08-10 23:45 2362104 c:\windows\system32\wmvcore.dll
+ 2004-08-10 23:45 . 2004-08-10 23:45 1509376 c:\windows\system32\WMVADVE.DLL
+ 2004-08-10 23:45 . 2004-08-10 23:45 1181944 c:\windows\system32\wmvadvd.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 1116160 c:\windows\system32\wmsdmoe2.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 1027072 c:\windows\system32\wmnetmgr.dll
+ 2004-07-17 08:35 . 2004-07-17 08:35 1326080 c:\windows\system32\webfldrs.msi
+ 2004-08-03 21:56 . 2004-02-22 22:00 1386496 c:\windows\system32\msvbvm60.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2004-08-03 21:57 . 2004-08-10 23:45 2362104 c:\windows\system32\dllcache\wmvcore.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 1116160 c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2004-08-03 21:56 . 2004-08-10 23:45 1027072 c:\windows\system32\dllcache\wmnetmgr.dll
+ 2009-06-28 19:56 . 2004-08-03 20:18 2148352 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-28 19:56 . 2004-08-03 22:05 2015232 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-28 19:56 . 2004-08-03 21:56 1032192 c:\windows\system32\dllcache\cache\explorer.exe
+ 2009-03-15 21:41 . 2009-11-24 22:54 1280480 c:\windows\system32\aswBoot.exe
+ 2009-08-22 19:43 . 2004-08-10 23:45 2362104 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 1509376 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
+ 2009-08-22 19:43 . 2004-08-10 23:45 1116160 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 1027072 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 1001472 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvdmoe2.dll
+ 2009-07-14 18:28 . 2004-08-03 21:57 2105344 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvcore.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 1119744 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmsdmoe2.dll
+ 2009-07-14 18:28 . 2004-08-03 21:56 1050624 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmnetmgr.dll
+ 2009-08-22 19:43 . 2004-08-10 23:45 1181944 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2008-01-19 16:48 . 2008-01-19 16:48 3443712 c:\windows\Installer\cd54a8.msi
+ 2010-03-17 11:34 . 2010-03-17 11:34 9473024 c:\windows\Installer\ae6b3.msi
+ 2008-01-19 16:14 . 2008-01-19 16:14 6195200 c:\windows\Installer\a40ade.msi
+ 2008-01-19 16:14 . 2008-01-19 16:14 4606976 c:\windows\Installer\a40ad6.msi
+ 2008-01-19 16:14 . 2008-01-19 16:14 4237312 c:\windows\Installer\a40ac3.msi
+ 2008-02-01 12:34 . 2008-02-01 12:34 1067520 c:\windows\Installer\582f6.msi
+ 2007-08-25 11:40 . 2007-08-25 11:40 2109440 c:\windows\Installer\37ff6.msi
+ 2010-04-14 14:15 . 2010-04-14 14:15 3940352 c:\windows\Installer\2a144.msi
+ 2009-03-02 17:58 . 2009-03-02 17:58 1473024 c:\windows\Installer\287622.msi
+ 2009-06-11 18:41 . 2009-06-11 18:41 1549312 c:\windows\Installer\270ca4.msi
+ 2007-08-25 10:46 . 2007-08-25 10:46 6017536 c:\windows\Installer\25e02.msi
+ 2009-04-06 16:52 . 2009-04-06 16:52 3656192 c:\windows\Installer\1fc262.msi
+ 2010-04-16 10:11 . 2010-04-16 10:11 1235968 c:\windows\Installer\139658.msi
+ 2009-12-21 16:29 . 2009-12-21 16:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-10-27 18:34 . 2009-10-27 18:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2009-12-21 21:31 . 2009-12-21 21:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2009-07-29 14:54 . 2009-07-29 14:54 7500800 c:\windows\Downloaded Installations\{8BFEC01E-7CED-41F9-AAF4-19D9DBA7B167}\Transposer.msi
+ 2008-01-20 13:21 . 2003-11-03 23:06 2250100 c:\windows\Cache\Adobe Reader 6.0.1\ENUBIG\Adobe Reader 6.0.1.msi
+ 2005-09-23 05:48 . 2005-09-23 05:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2008-01-19 16:14 . 2008-01-19 16:14 30841856 c:\windows\Installer\a40abd.msi
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\2a1ed.msp
+ 2009-12-21 21:21 . 2009-12-21 21:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Google Update"="c:\documents and settings\Davorin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-02 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"SMSERIAL"="sm56hlpr.exe" [2000-11-22 462848]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0PGUNNT c:\smclpav\SMCLpav.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 23:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"c:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
"c:\\Program Files\\Google\\Google SketchUp 6\\LayOut\\LayOut.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/06/09 16:17 721904]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/03/09 23:41 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/03/09 23:41 20560]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [14/07/09 20:25 33792]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [02/04/08 22:43 48928]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/10/09 21:44 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 19:44]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 19:44]

2010-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-725345543-1006Core.job
- c:\documents and settings\Davorin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-14 16:49]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-725345543-1006UA.job
- c:\documents and settings\Davorin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-14 16:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uInternet Connection Wizard,ShellNext = hxxp://www.megaupload.com/toolbar2.0/?c=installed
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: Crawler Search - tbr:iemenu
FF - ProfilePath - c:\documents and settings\Davorin\Application Data\Mozilla\Firefox\Profiles\zw3zablm.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\documents and settings\Davorin\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 2\plugins\npbittorrent.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKCU-Run-syncman - c:\documents and settings\davorin\wuaucldt.exe
HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
HKLM-Run-syncman - c:\windows\system32\wuaucldt.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Podium_is1 - c:\program files\SketchUp\Plugins\Podium\unins000.exe
AddRemove-RealAlt_is1 - c:\program files\Real Alternative\unins000.exe
AddRemove-Tanks Evolution_is1 - c:\program files\Tanks Evolution\unins000.exe
AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-04-22 17:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x867D71F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7620fc3
\Driver\ACPI -> ACPI.sys @ 0xf739acb8
\Driver\atapi -> prosync1.sys @ 0xf7ae46c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: Attansic L2 Fast Ethernet 10/100 Base-T Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7239ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7246b21
SendHandler -> NDIS.sys @ 0xf722487b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3876)
c:\windows\system32\browselc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Awast Software\Avast4\aswUpdSv.exe
c:\program files\Awast Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Awast Software\Avast4\ashMaiSv.exe
c:\program files\Awast Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\sm56hlpr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\documents and settings\Davorin\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-04-22 17:17:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-22 15:17
ComboFix2.txt 2009-06-28 19:58
ComboFix3.txt 2009-03-06 17:37

Pre-Run: 1.984.520.192 bytes free
Post-Run: 6.647.533.568 bytes free

- - End Of File - - F702136EF0599B87093333A0B31E8C8E

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Otvoriti Notepad i iskopirati sledeci tekst:


DeQuarantine::
C:\Qoobox\Quarantine\C\documents and settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk.vir
Quit::



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 07 Mar 2009
  • Poruke: 33

Napisano: 22 Apr 2010 19:48

Uradio, ali mi kaze da treba da ugasim avastov real time scanner, mada je meni opet tray nedostupan. A i ne znam kako to sad ide.

Dopuna: 22 Apr 2010 21:12

C:\Qoobox\Quarantine\C\documents and settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk.vir -> C:\documents and settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk ( 531 bytes )

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Kakvo je sada stanje?

offline
  • Pridružio: 07 Mar 2009
  • Poruke: 33

Napisano: 22 Apr 2010 21:19

Uspio sam da ugasim real time skener, ali na kraju mozda postoji problem da kada se nakon pokreatanja combofixa i zatim restarta racunara, kada combofix prakticno pocne skeniranje opet upali zastita avasta.
Jer svaki put kada restartujem racunar tray ikona nestane, a to znaci da je zastita aktivirana.

Dopuna: 22 Apr 2010 21:19

Aha sacekaj nisam vidio ovu poruku.

Dopuna: 22 Apr 2010 21:26

Nije bolje, ne iskacu mi prozori sa ovog XP 2010 "antivirus"-a, on me ne zeza, ali imam problema sa pokretanjem aplikacija ......nema valjda rundll32.exe, tako da vjerovatno jos dosta stvari ne stima.

Dopuna: 22 Apr 2010 21:39

I to neće dosta stvari da pokrene na administratoru dok ovdje na bratovom accountu hoće.

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Ovo sad deluje čisto i nema tragova malicioznih programa.

Ti problemi koje navodiš nisu vezani za maliciozne programe, tako da za naredna pitanja možeš otvoriti u Windows delu MyCity-ja.

Arrow http://www.mycity.rs/Windows/




Isprati još sledeće uputstvo...


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

Ko je trenutno na forumu
 

Ukupno su 1027 korisnika na forumu :: 31 registrovanih, 8 sakrivenih i 988 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Bane san, bojank, Bubimir, cemix, comi_pfc, darkangel, DeerHunter, dragoljub11987, GandorCC, Georgius, Jeremiah, Koridor, ladro, laurusri, Litostroton, LUDI, Mercury, milenko crazy north, mocnijogurt, Oscar, Prašinar, predragc, Sirius, stegonosa, trajkoni018, tubular, Valter071, Vlada1389, voja64, VP6919, vukdra