system guard 2009

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Moj drug trenutno nema net pa me je zamolio da postavim log umesto njega


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:32 PM, on 2/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svcnost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\System Guard 2009\systemguard.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\winscenter.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {3cd53324-393a-46c3-bc63-bfa26937d35a} - C:\WINDOWS\system32\fefiyiri.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\uisaj387dd.dll - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\uisaj387dd.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [jotikemeti] Rundll32.exe "C:\WINDOWS\system32\honunuzu.dll",s
O4 - HKLM\..\Run: [systemguard] C:\Program Files\System Guard 2009\systemguard.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V.....1857523875
O20 - AppInit_DLLs: c:\windows\system32\volosejo.dll c:\windows\system32\nugebini.dll
O20 - Winlogon Notify: decfeaaebffbf - C:\WINDOWS\system32\decfeaaebffbf.dll
O21 - SSODL: ieModule - {AD2D52FA-CF82-442D-B0FE-349CED309D3D} - C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\ieModule.dll
O21 - SSODL: InternetConnection - {E02A11E8-7A5F-49C0-805B-DC1811376732} - C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\zksfqsgtlu.dll
O21 - SSODL: CrlfUsViow - {54520706-216E-4913-AB62-83C835BC7C5D} - fkmybckvbrp.dll (file missing)
O22 - SharedTaskScheduler: erajhsf8743kjrngjnf - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\uisaj387dd.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 6063 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ti ces uraditi sledece skinuces Combofix :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe


Promenices naziv combofixa u pr. CF i prebacices isti na usb i pokrenuti na njegovom kompu....

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-02-14.01 - user 2009-02-15 18:40:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2885 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\cf.exe
AV: avast! antivirus 4.8.1296 [VPS 090127-0] *On-access scanning enabled* (Outdated)
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Outdated)
FW: ESET Personal firewall *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\bits.dll
c:\documents and settings\All Users\Application Data\Microsoft\ipdll.dll
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\runit
c:\program files\runit\config.txt
c:\program files\runit\runit_32.exe
c:\program files\runit\runitu_32.exe
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\decfeaaebffbf.dll
c:\windows\system32\drivers\UACdyondlha.sys
c:\windows\system32\Dvbpws.dll
c:\windows\system32\honunuzu.dll
c:\windows\system32\lxuuwpla.ini
c:\windows\system32\mosoraza.dll
c:\windows\system32\olosupor.ini
c:\windows\system32\parodupa.dll
c:\windows\system32\pipibuju.dll
c:\windows\system32\QsuvGfii.ini
c:\windows\system32\QsuvGfii.ini2
c:\windows\system32\ssqPfdAt.dll
c:\windows\system32\svcnost.exe
c:\windows\system32\TDSSkkai.log
c:\windows\system32\TDSSmtve.dat
c:\windows\system32\UACbebiyeib.dll
c:\windows\system32\UACliqftari.log
c:\windows\system32\UACnmchxrse.log
c:\windows\system32\UACnpexnoyv.dat
c:\windows\system32\UACpfakjyxx.dll
c:\windows\system32\UACpskcpanb.dll
c:\windows\system32\UACpxtmavib.log
c:\windows\system32\UACtlrruevo.dll
c:\windows\system32\ujubipip.ini
c:\windows\system32\volosejo.dll
c:\windows\system32\winscenter.exe
c:\windows\system32\YaHOoUvw.ini
c:\windows\system32\YaHOoUvw.ini2
c:\windows\Tasks\akksmgrt.job
c:\windows\vmreg.dll

----- BITS: Possible infected sites -----

hxxp://speedytorrents.net
hxxp://77.74.48.105
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-15 18:09 . 2009-02-15 18:09 200,208 --a------ c:\windows\system32\vumer.dll
2009-02-15 17:41 . 2009-02-15 17:41 <DIR> d-------- c:\program files\Trend Micro
2009-02-15 17:22 . 2009-02-15 17:22 <DIR> d-------- c:\program files\Spyware Doctor
2009-02-15 17:22 . 2009-02-15 17:22 <DIR> d-------- c:\documents and settings\user\Application Data\PC Tools
2009-02-15 17:22 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-02-15 17:22 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-02-15 17:22 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-02-15 17:22 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-02-15 17:16 . 2009-02-15 17:16 <DIR> d-------- c:\program files\System Guard 2009
2009-02-15 17:11 . 2009-02-15 17:23 51,355 --a------ c:\windows\system32\muzika.xm
2009-02-15 16:42 . 2009-02-15 18:03 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-15 14:01 . 2009-02-15 14:01 <DIR> d-------- c:\documents and settings\user\DoctorWeb
2009-02-15 13:04 . 2009-02-15 13:04 133,632 --a------ c:\windows\system32\fkmybckvbrp.dll
2009-02-14 19:58 . 2009-02-14 19:58 <DIR> d-------- c:\documents and settings\user\Application Data\Unity
2009-02-14 19:17 . 2009-02-14 19:17 <DIR> d-------- c:\program files\Unity
2009-02-14 12:23 . 2009-02-14 12:23 42,496 --a------ C:\ybdwodw.exe
2009-02-14 12:23 . 2009-02-15 18:43 0 --a------ c:\windows\system32\drivers\252f02f.sys
2009-02-14 12:21 . 2009-02-14 12:21 <DIR> d-------- c:\program files\Nobilis
2009-02-11 19:05 . 2009-02-11 19:15 <DIR> d-------- c:\program files\MagicISO
2009-02-10 19:49 . 2009-02-10 19:49 <DIR> d-------- c:\documents and settings\user\Application Data\OpenOffice.org
2009-02-10 19:48 . 2009-02-10 19:48 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-02-10 19:48 . 2009-02-10 19:48 <DIR> d-------- c:\program files\JRE
2009-02-10 19:48 . 2009-02-10 19:48 <DIR> d-------- c:\program files\Common Files\Java
2009-02-10 14:47 . 2009-02-10 14:47 6,657,688 --a------ c:\windows\system32\xa700343.exe
2009-02-10 14:47 . 2009-02-10 14:47 6,657,688 --a------ c:\windows\system32\xa700093.exe
2009-02-09 20:27 . 2009-02-09 20:27 6,657,688 --a------ c:\windows\system32\xa46323859.exe
2009-02-09 20:27 . 2009-02-09 20:27 6,657,688 --a------ c:\windows\system32\xa46323562.exe
2009-02-09 17:38 . 2009-02-09 17:38 6,657,688 --a------ c:\windows\system32\xa36141843.exe
2009-02-09 17:38 . 2009-02-09 17:38 6,657,688 --a------ c:\windows\system32\xa36141593.exe
2009-02-09 14:50 . 2009-02-09 14:50 6,657,688 --a------ c:\windows\system32\xa26085796.exe
2009-02-09 14:50 . 2009-02-09 14:50 6,657,688 --a------ c:\windows\system32\xa26085546.exe
2009-02-09 13:31 . 2004-08-18 09:34 442,368 -ra------ c:\windows\system32\vp6vfw.dll
2009-02-08 17:39 . 2009-02-08 17:39 6,657,688 --a------ c:\windows\system32\xa11973531.exe
2009-02-08 17:39 . 2009-02-08 17:39 6,657,688 --a------ c:\windows\system32\xa11973234.exe
2009-02-07 19:37 . 2009-02-07 19:37 <DIR> d-------- c:\program files\mEliteSoftware
2009-02-07 19:36 . 2009-02-07 19:36 <DIR> d-------- c:\windows\system32\URTTEMP
2009-02-07 17:53 . 2009-02-07 17:53 6,657,688 --a------ c:\windows\system32\xa10277671.exe
2009-02-07 17:53 . 2009-02-07 17:53 6,657,688 --a------ c:\windows\system32\xa10277203.exe
2009-02-07 17:52 . 2009-02-07 17:52 6,657,688 --a------ c:\windows\system32\xa10221640.exe
2009-02-07 17:52 . 2009-02-07 17:52 6,657,688 --a------ c:\windows\system32\xa10221125.exe
2009-02-06 18:53 . 2009-02-06 18:53 <DIR> d-------- c:\documents and settings\user\Application Data\Leadertech
2009-02-05 11:03 . 2009-02-05 18:52 <DIR> d-------- c:\program files\PowerISO
2009-02-04 09:42 . 2009-02-04 09:42 279,712 --a------ c:\windows\system32\drivers\atksgt.sys
2009-02-04 09:42 . 2009-02-04 09:42 25,888 --a------ c:\windows\system32\drivers\lirsgt.sys
2009-02-03 20:44 . 2009-02-03 20:44 <DIR> d-------- c:\program files\Hewlett-Packard
2009-02-03 20:44 . 2009-02-03 20:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-03 20:43 . 2007-03-16 18:11 675,840 -ra------ c:\windows\system32\hpowiax3.dll
2009-02-03 20:37 . 2009-02-03 22:06 142,898 --a------ c:\windows\hpoins14.dat
2009-02-03 20:37 . 2008-04-02 09:01 2,000 --------- c:\windows\hpomdl14.dat
2009-02-01 21:23 . 2009-02-10 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-02-01 20:53 . 2009-02-01 20:53 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Xfire
2009-01-31 13:55 . 2009-01-31 13:55 <DIR> d-------- c:\program files\Atari
2009-01-30 23:33 . 2009-02-15 18:32 1,324 --a------ c:\windows\system32\d3d9caps.dat
2009-01-30 15:52 . 2009-02-11 07:30 <DIR> d-------- c:\documents and settings\user\Application Data\BitTorrent
2009-01-30 15:51 . 2009-02-05 18:52 <DIR> d-------- c:\program files\DNA
2009-01-30 15:51 . 2009-02-05 22:09 <DIR> d-------- c:\documents and settings\user\Application Data\DNA
2009-01-30 13:55 . 2009-01-30 13:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2009-01-28 15:39 . 2009-01-28 15:39 <DIR> d-------- c:\program files\DAEMON Tools
2009-01-28 15:39 . 2009-01-28 15:39 <DIR> d-------- c:\documents and settings\user\Application Data\DAEMON Tools Pro
2009-01-28 15:39 . 2009-01-28 15:39 <DIR> d-------- c:\documents and settings\user\Application Data\DAEMON Tools
2009-01-28 15:39 . 2009-01-28 15:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-28 15:28 . 2009-01-31 13:54 <DIR> d-------- c:\documents and settings\user\Application Data\DAEMON Tools Lite
2009-01-27 18:24 . 2009-01-27 18:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2009-01-27 18:14 . 2009-01-27 18:14 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-01-26 20:13 . 2009-02-05 18:52 <DIR> d-------- c:\documents and settings\user\Application Data\Xfire
2009-01-25 18:25 . 2009-01-25 18:25 <DIR> d-------- c:\documents and settings\user\Application Data\AdobeUM
2009-01-25 18:24 . 2009-01-25 18:24 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-25 11:53 . 2009-01-25 11:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\The Learning Company
2009-01-25 11:53 . 2002-06-13 09:09 274,432 --a------ c:\windows\TLCUninstall.exe
2009-01-25 11:52 . 2009-01-25 11:52 0 --a------ c:\windows\SETUP32.INI
2009-01-24 23:21 . 2009-01-24 23:21 <DIR> d-------- c:\program files\The Learning Company
2009-01-24 22:37 . 2009-01-24 22:37 <DIR> d-------- c:\windows\system32\bits
2009-01-24 22:36 . 2009-01-24 22:38 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-24 22:36 . 2008-04-14 05:42 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2009-01-24 22:34 . 2006-12-29 00:31 19,569 --a------ c:\windows\003450_.tmp
2009-01-24 22:21 . 2009-01-24 22:21 <DIR> d-------- C:\ASDASD
2009-01-24 19:40 . 2009-01-24 19:40 <DIR> d-------- c:\program files\Alwil Software
2009-01-24 19:29 . 2009-02-14 12:24 2,145,386,496 --a------ c:\windows\MEMORY.DMP
2009-01-24 19:14 . 2009-01-24 19:14 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-24 18:52 . 2008-04-14 05:39 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-01-24 18:50 . 2009-01-24 18:50 749 -rah----- c:\windows\WindowsShell.Manifest
2009-01-24 18:50 . 2009-01-24 18:50 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-24 18:50 . 2009-01-24 18:50 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-01-24 18:50 . 2009-01-24 18:50 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-01-24 18:50 . 2009-01-24 18:50 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-01-24 18:50 . 2009-01-24 18:50 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-01-24 18:49 . 2001-08-23 11:30 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-01-24 18:48 . 2004-08-03 22:29 44,544 --a------ c:\windows\system32\tscupgrd.exe
2009-01-24 18:48 . 2004-08-03 22:29 44,544 --a--c--- c:\windows\system32\dllcache\tscupgrd.exe
2009-01-24 18:42 . 2008-04-14 05:42 28,672 --a------ c:\windows\system32\vidcap.ax
2009-01-24 07:45 . 2009-01-24 07:45 <DIR> d-------- c:\program files\Kaspersky Lab
2009-01-23 02:18 . 2009-01-23 02:18 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-01-22 12:30 . 2009-01-22 12:30 <DIR> d-------- c:\program files\aquaplay
2009-01-22 12:30 . 2009-01-22 12:30 1,060,864 --a------ c:\windows\system32\mfc71.dll
2009-01-22 12:18 . 2009-02-14 12:23 2 --a------ C:\1087123376
2009-01-22 10:23 . 2009-01-22 10:23 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-21 21:55 . 2009-01-21 21:55 <DIR> d-------- c:\program files\Common Files\DirectX
2009-01-21 20:22 . 2009-02-10 20:40 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-21 20:22 . 2009-01-21 20:22 1,409 --a------ c:\windows\QTFont.for
2009-01-21 20:14 . 2009-01-21 20:14 <DIR> d-------- c:\windows\system32\drivers\umdf
2009-01-21 20:13 . 2009-01-21 20:13 <DIR> d-------- c:\windows\system32\xlive
2009-01-21 20:13 . 2009-01-22 11:17 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-01-21 20:13 . 2009-01-22 12:14 77,081 --a------ c:\windows\setupapi.old
2009-01-21 19:53 . 2009-01-30 13:54 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-21 19:52 . 2009-01-21 19:52 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-21 19:52 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2009-01-21 12:28 . 2009-01-21 12:28 <DIR> d-------- c:\program files\Testovi Srpski
2009-01-20 18:14 . 2009-01-20 18:14 <DIR> d-------- c:\documents and settings\user\Application Data\Yahoo!
2009-01-20 18:14 . 2009-01-20 18:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-20 18:14 . 2009-01-20 18:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-20 18:13 . 2009-01-20 18:14 <DIR> d-------- c:\program files\Yahoo!
2009-01-20 16:30 . 2009-02-11 19:58 <DIR> d-------- c:\program files\McDonaldsDragons
2009-01-20 11:25 . 2009-01-20 11:25 <DIR> d-------- c:\windows\Sun
2009-01-20 05:39 . 2009-01-20 05:39 23 --a------ c:\windows\BlendSettings.ini
2009-01-20 01:11 . 2009-01-20 01:11 <DIR> d-------- C:\EmergencyUtils
2009-01-20 00:51 . 2009-01-20 00:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-01-20 00:25 . 2009-01-20 00:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\TrackMania
2009-01-19 23:34 . 2009-01-19 23:34 <DIR> d-------- c:\documents and settings\user\Application Data\CyberLink
2009-01-19 09:16 . 2009-01-19 09:16 0 --a------ c:\windows\hpqEmlSz.INI
2009-01-19 09:14 . 2009-01-19 09:14 <DIR> d-------- c:\documents and settings\user\Application Data\HP
2009-01-19 03:36 . 2009-01-19 03:36 <DIR> d-------- c:\documents and settings\user\Application Data\Microsoft Games
2009-01-17 23:56 . 2009-01-17 23:56 <DIR> d--hs---- C:\$RECYCLE.BIN
2009-01-17 23:46 . 2009-01-17 23:46 <DIR> d--hs---- C:\Boot
2009-01-17 23:46 . 2006-11-02 10:53 438,840 -rahs---- C:\bootmgr
2009-01-17 23:46 . 2009-01-17 23:46 8,192 -ra-s---- C:\BOOTSECT.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 13:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-10 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-10 18:54 --------- d-----w c:\program files\MSBuild
2009-02-01 12:55 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-01-28 14:28 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-24 21:46 159,744 ----a-w c:\windows\system32\NEROCHECK.EXE
2009-01-24 21:44 57,344 ----a-w c:\windows\ALCMTR.EXE
2009-01-24 21:44 --------- d-----w c:\program files\Opera
2009-01-24 21:30 472,576 ----a-w C:\dxsetup.exe
2009-01-24 18:07 16,608 ----a-w c:\windows\gdrv.sys
2009-01-22 10:32 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2009-01-22 10:32 110,592 ----a-w c:\windows\system32\OpenAL32.dll
2009-01-20 22:10 --------- d-----w c:\program files\Ubisoft
2009-01-20 22:10 --------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft
2009-01-19 08:12 --------- d-----w c:\program files\ATI Technologies
2009-01-18 23:42 --------- d-----w c:\program files\QuickTime
2009-01-17 12:54 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-01-15 09:12 --------- d-----w c:\program files\Gigabyte
2009-01-14 15:27 --------- d-----w c:\documents and settings\user\Application Data\InstallShield
2009-01-14 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-01-14 15:03 --------- d-----w c:\documents and settings\user\Application Data\Ulead Systems
2009-01-14 15:00 --------- d-----w c:\program files\SmartSound Software
2009-01-14 15:00 --------- d-----w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-01-14 14:59 --------- d-----w c:\program files\Windows Media Components
2009-01-14 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2009-01-14 14:58 --------- d-----w c:\program files\Ulead Systems
2009-01-14 14:58 --------- d-----w c:\program files\Common Files\Ulead Systems
2009-01-14 14:58 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-14 14:40 --------- d-----w c:\program files\WinFast
2009-01-14 14:15 --------- d-----w c:\program files\Realtek
2009-01-13 16:17 --------- d-----w c:\program files\Foxit Software
2009-01-13 16:00 --------- d-----w c:\program files\Futuremark
2009-01-13 15:24 --------- d-----w c:\documents and settings\user\Application Data\Media Player Classic
2009-01-13 14:32 --------- d-----w c:\program files\Ahead
2009-01-13 14:32 --------- d-----w c:\documents and settings\user\Application Data\ACD Systems
2009-01-13 14:31 --------- d-----w c:\program files\Common Files\Ahead
2009-01-13 14:30 --------- d-----w c:\program files\Winamp
2009-01-13 14:30 --------- d-----w c:\documents and settings\user\Application Data\Winamp
2009-01-13 14:29 --------- d-----w c:\program files\CyberLink
2009-01-13 14:29 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-01-13 14:28 --------- d-----w c:\program files\Webteh
2009-01-13 14:28 --------- d-----w c:\program files\Common Files\ACD Systems
2009-01-13 14:28 --------- d-----w c:\program files\ACD Systems
2009-01-13 14:28 --------- d-----w c:\documents and settings\user\Application Data\BSplayer Pro
2009-01-13 14:28 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-13 14:27 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-13 14:15 --------- d-----w c:\program files\Common Files\ATI Technologies
2009-01-13 14:07 315,392 ----a-w c:\windows\HideWin.exe
2009-01-13 14:04 --------- d-----w c:\program files\Intel
2009-01-13 14:04 --------- d-----w c:\program files\Browser Configuration Utility
2009-01-13 13:59 --------- d-----w c:\program files\microsoft frontpage
2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll
2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll
2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-12-01 13:35 593,920 ----a-w c:\windows\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD}"= "c:\windows\system32\dvmurl.dll" [2008-05-02 146528]

[HKEY_CLASSES_ROOT\clsid\{0063bf63-bfff-4b8f-9d26-4267df7f17dd}]
[HKEY_CLASSES_ROOT\dvmurl.DvmIEGoogleSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2502BBD0-D73B-11DD-B4EC-CEBF56D89593}]
2009-02-15 18:09 200208 --a------ c:\windows\system32\vumer.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-01-24 2850816]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"systemguard"="c:\program files\System Guard 2009\systemguard.exe" [2009-02-15 1007104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2008-04-14 05:41 625664 c:\windows\system32\catsrvut.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"msacm.divxa32"= msaud32_divx.acm
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^p2pmax.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\p2pmax.lnk
backup=c:\windows\pss\p2pmax.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^runit_32.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\runit_32.lnk
backup=c:\windows\pss\runit_32.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
= [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-01-30 15:51 342848 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2008-12-29 11:40 687560 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-29 11:40 687560 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a------ 2009-01-24 22:32 133104 c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2009-01-24 22:42 151552 c:\program files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2009-01-24 22:46 159744 c:\windows\system32\NEROCHECK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-11-02 09:38 167936 d:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-24 22:44 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
--a------ 2009-01-24 22:45 111856 c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-01-24 22:43 239000 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\systemguard]
--a------ 2009-02-15 17:16 1007104 c:\program files\System Guard 2009\systemguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2009-01-24 22:45 90112 c:\program files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]
--a------ 2009-01-24 22:45 126976 c:\program files\Yahoo!\Common\YMailAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2009-01-24 22:45 111856 c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
-ra------ 2008-06-19 09:42 2808832 c:\windows\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2008-06-27 04:23 16875008 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2008-06-18 11:01 77824 c:\windows\SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"YahooAUService"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"GEST Service"=2 (0x2)
"FAH@D:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe"=2 (0x2)
"FAH@D:+Program Files+Deep Silver+Sacred 2 - Fallen Angel+system+FAH.exe"=2 (0x2)
"FAH@D:+Program Files+Deep Silver+Sacred 2 - Fallen Angel+FAH.exe"=2 (0x2)
"ES lite Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Codemasters\\Rise of the Argonauts\\Binaries\\RiseOfTheArgonauts.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"d:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"d:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Gigabyte\\EnergySaver\\GSvr.exe"=
"c:\\Program Files\\Gigabyte\\EasySaver\\ESSVR.EXE"=
"c:\\Documents and Settings\\user\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\WINDOWS\\ALCMTR.EXE"=
"c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"=
"c:\\Program Files\\Common Files\\Ulead Systems\\DVD\\ULCDRSvr.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DTVSchdl.exe"=
"d:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\HP\\Smart Web Printing\\hpswp_clipbook.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\WFWIZ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"d:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\ytbb.exe"=
"d:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"d:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FAH.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"d:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"d:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
"d:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe"=
"c:\\cf\\NirCmd.cfexe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-24 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-24 20560]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [2009-01-14 9446]
S1 c0392aa0;c0392aa0;c:\windows\system32\drivers\c0392aa0.sys --> c:\windows\system32\drivers\c0392aa0.sys [?]
S3 garenapengine;GarenaPEngine;\??\c:\docume~1\user\LOCALS~1\Temp\OXG2.tmp --> c:\docume~1\user\LOCALS~1\Temp\OXG2.tmp [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-15 356920]
S4 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" --> c:\program files\ESET\ESET Smart Security\ekrn.exe [?]
S4 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-01-13 73728]
S4 FAH@D:+Program Files+Deep Silver+Sacred 2 - Fallen Angel+FAH.exe;FAH@D:+Program Files+Deep Silver+Sacred 2 - Fallen Angel+FAH.exe;d:\program files\Deep Silver\Sacred 2 - Fallen Angel\FAH.exe -svcstart --> d:\program files\Deep Silver\Sacred 2 - Fallen Angel\FAH.exe -svcstart [?]
S4 FAH@D:+Program Files+Deep Silver+Sacred 2 - Fallen Angel+system+FAH.exe;FAH@D:+Program Files+Deep Silver+Sacred 2 - Fallen Angel+system+FAH.exe;d:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\FAH.exe -svcstart --> d:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\FAH.exe -svcstart [?]
S4 FAH@D:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe;FAH@D:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe;d:\program files\Ubisoft\Far Cry 2\bin\FAH.exe -svcstart --> d:\program files\Ubisoft\Far Cry 2\bin\FAH.exe -svcstart [?]
S4 GEST Service;GEST Service for program management.;c:\program files\Gigabyte\EnergySaver\GSvr.exe [2009-01-14 80392]
S4 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe
\Shell\install\command - F:\setup.exe
\Shell\install1\command - DirectX\DXSETUP.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\FrameworkCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65c5d6b2-f125-11dd-a120-001fd09550d2}]
\ShelL\AutoPlay\command - kelbn.pif
\ShelL\AutoRun\command - kelbn.pif
\ShelL\eXpLOre\CoMmAnd - kelbn.pif
\ShelL\open\CoMMand - kelbn.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65c5d6b3-f125-11dd-a120-001fd09550d2}]
\Shell\AuTOplay\command - H:\dioomk.cmd
\Shell\AutoRun\command - H:\dioomk.cmd
\Shell\expLore\commaND - H:\dioomk.cmd
\Shell\open\CommaNd - H:\dioomk.cmd
.
Contents of the 'Scheduled Tasks' folder

2009-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1343024091-1801674531-1003.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-24 22:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{3cd53324-393a-46c3-bc63-bfa26937d35a} - c:\windows\system32\fefiyiri.dll
BHO-{D5BF4552-94F1-42BD-F434-3604812C807D} - c:\windows\system32\uisaj387dd.dll
SharedTaskScheduler-{D5BF4552-94F1-42BD-F434-3604812C807D} - c:\windows\system32\uisaj387dd.dll
SSODL-CrlfUsViow-{54520706-216E-4913-AB62-83C835BC7C5D} - fkmybckvbrp.dll
MSConfigStartUp-40cc2f1f - c:\windows\system32\pipibuju.dll
MSConfigStartUp-cpm43ff1c83 - c:\windows\system32\nugebini.dll
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
MSConfigStartUp-jotikemeti - c:\windows\system32\honunuzu.dll
MSConfigStartUp-lrijh8s73jhbfgfd - c:\docume~1\user\LOCALS~1\Temp\winlognn.exe
MSConfigStartUp-svchost - c:\windows\system32\svcnost.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 18:42:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\de519eedcadabdc57adab544994d0f00.sys 39936 bytes executable
c:\windows\system32\_de519eedcadabdc57adab544994d0f00.sys_.vir 39936 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\FAH@D:+Program Files+Deep Silver+Sacred 2 - Fallen Angel+FAH.exe]
"ImagePath"="d:\program files\Deep Silver\Sacred 2 - Fallen Angel\FAH.exe -svcstart"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\FAH@D:+Program Files+Deep Silver+Sacred 2 - Fallen Angel+system+FAH.exe]
"ImagePath"="d:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\FAH.exe -svcstart"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\FAH@D:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe]

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\de519eedcadabdc57adab544994d0f00]
"ImagePath"="system32\de519eedcadabdc57adab544994d0f00.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\garenapengine]
"ImagePath"="\??\c:\docume~1\user\LOCALS~1\Temp\OXG2.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\252f02f]
"ImagePath"="\SystemRoot\System32\drivers\252f02f.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\s-1-5-21-484763869-1343024091-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:dd,0a,15,9a,2e,75,6d,6a,55,60,f6,e5,85,cf,3f,f9,11,f6,d1,91,87,af,2c,
2d,41,ca,90,45,b6,23,39,e0,c5,3b,7c,9b,0f,42,ed,e8,5d,39,0c,48,90,f7,34,6e,\
"??"=hex:77,4f,82,e5,3a,6e,27,31,e7,f6,21,c9,c7,9b,a8,1a

[HKEY_USERS\s-1-5-21-484763869-1343024091-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:e6,ee,3b,5c,4d,8e,ab,04,51,e1,62,61,81,06,cf,62,e7,cd,32,4a,dd,
c0,41,d5,7f,00,68,11,cc,81,a8,fd,01,6a,a3,47,f5,68,eb,3b,09,f1,ce,9c,96,60,\
"rkeysecu"=hex:7c,75,f1,77,63,d6,c5,55,fe,a2,c8,50,3e,96,16,28
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1068-)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-02-15 18:44:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 17:44:35
ComboFix2.txt 2009-01-24 18:09:27

Pre-Run: 21,973,716,992 bytes free
Post-Run: 22,328,406,016 bytes free

Current=7 Default=7 Failed=6 LastKnownGood=5 Sets=1,2,3,4,5,6,7
534

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pre nego sto nastavimo neka obrise Eset ili Avast, kako pri pustanju skripte ne bi nastao haos....

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izbrisao je nod

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Neka obavezno iskljuci Avast....

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\vumer.dll
c:\windows\system32\fkmybckvbrp.dll
C:\ybdwodw.exe
c:\windows\system32\drivers\c0392aa0.sys
c:\windows\system32\drivers\252f02f.sys

Folder::
c:\program files\System Guard 2009
c:\program files\aquaplay

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2502BBD0-D73B-11DD-B4EC-CEBF56D89593}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"systemguard"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\systemguard]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65c5d6b2-f125-11dd-a120-001fd09550d2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65c5d6b3-f125-11dd-a120-001fd09550d2}]

Rootkit::
c:\windows\system32\de519eedcadabdc57adab544994d0f00.sys
c:\windows\system32\_de519eedcadabdc57adab544994d0f00.sys_.vir

Driver::
c0392aa0
252f02f
de519eedcadabdc57adab544994d0f00

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

ComboFix 09-02-14.01 - user 2009-02-15 22:21:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2800 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\cf.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090127-0] *On-access scanning enabled* (Outdated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\drivers\252f02f.sys
c:\windows\system32\drivers\c0392aa0.sys
c:\windows\system32\fkmybckvbrp.dll
c:\windows\system32\vumer.dll
C:\ybdwodw.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\aquaplay
c:\program files\aquaplay\Uninstall.exe
c:\program files\System Guard 2009
c:\program files\System Guard 2009\conf.cfg
c:\program files\System Guard 2009\mbase.vdb
c:\program files\System Guard 2009\quarantine.vdb
c:\program files\System Guard 2009\queue.vdb
c:\program files\System Guard 2009\systemguard.exe
c:\program files\System Guard 2009\uninstall.exe
c:\program files\System Guard 2009\vbase.vdb
c:\windows\system32\_de519eedcadabdc57adab544994d0f00.sys_.vir
c:\windows\system32\drivers\252f02f.sys
c:\windows\system32\fkmybckvbrp.dll
c:\windows\system32\vumer.dll
C:\ybdwodw.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DE519EEDCADABDC57ADAB544994D0F00
-------\Service_252f02f
-------\Service_c0392aa0


((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-15 19:15 . 2008-07-01 09:04 30,728 --a------ c:\windows\system32\drivers\epfwndis.sys
2009-02-15 17:41 . 2009-02-15 17:41 <DIR> d-------- c:\program files\Trend Micro
2009-02-15 17:22 . 2009-02-15 17:22 <DIR> d-------- c:\program files\Spyware Doctor
2009-02-15 17:22 . 2009-02-15 17:22 <DIR> d-------- c:\documents and settings\user\Application Data\PC Tools
2009-02-15 17:22 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-02-15 17:22 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-02-15 17:22 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-02-15 17:22 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-02-15 17:11 . 2009-02-15 17:23 51,355 --a------ c:\windows\system32\muzika.xm
2009-02-15 16:42 . 2009-02-15 18:03 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-15 14:01 . 2009-02-15 14:01 <DIR> d-------- c:\documents and settings\user\DoctorWeb
2009-02-14 19:58 . 2009-02-14 19:58 <DIR> d-------- c:\documents and settings\user\Application Data\Unity
2009-02-14 19:17 . 2009-02-14 19:17 <DIR> d-------- c:\program files\Unity
2009-02-14 12:21 . 2009-02-14 12:21 <DIR> d-------- c:\program files\Nobilis
2009-02-11 19:05 . 2009-02-11 19:15 <DIR> d-------- c:\program files\MagicISO
2009-02-10 19:49 . 2009-02-10 19:49 <DIR> d-------- c:\documents and settings\user\Application Data\OpenOffice.org
2009-02-10 19:48 . 2009-02-10 19:48 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-02-10 19:48 . 2009-02-10 19:48 <DIR> d-------- c:\program files\JRE
2009-02-10 19:48 . 2009-02-10 19:48 <DIR> d-------- c:\program files\Common Files\Java
2009-02-10 14:47 . 2009-02-10 14:47 6,657,688 --a------ c:\windows\system32\xa700343.exe
2009-02-10 14:47 . 2009-02-10 14:47 6,657,688 --a------ c:\windows\system32\xa700093.exe
2009-02-09 20:27 . 2009-02-09 20:27 6,657,688 --a------ c:\windows\system32\xa46323859.exe
2009-02-09 20:27 . 2009-02-09 20:27 6,657,688 --a------ c:\windows\system32\xa46323562.exe
2009-02-09 17:38 . 2009-02-09 17:38 6,657,688 --a------ c:\windows\system32\xa36141843.exe
2009-02-09 17:38 . 2009-02-09 17:38 6,657,688 --a------ c:\windows\system32\xa36141593.exe
2009-02-09 14:50 . 2009-02-09 14:50 6,657,688 --a------ c:\windows\system32\xa26085796.exe
2009-02-09 14:50 . 2009-02-09 14:50 6,657,688 --a------ c:\windows\system32\xa26085546.exe
2009-02-09 13:31 . 2004-08-18 09:34 442,368 -ra------ c:\windows\system32\vp6vfw.dll
2009-02-08 17:39 . 2009-02-08 17:39 6,657,688 --a------ c:\windows\system32\xa11973531.exe
2009-02-08 17:39 . 2009-02-08 17:39 6,657,688 --a------ c:\windows\system32\xa11973234.exe
2009-02-07 19:37 . 2009-02-07 19:37 <DIR> d-------- c:\program files\mEliteSoftware
2009-02-07 19:36 . 2009-02-07 19:36 <DIR> d-------- c:\windows\system32\URTTEMP
2009-02-07 17:53 . 2009-02-07 17:53 6,657,688 --a------ c:\windows\system32\xa10277671.exe
2009-02-07 17:53 . 2009-02-07 17:53 6,657,688 --a------ c:\windows\system32\xa10277203.exe
2009-02-07 17:52 . 2009-02-07 17:52 6,657,688 --a------ c:\windows\system32\xa10221640.exe
2009-02-07 17:52 . 2009-02-07 17:52 6,657,688 --a------ c:\windows\system32\xa10221125.exe
2009-02-06 18:53 . 2009-02-06 18:53 <DIR> d-------- c:\documents and settings\user\Application Data\Leadertech
2009-02-05 11:03 . 2009-02-05 18:52 <DIR> d-------- c:\program files\PowerISO
2009-02-04 09:42 . 2009-02-04 09:42 279,712 --a------ c:\windows\system32\drivers\atksgt.sys
2009-02-04 09:42 . 2009-02-04 09:42 25,888 --a------ c:\windows\system32\drivers\lirsgt.sys
2009-02-03 20:44 . 2009-02-03 20:44 <DIR> d-------- c:\program files\Hewlett-Packard
2009-02-03 20:44 . 2009-02-03 20:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-03 20:43 . 2007-03-16 18:11 675,840 -ra------ c:\windows\system32\hpowiax3.dll
2009-02-03 20:37 . 2009-02-03 22:06 142,898 --a------ c:\windows\hpoins14.dat
2009-02-03 20:37 . 2008-04-02 09:01 2,000 --------- c:\windows\hpomdl14.dat
2009-02-01 21:23 . 2009-02-10 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-02-01 20:53 . 2009-02-01 20:53 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Xfire
2009-01-31 13:55 . 2009-01-31 13:55 <DIR> d-------- c:\program files\Atari
2009-01-30 23:33 . 2009-02-15 18:32 1,324 --a------ c:\windows\system32\d3d9caps.dat
2009-01-30 15:52 . 2009-02-11 07:30 <DIR> d-------- c:\documents and settings\user\Application Data\BitTorrent
2009-01-30 15:51 . 2009-02-05 18:52 <DIR> d-------- c:\program files\DNA
2009-01-30 15:51 . 2009-02-05 22:09 <DIR> d-------- c:\documents and settings\user\Application Data\DNA
2009-01-30 13:55 . 2009-01-30 13:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2009-01-28 15:39 . 2009-01-28 15:39 <DIR> d-------- c:\program files\DAEMON Tools
2009-01-28 15:39 . 2009-01-28 15:39 <DIR> d-------- c:\documents and settings\user\Application Data\DAEMON Tools Pro
2009-01-28 15:39 . 2009-01-28 15:39 <DIR> d-------- c:\documents and settings\user\Application Data\DAEMON Tools
2009-01-28 15:39 . 2009-01-28 15:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-28 15:28 . 2009-01-31 13:54 <DIR> d-------- c:\documents and settings\user\Application Data\DAEMON Tools Lite
2009-01-27 18:24 . 2009-01-27 18:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2009-01-27 18:14 . 2009-01-27 18:14 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-01-26 20:13 . 2009-02-05 18:52 <DIR> d-------- c:\documents and settings\user\Application Data\Xfire
2009-01-25 18:25 . 2009-01-25 18:25 <DIR> d-------- c:\documents and settings\user\Application Data\AdobeUM
2009-01-25 18:24 . 2009-01-25 18:24 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-25 11:53 . 2009-01-25 11:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\The Learning Company
2009-01-25 11:53 . 2002-06-13 09:09 274,432 --a------ c:\windows\TLCUninstall.exe
2009-01-25 11:52 . 2009-01-25 11:52 0 --a------ c:\windows\SETUP32.INI
2009-01-24 23:21 . 2009-01-24 23:21 <DIR> d-------- c:\program files\The Learning Company
2009-01-24 22:37 . 2009-01-24 22:37 <DIR> d-------- c:\windows\system32\bits
2009-01-24 22:36 . 2009-01-24 22:38 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-24 22:36 . 2008-04-14 05:42 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2009-01-24 22:34 . 2006-12-29 00:31 19,569 --a------ c:\windows\003450_.tmp
2009-01-24 22:21 . 2009-01-24 22:21 <DIR> d-------- C:\ASDASD
2009-01-24 19:40 . 2009-01-24 19:40 <DIR> d-------- c:\program files\Alwil Software
2009-01-24 19:29 . 2009-02-14 12:24 2,145,386,496 --a------ c:\windows\MEMORY.DMP
2009-01-24 19:14 . 2009-01-24 19:14 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-24 18:52 . 2008-04-14 05:39 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-01-24 18:50 . 2009-01-24 18:50 749 -rah----- c:\windows\WindowsShell.Manifest
2009-01-24 18:50 . 2009-01-24 18:50 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-24 18:50 . 2009-01-24 18:50 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-01-24 18:50 . 2009-01-24 18:50 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-01-24 18:50 . 2009-01-24 18:50 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-01-24 18:50 . 2009-01-24 18:50 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-01-24 18:49 . 2001-08-23 11:30 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-01-24 18:48 . 2004-08-03 22:29 44,544 --a------ c:\windows\system32\tscupgrd.exe
2009-01-24 18:48 . 2004-08-03 22:29 44,544 --a--c--- c:\windows\system32\dllcache\tscupgrd.exe
2009-01-24 18:42 . 2008-04-14 05:42 28,672 --a------ c:\windows\system32\vidcap.ax
2009-01-24 07:45 . 2009-01-24 07:45 <DIR> d-------- c:\program files\Kaspersky Lab
2009-01-23 02:18 . 2009-01-23 02:18 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-01-22 12:30 . 2009-01-22 12:30 1,060,864 --a------ c:\windows\system32\mfc71.dll
2009-01-22 12:18 . 2009-02-14 12:23 2 --a------ C:\1087123376
2009-01-22 10:23 . 2009-01-22 10:23 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-21 21:55 . 2009-01-21 21:55 <DIR> d-------- c:\program files\Common Files\DirectX
2009-01-21 20:22 . 2009-02-10 20:40 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-21 20:22 . 2009-01-21 20:22 1,409 --a------ c:\windows\QTFont.for
2009-01-21 20:14 . 2009-01-21 20:14 <DIR> d-------- c:\windows\system32\drivers\umdf
2009-01-21 20:13 . 2009-01-21 20:13 <DIR> d-------- c:\windows\system32\xlive
2009-01-21 20:13 . 2009-01-22 11:17 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-01-21 20:13 . 2009-01-22 12:14 77,081 --a------ c:\windows\setupapi.old
2009-01-21 19:53 . 2009-01-30 13:54 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-21 19:52 . 2009-01-21 19:52 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-21 19:52 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2009-01-21 12:28 . 2009-01-21 12:28 <DIR> d-------- c:\program files\Testovi Srpski
2009-01-20 18:14 . 2009-01-20 18:14 <DIR> d-------- c:\documents and settings\user\Application Data\Yahoo!
2009-01-20 18:14 . 2009-01-20 18:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-20 18:14 . 2009-01-20 18:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-20 18:13 . 2009-01-20 18:14 <DIR> d-------- c:\program files\Yahoo!
2009-01-20 16:30 . 2009-02-11 19:58 <DIR> d-------- c:\program files\McDonaldsDragons
2009-01-20 11:25 . 2009-01-20 11:25 <DIR> d-------- c:\windows\Sun
2009-01-20 05:39 . 2009-01-20 05:39 23 --a------ c:\windows\BlendSettings.ini
2009-01-20 01:11 . 2009-01-20 01:11 <DIR> d-------- C:\EmergencyUtils
2009-01-20 00:51 . 2009-01-20 00:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-01-20 00:25 . 2009-01-20 00:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\TrackMania
2009-01-19 23:34 . 2009-01-19 23:34 <DIR> d-------- c:\documents and settings\user\Application Data\CyberLink
2009-01-19 09:16 . 2009-01-19 09:16 0 --a------ c:\windows\hpqEmlSz.INI
2009-01-19 09:14 . 2009-01-19 09:14 <DIR> d-------- c:\documents and settings\user\Application Data\HP
2009-01-19 03:36 . 2009-01-19 03:36 <DIR> d-------- c:\documents and settings\user\Application Data\Microsoft Games
2009-01-17 23:56 . 2009-01-17 23:56 <DIR> d--hs---- C:\$RECYCLE.BIN
2009-01-17 23:46 . 2009-01-17 23:46 <DIR> d--hs---- C:\Boot
2009-01-17 23:46 . 2006-11-02 10:53 438,840 -rahs---- C:\bootmgr
2009-01-17 23:46 . 2009-01-17 23:46 8,192 -ra-s---- C:\BOOTSECT.BAK
2009-01-17 14:42 . 2009-01-17 14:42 <DIR> d-------- c:\documents and settings\user\Application Data\ESET
2009-01-17 14:22 . 2009-01-17 14:22 1,905 --a------ c:\windows\diagwrn.xml
2009-01-17 14:22 . 2009-01-17 14:22 1,905 --a------ c:\windows\diagerr.xml
2009-01-17 14:20 . 2009-01-17 14:20 <DIR> d-------- c:\documents and settings\user\Application Data\Ubisoft
2009-01-17 13:37 . 2009-01-17 13:37 <DIR> d-------- c:\documents and settings\user\Application Data\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 13:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-10 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-10 18:54 --------- d-----w c:\program files\MSBuild
2009-02-01 12:55 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-01-28 14:28 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-24 21:44 57,344 ----a-w c:\windows\ALCMTR.EXE
2009-01-24 21:44 --------- d-----w c:\program files\Opera
2009-01-24 21:30 472,576 ----a-w C:\dxsetup.exe
2009-01-24 18:07 16,608 ----a-w c:\windows\gdrv.sys
2009-01-20 22:10 --------- d-----w c:\program files\Ubisoft
2009-01-20 22:10 --------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft
2009-01-19 08:12 --------- d-----w c:\program files\ATI Technologies
2009-01-18 23:42 --------- d-----w c:\program files\QuickTime
2009-01-17 12:54 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-01-15 09:12 --------- d-----w c:\program files\Gigabyte
2009-01-14 15:27 --------- d-----w c:\documents and settings\user\Application Data\InstallShield
2009-01-14 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-01-14 15:03 --------- d-----w c:\documents and settings\user\Application Data\Ulead Systems
2009-01-14 15:00 --------- d-----w c:\program files\SmartSound Software
2009-01-14 15:00 --------- d-----w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-01-14 14:59 --------- d-----w c:\program files\Windows Media Components
2009-01-14 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2009-01-14 14:58 --------- d-----w c:\program files\Ulead Systems
2009-01-14 14:58 --------- d-----w c:\program files\Common Files\Ulead Systems
2009-01-14 14:58 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-14 14:40 --------- d-----w c:\program files\WinFast
2009-01-14 14:15 --------- d-----w c:\program files\Realtek
2009-01-13 16:17 --------- d-----w c:\program files\Foxit Software
2009-01-13 16:00 --------- d-----w c:\program files\Futuremark
2009-01-13 15:24 --------- d-----w c:\documents and settings\user\Application Data\Media Player Classic
2009-01-13 14:32 --------- d-----w c:\program files\Ahead
2009-01-13 14:32 --------- d-----w c:\documents and settings\user\Application Data\ACD Systems
2009-01-13 14:31 --------- d-----w c:\program files\Common Files\Ahead
2009-01-13 14:30 --------- d-----w c:\program files\Winamp
2009-01-13 14:30 --------- d-----w c:\documents and settings\user\Application Data\Winamp
2009-01-13 14:29 --------- d-----w c:\program files\CyberLink
2009-01-13 14:29 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-01-13 14:28 --------- d-----w c:\program files\Webteh
2009-01-13 14:28 --------- d-----w c:\program files\Common Files\ACD Systems
2009-01-13 14:28 --------- d-----w c:\program files\ACD Systems
2009-01-13 14:28 --------- d-----w c:\documents and settings\user\Application Data\BSplayer Pro
2009-01-13 14:28 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-13 14:27 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-13 14:15 --------- d-----w c:\program files\Common Files\ATI Technologies
2009-01-13 14:07 315,392 ----a-w c:\windows\HideWin.exe
2009-01-13 14:04 --------- d-----w c:\program files\Intel
2009-01-13 14:04 --------- d-----w c:\program files\Browser Configuration Utility
2009-01-13 13:59 --------- d-----w c:\program files\microsoft frontpage
2008-11-27 04:45 99,840 ----a-w c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2008-11-27 04:45 769,024 ----a-w c:\windows\pchealth\helpctr\binaries\helpctr.exe
2008-11-27 04:45 6,656 ----a-w c:\windows\pchealth\helpctr\binaries\HCAppRes.dll
2008-11-27 04:45 39,424 ----a-w c:\windows\AppPatch\AcAdProc.dll
2008-11-27 04:45 35,328 ----a-w c:\windows\pchealth\helpctr\binaries\notiflag.exe
2008-11-27 04:45 21,504 ----a-w c:\windows\pchealth\helpctr\binaries\brpinfo.dll
2008-11-27 04:45 16,535 ----a-r c:\windows\SET8.tmp
2008-11-27 04:45 1,296,669 ----a-r c:\windows\SET3.tmp
2008-11-27 04:45 1,088,840 ----a-r c:\windows\SET4.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-02-15_18.44.11.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-15 21:24:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_788.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD}"= "c:\windows\system32\dvmurl.dll" [2008-05-02 146528]

[HKEY_CLASSES_ROOT\clsid\{0063bf63-bfff-4b8f-9d26-4267df7f17dd}]
[HKEY_CLASSES_ROOT\dvmurl.DvmIEGoogleSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-01-24 2850816]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2008-04-14 05:41 625664 c:\windows\system32\catsrvut.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"msacm.divxa32"= msaud32_divx.acm
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^p2pmax.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\p2pmax.lnk
backup=c:\windows\pss\p2pmax.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^runit_32.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\runit_32.lnk
backup=c:\windows\pss\runit_32.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
= [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-01-30 15:51 342848 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2008-12-29 11:40 687560 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-29 11:40 687560 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a------ 2009-01-24 22:32 133104 c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2009-01-24 22:42 151552 c:\program files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2009-01-24 22:46 159744 c:\windows\system32\NEROCHECK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-11-02 09:38 167936 d:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-24 22:44 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
--a------ 2009-01-24 22:45 111856 c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-01-24 22:43 239000 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2009-01-24 22:45 90112 c:\program files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]
--a------ 2009-01-24 22:45 126976 c:\program files\Yahoo!\Common\YMailAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2009-01-24 22:45 111856 c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
-ra------ 2008-06-19 09:42 2808832 c:\windows\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2008-06-27 04:23 16875008 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2008-06-18 11:01 77824 c:\windows\SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"YahooAUService"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"GEST Service"=2 (0x2)
"FAH@D:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe"=2 (0x2)
"FAH@D:+Program Files+Deep Silver+Sacred 2 - Fallen Angel+system+FAH.exe"=2 (0x2)
"FAH@D:+Program Files+Deep Silver+Sacred 2 - Fallen Angel+FAH.exe"=2 (0x2)
"ES lite Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Codemasters\\Rise of the Argonauts\\Binaries\\RiseOfTheArgonauts.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"d:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"d:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Gigabyte\\EnergySaver\\GSvr.exe"=
"c:\\Program Files\\Gigabyte\\EasySaver\\ESSVR.EXE"=
"c:\\Documents and Settings\\user\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\WINDOWS\\ALCMTR.EXE"=
"c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"=
"c:\\Program Files\\Common Files\\Ulead Systems\\DVD\\ULCDRSvr.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DTVSchdl.exe"=
"d:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\HP\\Smart Web Printing\\hpswp_clipbook.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\WFWIZ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"d:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\ytbb.exe"=
"d:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"d:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FAH.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"d:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"d:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
"d:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe"=
"c:\\cf\\NirCmd.cfexe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-24 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-24 20560]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [2009-01-14 9446]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\LOCALS~1\Temp\YDQ2.tmp --> c:\docume~1\user\LOCALS~1\Temp\YDQ2.tmp [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-15 356920]
S4 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" --> c:\program files\ESET\ESET Smart Security\ekrn.exe [?]
S4 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-01-13 73728]
S4 FAH@D:+Program Files+Deep Silver+Sacred 2 - Fallen Angel+FAH.exe;FAH@D:+Program Files+Deep Silver+Sacred 2 - Fallen Angel+FAH.exe;d:\program files\Deep Silver\Sacred 2 - Fallen Angel\FAH.exe -svcstart --> d:\program files\Deep Silver\Sacred 2 - Fallen Angel\FAH.exe -svcstart [?]
S4 FAH@D:+Program Files+Deep Silver+Sacred 2 - Fallen Angel+system+FAH.exe;FAH@D:+Program Files+Deep Silver+Sacred 2 - Fallen Angel+system+FAH.exe;d:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\FAH.exe -svcstart --> d:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\FAH.exe -svcstart [?]
S4 FAH@D:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe;FAH@D:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe;d:\program files\Ubisoft\Far Cry 2\bin\FAH.exe -svcstart --> d:\program files\Ubisoft\Far Cry 2\bin\FAH.exe -svcstart [?]
S4 GEST Service;GEST Service for program management.;c:\program files\Gigabyte\EnergySaver\GSvr.exe [2009-01-14 80392]
S4 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe
\Shell\install\command - F:\setup.exe
\Shell\install1\command - DirectX\DXSETUP.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\FrameworkCheck.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1343024091-1801674531-1003.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-24 22:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 22:24:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\controlset005\Services\FAH@D:+Program Files+Deep Silver+Sacred 2 - Fallen Angel+FAH.exe]
"ImagePath"="d:\program files\Deep Silver\Sacred 2 - Fallen Angel\FAH.exe -svcstart"

[HKEY_LOCAL_MACHINE\System\controlset005\Services\FAH@D:+Program Files+Deep Silver+Sacred 2 - Fallen Angel+system+FAH.exe]
"ImagePath"="d:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\FAH.exe -svcstart"

[HKEY_LOCAL_MACHINE\System\controlset005\Services\FAH@D:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe]

[HKEY_LOCAL_MACHINE\System\controlset005\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\user\LOCALS~1\Temp\YDQ2.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-484763869-1343024091-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:dd,0a,15,9a,2e,75,6d,6a,55,60,f6,e5,85,cf,3f,f9,11,f6,d1,91,87,af,2c,
2d,41,ca,90,45,b6,23,39,e0,c5,3b,7c,9b,0f,42,ed,e8,5d,39,0c,48,90,f7,34,6e,\
"??"=hex:77,4f,82,e5,3a,6e,27,31,e7,f6,21,c9,c7,9b,a8,1a

[HKEY_USERS\S-1-5-21-484763869-1343024091-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:e6,ee,3b,5c,4d,8e,ab,04,51,e1,62,61,81,06,cf,62,e7,cd,32,4a,dd,
c0,41,d5,7f,00,68,11,cc,81,a8,fd,01,6a,a3,47,f5,68,eb,3b,09,f1,ce,9c,96,60,\
"rkeysecu"=hex:7c,75,f1,77,63,d6,c5,55,fe,a2,c8,50,3e,96,16,28
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-15 22:26:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 21:26:02
ComboFix2.txt 2009-02-15 17:44:38
ComboFix3.txt 2009-01-24 18:09:27

Pre-Run: 22,297,710,592 bytes free
Post-Run: 22,299,254,784 bytes free

Current=5 Default=5 Failed=7 LastKnownGood=4 Sets=1,2,3,4,5,6,7
464

Dopuna: 15 Feb 2009 22:38


https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo je sad mnoogo bolje...
Pitaj druga dal ima jos uvek probleme...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otici cu da proverim malo kasnije danas

Dopuna: 16 Feb 2009 14:03

BIO sam do njega.Koliko sam video nema siptoma

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok... to je to...

Neka uradi jos ovo :


Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore