Analiza logova HiJackThis log i Combofix log i kako koristiti ove programe

Ok. To bi bilo to. Kako ti sad radi komp?

Jos nesto sitno da proverim...
Ponovo pokreni Combofix i odradi skeniranje. Dobijeni log kopiraj ovde.

---

Isto.Nista novo.

ComboFix 10-05-19.08 - Djerrro 05/26/2010 19:13:40.8.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1984.1309 [GMT 2:00]
Running from: c:\users\Djerrro\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))
.

2010-05-26 17:20 . 2010-05-26 17:20 -------- d-----w- c:\users\Djerrro\AppData\Local\temp
2010-05-26 17:20 . 2010-05-26 17:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-26 17:20 . 2010-05-26 17:20 -------- d-----w- c:\users\Neso i Sanja\AppData\Local\temp
2010-05-26 17:20 . 2010-05-26 17:20 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-05-26 17:20 . 2010-05-26 17:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-26 17:20 . 2010-05-26 17:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-05-26 17:20 . 2010-05-26 17:20 -------- d-----w- c:\users\__vmware_user__\AppData\Local\temp
2010-05-25 17:15 . 2010-05-25 17:15 388096 ----a-r- c:\users\Djerrro\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-25 16:04 . 2010-05-25 16:04 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-05-25 16:04 . 2010-05-25 16:04 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-05-25 16:04 . 2010-05-25 16:04 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-05-25 16:04 . 2010-05-25 16:04 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-05-25 15:55 . 2010-05-25 18:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-24 15:52 . 2010-05-24 15:52 -------- d-----w- c:\users\Djerrro\AppData\Roaming\WinPatrol
2010-05-24 15:52 . 2009-06-10 21:42 24 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Autoexec.bat
2010-05-24 15:52 . 2009-06-10 21:42 10 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Config.sys
2010-05-23 19:48 . 2010-05-26 16:24 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TeraCopy
2010-05-23 19:48 . 2010-05-23 19:48 -------- d-----w- c:\program files\TeraCopy
2010-05-23 15:04 . 2010-05-23 15:04 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ABBYY
2010-05-23 14:59 . 2010-05-23 14:59 -------- d-----w- c:\program files\Common Files\ABBYY
2010-05-23 14:57 . 2010-05-23 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\ABBYY
2010-05-23 14:57 . 2010-05-23 16:35 -------- d-----w- c:\program files\ABBYY FineReader 10
2010-05-23 14:57 . 2010-05-23 14:57 -------- d-----w- c:\programdata\ABBYY
2010-05-23 13:43 . 2010-05-23 13:43 -------- d-----w- C:\Team17
2010-05-22 07:48 . 2010-05-22 07:48 -------- d-----w- c:\users\Djerrro\AppData\Roaming\EAST Technologies
2010-05-22 06:44 . 2010-05-22 12:55 47360 ----a-w- c:\users\Djerrro\AppData\Roaming\pcouffin.sys
2010-05-22 06:44 . 2010-05-22 06:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-22 06:41 . 2010-05-22 06:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Scooter Software
2010-05-21 20:57 . 2010-05-22 12:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Vso
2010-05-21 17:55 . 2010-02-26 14:26 220024 ----a-w- c:\windows\system32\sigcheck.exe
2010-05-20 18:40 . 2010-05-20 18:40 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Alzex
2010-05-19 19:02 . 2010-05-19 19:02 -------- d-----w- c:\windows\GameSave Manager
2010-05-19 16:53 . 2010-05-19 16:53 -------- d-----w- c:\programdata\complexbackup
2010-05-19 16:52 . 2010-05-19 16:52 -------- d-----w- c:\programdata\backup
2010-05-19 16:15 . 2010-05-19 16:15 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-19 16:15 . 2010-05-19 16:15 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-05-19 16:15 . 2010-05-19 16:15 35552 ----a-w- c:\windows\system32\wups.dll
2010-05-19 16:14 . 2010-05-19 16:14 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-05-19 16:14 . 2010-05-19 16:14 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-19 16:14 . 2010-05-19 16:14 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-05-19 16:14 . 2010-05-19 16:14 44768 ----a-w- c:\windows\system32\wups2.dll
2010-05-19 16:14 . 2010-05-19 16:14 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-19 16:14 . 2010-05-19 16:14 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-05-19 16:13 . 2010-05-26 17:13 -------- d-----w- c:\windows\system32\catroot2
2010-05-19 02:30 . 2010-05-19 02:30 -------- d-----w- c:\windows\Standalone System Sweeper
2010-05-18 18:22 . 2010-05-18 18:22 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Kaspersky Lab
2010-05-18 18:08 . 2010-05-18 18:08 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-17 17:38 . 2010-05-22 15:46 -------- d-----w- c:\program files\Google
2010-05-17 15:00 . 2010-05-26 16:55 -------- d-----w- c:\program files\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Local\Flock
2010-05-16 10:03 . 2010-05-16 10:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PE Explorer
2010-05-15 20:55 . 2010-05-15 20:55 -------- d-----w- c:\programdata\Everstrike
2010-05-15 20:55 . 2010-05-15 20:55 -------- d-----w- c:\program files\Universal Shield 4.3
2010-05-14 15:55 . 2010-05-14 15:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SeriousBit
2010-05-14 15:51 . 2007-01-05 15:55 116736 ----a-w- c:\windows\system32\RestoratorContextMenu.dll
2010-05-14 15:51 . 2010-05-14 15:51 -------- d-----w- c:\program files\Restorator 2009
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\programdata\TechSmith
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\program files\TechSmith
2010-05-13 18:59 . 2010-05-13 18:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-13 18:41 . 2010-05-13 18:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TechSmith
2010-05-13 17:02 . 2010-05-13 17:02 -------- d-----w- c:\users\Djerrro\AppData\Local\assembly
2010-05-13 16:22 . 2010-05-13 16:22 -------- d-----w- c:\users\Djerrro\AppData\Local\TechSmith
2010-05-12 19:24 . 2010-05-12 19:25 -------- d-----w- c:\programdata\SFlash
2010-05-12 19:20 . 2010-05-12 19:21 -------- d-----w- c:\programdata\Visual Watermark
2010-05-12 15:19 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-10 18:01 . 2009-09-09 14:43 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-05-10 18:01 . 2010-05-10 18:01 214448 ----a-w- c:\users\Djerrro\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-10 18:01 . 2010-05-10 18:08 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDM
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Internet download manager
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Softvnn
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Password Generator Professional
2010-05-09 19:49 . 2010-05-09 19:49 -------- d-----w- c:\users\Djerrro\AppData\Local\Office
2010-05-09 19:25 . 2010-05-09 20:12 -------- d-----w- c:\program files\FileZillaPortable
2010-05-08 20:27 . 2010-05-08 20:27 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PgcEdit
2010-05-08 20:06 . 2010-05-23 18:45 -------- d-----w- c:\program files\Trillian
2010-05-08 19:58 . 2010-05-08 19:58 -------- d-----w- c:\users\Djerrro\AppData\Local\BuildAGadget Content
2010-05-08 10:04 . 2010-05-08 10:09 -------- d-----w- c:\program files\HyperSnap 6
2010-05-07 22:27 . 2010-05-07 22:27 -------- d-----w- c:\program files\BTMPro
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Souptoys
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\programdata\Souptoys
2010-05-05 19:06 . 2010-05-05 19:06 -------- d-----w- c:\windows\system32\RightClickFiles
2010-05-05 17:08 . 2010-05-14 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\Runscanner.net
2010-05-05 17:01 . 2010-05-05 17:07 8107 ----a-w- c:\windows\w7dsd.reg
2010-05-05 17:01 . 2010-05-05 17:07 8089 ----a-w- c:\windows\w7dse.reg
2010-05-05 17:01 . 2010-05-05 17:01 233888 ----a-w- c:\windows\system32\DreamScene.dll
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__\AppData\Roaming\Winamp
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__
2010-05-03 12:24 . 2010-05-03 15:42 -------- d-----w- c:\program files\Winamp
2010-05-03 12:24 . 2010-05-03 12:30 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Winamp
2010-05-02 18:35 . 2010-05-18 15:58 -------- d-----w- c:\users\Djerrro\AppData\Local\ElevatedDiagnostics
2010-05-02 16:57 . 2010-05-12 20:12 -------- d-----w- c:\users\Djerrro\AppData\Local\Paint.NET
2010-05-02 11:15 . 2010-05-02 11:15 -------- d-----w- C:\PFiles
2010-05-02 10:52 . 2010-05-02 10:52 -------- d-----w- c:\program files\Windows Movie Maker 6.0
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\drivers\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\wbem\sr-Latn-CS
2010-05-01 22:13 . 2010-05-01 22:13 -------- d-----w- c:\program files\MSECache
2010-05-01 20:16 . 2010-05-20 16:32 -------- d-----w- c:\users\Neso i Sanja
2010-05-01 19:58 . 2010-05-07 19:09 -------- d-----w- c:\users\Djerrro\Destkop
2010-05-01 18:19 . 2010-05-01 18:19 -------- d-----w- c:\users\Djerrro\AppData\Roaming\HateML
2010-05-01 14:23 . 2010-05-01 14:23 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ArcticLine
2010-05-01 14:10 . 2010-05-01 14:10 4575232 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\gert.tls.dll
2010-05-01 13:46 . 2010-05-01 13:46 -------- d-----w- c:\windows\Sun
2010-05-01 13:30 . 2010-05-01 13:30 -------- d-----w- c:\program files\Common Files\Java
2010-05-01 13:29 . 2010-05-01 13:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 13:29 . 2010-05-01 13:29 -------- d-----w- c:\program files\Java
2010-05-01 09:49 . 2010-05-01 09:49 -------- d-----w- c:\programdata\TreeCardGames
2010-05-01 09:49 . 2010-05-01 09:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SolSuite
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-04-30 19:49 . 2010-05-01 14:11 -------- d-----w- c:\windows\PCHEALTH
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft.NET
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-30 19:48 . 2010-04-30 19:48 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-04-30 19:47 . 2010-04-30 19:47 -------- d-----w- c:\users\Djerrro\AppData\Local\Microsoft Help
2010-04-30 19:47 . 2010-05-02 08:32 -------- d-----w- c:\programdata\Microsoft Help
2010-04-30 19:01 . 2010-04-30 19:01 -------- d-----w- c:\users\Djerrro\AppData\Local\PreEmptive Solutions
2010-04-30 17:52 . 2010-05-25 18:42 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Thinstall
2010-04-30 17:46 . 2010-04-30 17:46 -------- d-----w- c:\users\Djerrro\AppData\Roaming\translateclient
2010-04-30 17:34 . 2010-05-24 19:52 -------- d-----w- c:\program files\Everything-1.2.1.451a
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-29 18:44 . 2010-05-08 09:46 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDMComp
2010-04-29 18:31 . 2010-05-01 13:42 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Trillian
2010-04-29 18:06 . 2010-04-29 18:07 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IcoFX
2010-04-29 15:26 . 2010-04-29 15:26 -------- d-----w- c:\users\Djerrro\AppData\Local\GHISLER

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 17:07 . 2010-04-26 16:29 -------- d-----w- c:\program files\MODEM Mobile Connection
2010-05-26 17:06 . 2010-04-26 15:22 -------- d-----w- c:\users\Djerrro\AppData\Roaming\uTorrent
2010-05-26 16:17 . 2010-04-26 16:12 -------- d-----w- c:\users\Djerrro\AppData\Roaming\DMCache
2010-05-23 13:43 . 2010-04-26 15:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-23 13:43 . 2010-04-26 15:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-15 18:55 . 2010-04-26 15:17 -------- d-----w- c:\programdata\Win7codecs
2010-05-15 14:25 . 2010-04-26 15:22 -------- d-----w- c:\program files\uTorrent
2010-05-12 15:19 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 09:21 . 2010-04-26 16:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-08 12:29 . 2010-04-26 16:26 -------- d-----w- c:\programdata\NVIDIA
2010-05-08 12:14 . 2010-05-08 12:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-03 15:42 . 2010-04-26 16:05 -------- d-----w- c:\program files\DFX
2010-05-02 16:06 . 2010-04-26 15:25 -------- d-----w- c:\program files\Windows7FirewallControl
2010-05-02 08:46 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-05-01 08:39 . 2010-04-26 15:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-30 20:09 . 2010-04-30 20:09 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-30 20:09 . 2010-04-30 20:09 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-04-30 20:09 . 2010-04-30 20:09 -------- d-----w- c:\program files\Interplay
2010-04-30 19:51 . 2010-04-26 15:48 108824 ----a-w- c:\users\Djerrro\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-29 13:39 . 2010-04-26 15:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-04-26 15:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 17:53 . 2010-04-26 15:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-28 15:07 . 2010-04-26 16:49 -------- d-----w- c:\program files\SystemExplorerPortable
2010-04-27 14:57 . 2010-04-27 14:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-26 20:20 . 2010-04-26 20:20 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-04-26 20:11 . 2010-04-26 15:58 -------- d-----w- c:\programdata\WhereIsIt
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\program files\Vimicro
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\users\Djerrro\AppData\Roaming\InstallShield
2010-04-26 19:17 . 2010-04-26 17:22 -------- d-----w- c:\programdata\Mozilla Firefox
2010-04-26 17:08 . 2010-04-26 15:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-26 16:39 . 2010-04-26 16:39 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Malwarebytes
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\programdata\DFX
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\users\Guest\AppData\Roaming\Winamp
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\users\Administrator\AppData\Roaming\Winamp
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\program files\Common Files\DFX
2010-04-26 16:03 . 2010-04-26 16:03 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-04-26 15:56 . 2010-04-26 15:56 -------- d-----w- c:\programdata\Malwarebytes
2010-04-26 15:47 . 2010-04-26 15:47 0 ----a-w- c:\windows\nsreg.dat
2010-04-26 15:40 . 2010-04-26 15:40 -------- d-----w- c:\programdata\Avira
2010-04-26 15:40 . 2010-04-26 15:40 -------- d-----w- c:\program files\Avira
2010-04-26 15:38 . 2010-04-26 15:38 -------- d-----w- c:\program files\Realtek
2010-04-26 15:27 . 2010-04-26 15:27 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Win7codecs
2010-04-26 15:27 . 2010-04-26 15:27 -------- d-----w- c:\program files\Win7codecs
2010-04-12 08:44 . 2010-04-12 08:44 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2010-04-01 15:56 . 2010-04-26 17:22 155648 ----a-w- c:\programdata\Mozilla Firefox\softokn3.dll
2010-04-01 15:56 . 2010-04-26 17:22 98304 ----a-w- c:\programdata\Mozilla Firefox\nssdbm3.dll
2010-04-01 15:56 . 2010-04-26 17:22 249856 ----a-w- c:\programdata\Mozilla Firefox\freebl3.dll
2010-03-08 21:33 . 2010-04-26 17:01 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 12:48 . 2010-03-05 12:48 4254224 ----a-w- c:\windows\system32\qtp-mt334.dll
2010-03-05 12:48 . 2010-03-05 12:48 385544 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2010-03-05 12:48 . 2010-03-05 12:48 249872 ----a-w- c:\windows\system32\prgiso.dll
2010-03-05 12:48 . 2010-03-05 12:48 34392 ----a-w- c:\windows\system32\drivers\UimBus.sys
2010-03-05 12:48 . 2010-03-05 12:48 261416 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2010-03-01 07:05 . 2010-04-26 15:40 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-27 12:07 . 2010-04-26 17:01 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07 . 2010-04-26 17:01 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 07:32 . 2010-04-26 17:00 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-26 17:00 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-26 17:00 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-05-25_17.01.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-26 17:55 . 2010-05-26 17:14 27406 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-05-26 17:14 42532 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-26 15:40 . 2010-05-26 17:05 28520 c:\windows\System32\drivers\ssmdrv.sys
- 2010-04-26 15:40 . 2010-05-25 15:23 28520 c:\windows\System32\drivers\ssmdrv.sys
+ 2010-04-26 23:56 . 2010-05-26 17:12 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-26 23:56 . 2010-05-25 16:52 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-26 23:56 . 2010-05-25 16:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-26 23:56 . 2010-05-26 17:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-05-25 16:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-05-26 17:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-01 10:18 . 2010-05-25 16:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-01 10:18 . 2010-05-26 17:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-01 10:18 . 2010-05-25 16:50 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-01 10:18 . 2010-05-26 17:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-01 10:18 . 2010-05-25 16:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-01 10:18 . 2010-05-26 17:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-26 15:41 . 2010-05-26 17:14 8434 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1696113728-3900944564-1100707938-1000_UserData.bin
+ 2010-05-26 17:12 . 2010-05-26 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-25 16:52 . 2010-05-25 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-26 17:12 . 2010-05-26 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-05-25 16:52 . 2010-05-25 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-26 15:24 . 2010-05-26 16:03 127550 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-09-26 05:42 556416 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUpdateCheck"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-07-04 12:16 49152 ----a-w- c:\windows\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-09-30 09:15 387584 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-20 11:14 26192680 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 14:15 49152 ----a-w- c:\windows\vmsnap3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2009-10-22 02:59 129584 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows7FirewallControl"=c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-23 879104]
R3 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-19 1050440]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-03-18 475136]
R3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\Drivers\usbVM303.sys [2007-03-16 1474560]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-03-05 40560]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-22 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 372736]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files\Internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet download manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
.
------- File Associations -------
.
.scr=scr
.txt=txt
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85EC3D01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84e4caa0
QueryNameProcedure -> 0x84e4cc30
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-05-26 19:23:37
ComboFix-quarantined-files.txt 2010-05-26 17:23
ComboFix2.txt 2010-05-25 17:03

Pre-Run: 78,542,966,784 bytes free
Post-Run: 78,482,759,680 bytes free

- - End Of File - - 77C3D78D5BB1F57B024CC283B0DB6EA4

hm..moguca TDL3 infekcija

Skini program DeFogger na Desktop
http://www.jpshortstuff.247fixes.com/Defogger.exe

Pokreni DeFogger
Pojavice se MsgBox na kome ces kliknuti na taster Disable
Ponovo ce se pojaviti MsgBox na kome ces kliknuti na Yes


Sacekaj da program DeFogger zavrsi ,najverovatnije ce doci do restarta komjutera.

Posle ovoga ponovo pokreni Combofix i postavi mi svez log

---

Odradio sam.Pokrenuo Defogger,nije restertovao komp kad je zavrsio.Pokrenuo Combo i na pola plavi ekran....

==================================================
Dump File : 052710-23696-01.dmp
Crash Time : 5/27/2010 5:59:05 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000009
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x82ca5f95
Caused By Driver : halmacpi.dll
Caused By Address : halmacpi.dll+5924
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\minidump\052710-23696-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
==================================================
Nista,opet sam ga pokrenuo,skenirao ja dobrih pola sata.Evo loga:


ComboFix 10-05-26.03 - Djerrro 05/27/2010 18:05:04.9.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1984.1308 [GMT 2:00]
Running from: c:\users\Djerrro\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-04-27 to 2010-05-27 )))))))))))))))))))))))))))))))
.

2010-05-27 16:15 . 2010-05-27 16:16 -------- d-----w- c:\users\Djerrro\AppData\Local\temp
2010-05-27 16:15 . 2010-05-27 16:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-27 16:15 . 2010-05-27 16:15 -------- d-----w- c:\users\Neso i Sanja\AppData\Local\temp
2010-05-27 16:15 . 2010-05-27 16:15 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-05-27 16:15 . 2010-05-27 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-27 16:15 . 2010-05-27 16:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-05-27 16:15 . 2010-05-27 16:15 -------- d-----w- c:\users\__vmware_user__\AppData\Local\temp
2010-05-25 17:15 . 2010-05-25 17:15 388096 ----a-r- c:\users\Djerrro\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-25 16:04 . 2010-05-25 16:04 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-05-25 15:55 . 2010-05-25 18:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-24 15:52 . 2010-05-24 15:52 -------- d-----w- c:\users\Djerrro\AppData\Roaming\WinPatrol
2010-05-24 15:52 . 2009-06-10 21:42 24 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Autoexec.bat
2010-05-24 15:52 . 2009-06-10 21:42 10 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Config.sys
2010-05-23 19:48 . 2010-05-27 15:51 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TeraCopy
2010-05-23 19:48 . 2010-05-23 19:48 -------- d-----w- c:\program files\TeraCopy
2010-05-23 15:04 . 2010-05-23 15:04 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ABBYY
2010-05-23 14:59 . 2010-05-23 14:59 -------- d-----w- c:\program files\Common Files\ABBYY
2010-05-23 14:57 . 2010-05-23 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\ABBYY
2010-05-23 14:57 . 2010-05-23 16:35 -------- d-----w- c:\program files\ABBYY FineReader 10
2010-05-23 14:57 . 2010-05-23 14:57 -------- d-----w- c:\programdata\ABBYY
2010-05-23 13:43 . 2010-05-23 13:43 -------- d-----w- C:\Team17
2010-05-22 07:48 . 2010-05-22 07:48 -------- d-----w- c:\users\Djerrro\AppData\Roaming\EAST Technologies
2010-05-22 06:44 . 2010-05-22 12:55 47360 ----a-w- c:\users\Djerrro\AppData\Roaming\pcouffin.sys
2010-05-22 06:44 . 2010-05-22 06:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-22 06:41 . 2010-05-22 06:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Scooter Software
2010-05-21 20:57 . 2010-05-22 12:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Vso
2010-05-21 17:55 . 2010-02-26 14:26 220024 ----a-w- c:\windows\system32\sigcheck.exe
2010-05-20 18:40 . 2010-05-20 18:40 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Alzex
2010-05-19 19:02 . 2010-05-19 19:02 -------- d-----w- c:\windows\GameSave Manager
2010-05-19 16:53 . 2010-05-19 16:53 -------- d-----w- c:\programdata\complexbackup
2010-05-19 16:52 . 2010-05-19 16:52 -------- d-----w- c:\programdata\backup
2010-05-19 16:15 . 2010-05-19 16:15 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-19 16:15 . 2010-05-19 16:15 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-05-19 16:15 . 2010-05-19 16:15 35552 ----a-w- c:\windows\system32\wups.dll
2010-05-19 16:14 . 2010-05-19 16:14 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-05-19 16:14 . 2010-05-19 16:14 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-19 16:14 . 2010-05-19 16:14 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-05-19 16:14 . 2010-05-19 16:14 44768 ----a-w- c:\windows\system32\wups2.dll
2010-05-19 16:14 . 2010-05-19 16:14 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-19 16:14 . 2010-05-19 16:14 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-05-19 16:13 . 2010-05-26 17:13 -------- d-----w- c:\windows\system32\catroot2
2010-05-19 02:30 . 2010-05-19 02:30 -------- d-----w- c:\windows\Standalone System Sweeper
2010-05-18 18:22 . 2010-05-18 18:22 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Kaspersky Lab
2010-05-18 18:08 . 2010-05-18 18:08 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-17 17:38 . 2010-05-22 15:46 -------- d-----w- c:\program files\Google
2010-05-17 15:00 . 2010-05-27 15:15 -------- d-----w- c:\program files\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Local\Flock
2010-05-16 10:03 . 2010-05-16 10:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PE Explorer
2010-05-15 20:55 . 2010-05-15 20:55 -------- d-----w- c:\programdata\Everstrike
2010-05-15 20:55 . 2010-05-15 20:55 -------- d-----w- c:\program files\Universal Shield 4.3
2010-05-14 15:55 . 2010-05-14 15:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SeriousBit
2010-05-14 15:51 . 2007-01-05 15:55 116736 ----a-w- c:\windows\system32\RestoratorContextMenu.dll
2010-05-14 15:51 . 2010-05-14 15:51 -------- d-----w- c:\program files\Restorator 2009
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\programdata\TechSmith
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\program files\TechSmith
2010-05-13 18:59 . 2010-05-13 18:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-13 18:41 . 2010-05-13 18:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TechSmith
2010-05-13 17:02 . 2010-05-13 17:02 -------- d-----w- c:\users\Djerrro\AppData\Local\assembly
2010-05-13 16:22 . 2010-05-13 16:22 -------- d-----w- c:\users\Djerrro\AppData\Local\TechSmith
2010-05-12 19:24 . 2010-05-12 19:25 -------- d-----w- c:\programdata\SFlash
2010-05-12 19:20 . 2010-05-12 19:21 -------- d-----w- c:\programdata\Visual Watermark
2010-05-12 15:19 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-10 18:01 . 2009-09-09 14:43 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-05-10 18:01 . 2010-05-10 18:01 214448 ----a-w- c:\users\Djerrro\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-10 18:01 . 2010-05-10 18:08 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDM
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Internet download manager
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Softvnn
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Password Generator Professional
2010-05-09 19:49 . 2010-05-09 19:49 -------- d-----w- c:\users\Djerrro\AppData\Local\Office
2010-05-09 19:25 . 2010-05-09 20:12 -------- d-----w- c:\program files\FileZillaPortable
2010-05-08 20:27 . 2010-05-08 20:27 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PgcEdit
2010-05-08 20:06 . 2010-05-26 18:33 -------- d-----w- c:\program files\Trillian
2010-05-08 19:58 . 2010-05-08 19:58 -------- d-----w- c:\users\Djerrro\AppData\Local\BuildAGadget Content
2010-05-07 22:27 . 2010-05-07 22:27 -------- d-----w- c:\program files\BTMPro
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Souptoys
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\programdata\Souptoys
2010-05-05 19:06 . 2010-05-05 19:06 -------- d-----w- c:\windows\system32\RightClickFiles
2010-05-05 17:08 . 2010-05-14 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\Runscanner.net
2010-05-05 17:01 . 2010-05-05 17:07 8107 ----a-w- c:\windows\w7dsd.reg
2010-05-05 17:01 . 2010-05-05 17:07 8089 ----a-w- c:\windows\w7dse.reg
2010-05-05 17:01 . 2010-05-05 17:01 233888 ----a-w- c:\windows\system32\DreamScene.dll
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__\AppData\Roaming\Winamp
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__
2010-05-03 12:24 . 2010-05-03 15:42 -------- d-----w- c:\program files\Winamp
2010-05-03 12:24 . 2010-05-03 12:30 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Winamp
2010-05-02 18:35 . 2010-05-18 15:58 -------- d-----w- c:\users\Djerrro\AppData\Local\ElevatedDiagnostics
2010-05-02 16:57 . 2010-05-12 20:12 -------- d-----w- c:\users\Djerrro\AppData\Local\Paint.NET
2010-05-02 11:15 . 2010-05-02 11:15 -------- d-----w- C:\PFiles
2010-05-02 10:52 . 2010-05-02 10:52 -------- d-----w- c:\program files\Windows Movie Maker 6.0
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\drivers\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\wbem\sr-Latn-CS
2010-05-01 22:13 . 2010-05-01 22:13 -------- d-----w- c:\program files\MSECache
2010-05-01 20:16 . 2010-05-20 16:32 -------- d-----w- c:\users\Neso i Sanja
2010-05-01 19:58 . 2010-05-07 19:09 -------- d-----w- c:\users\Djerrro\Destkop
2010-05-01 18:19 . 2010-05-01 18:19 -------- d-----w- c:\users\Djerrro\AppData\Roaming\HateML
2010-05-01 14:23 . 2010-05-01 14:23 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ArcticLine
2010-05-01 14:10 . 2010-05-01 14:10 4575232 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\gert.tls.dll
2010-05-01 13:46 . 2010-05-01 13:46 -------- d-----w- c:\windows\Sun
2010-05-01 13:30 . 2010-05-01 13:30 -------- d-----w- c:\program files\Common Files\Java
2010-05-01 13:29 . 2010-05-01 13:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 13:29 . 2010-05-01 13:29 -------- d-----w- c:\program files\Java
2010-05-01 09:49 . 2010-05-01 09:49 -------- d-----w- c:\programdata\TreeCardGames
2010-05-01 09:49 . 2010-05-01 09:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SolSuite
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-04-30 19:49 . 2010-05-01 14:11 -------- d-----w- c:\windows\PCHEALTH
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft.NET
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-30 19:48 . 2010-04-30 19:48 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-04-30 19:47 . 2010-04-30 19:47 -------- d-----w- c:\users\Djerrro\AppData\Local\Microsoft Help
2010-04-30 19:47 . 2010-05-02 08:32 -------- d-----w- c:\programdata\Microsoft Help
2010-04-30 19:01 . 2010-04-30 19:01 -------- d-----w- c:\users\Djerrro\AppData\Local\PreEmptive Solutions
2010-04-30 17:52 . 2010-05-25 18:42 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Thinstall
2010-04-30 17:46 . 2010-04-30 17:46 -------- d-----w- c:\users\Djerrro\AppData\Roaming\translateclient
2010-04-30 17:34 . 2010-05-24 19:52 -------- d-----w- c:\program files\Everything-1.2.1.451a
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-29 18:44 . 2010-05-08 09:46 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDMComp
2010-04-29 18:31 . 2010-05-01 13:42 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Trillian
2010-04-29 18:06 . 2010-04-29 18:07 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IcoFX
2010-04-29 15:26 . 2010-04-29 15:26 -------- d-----w- c:\users\Djerrro\AppData\Local\GHISLER
2010-04-29 15:22 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-29 15:22 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-29 15:22 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-29 15:21 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-27 16:04 . 2010-04-26 19:29 -------- d-----w- c:\programdata\VMware
2010-05-27 15:45 . 2010-04-26 16:29 -------- d-----w- c:\program files\MODEM Mobile Connection
2010-05-27 15:37 . 2010-04-26 16:12 -------- d-----w- c:\users\Djerrro\AppData\Roaming\DMCache
2010-05-27 15:25 . 2010-04-26 15:22 -------- d-----w- c:\users\Djerrro\AppData\Roaming\uTorrent
2010-05-26 18:30 . 2010-04-26 19:32 -------- d-----w- c:\users\Djerrro\AppData\Roaming\VMware
2010-05-26 15:04 . 2010-04-26 18:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Skype
2010-05-25 17:52 . 2010-04-26 18:02 -------- d-----w- c:\program files\Trend Micro
2010-05-23 13:43 . 2010-04-26 15:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-23 13:43 . 2010-04-26 15:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-16 20:25 . 2010-04-26 17:57 -------- d-----w- c:\program files\TC UP
2010-05-15 18:55 . 2010-04-26 15:17 -------- d-----w- c:\programdata\Win7codecs
2010-05-15 14:25 . 2010-04-26 15:22 -------- d-----w- c:\program files\uTorrent
2010-05-15 13:35 . 2010-04-26 20:10 -------- d-----w- c:\program files\SysTracer
2010-05-12 15:19 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 09:21 . 2010-04-26 16:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-08 12:29 . 2010-04-26 16:26 -------- d-----w- c:\programdata\NVIDIA
2010-05-08 12:14 . 2010-05-08 12:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-03 15:42 . 2010-04-26 16:05 -------- d-----w- c:\program files\DFX
2010-05-02 16:06 . 2010-04-26 15:25 -------- d-----w- c:\program files\Windows7FirewallControl
2010-05-02 08:46 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-05-01 08:39 . 2010-04-26 15:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-30 20:09 . 2010-04-30 20:09 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-30 20:09 . 2010-04-30 20:09 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-04-30 20:09 . 2010-04-30 20:09 -------- d-----w- c:\program files\Interplay
2010-04-30 19:51 . 2010-04-26 15:48 108824 ----a-w- c:\users\Djerrro\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-29 13:39 . 2010-04-26 15:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-04-26 15:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 17:53 . 2010-04-26 15:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-28 15:07 . 2010-04-26 16:49 -------- d-----w- c:\program files\SystemExplorerPortable
2010-04-28 11:54 . 2010-04-26 19:51 -------- d-----w- c:\users\Djerrro\AppData\Roaming\BSplayer PRO
2010-04-27 14:57 . 2010-04-27 14:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-26 20:36 . 2010-04-26 20:35 -------- d-----w- c:\program files\Rainlendar2
2010-04-26 20:20 . 2010-04-26 20:20 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-04-26 20:12 . 2010-04-26 20:11 -------- d-----w- c:\program files\WhereIsIt
2010-04-26 20:11 . 2010-04-26 15:58 -------- d-----w- c:\programdata\WhereIsIt
2010-04-26 20:09 . 2010-04-26 20:09 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-04-26 20:08 . 2010-04-26 20:08 -------- d-----w- c:\program files\Mario Forever
2010-04-26 19:59 . 2010-04-26 19:59 -------- d-----w- c:\program files\Webteh
2010-04-26 19:40 . 2010-04-26 19:31 909320 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-04-26 19:40 . 2010-04-26 19:31 625200 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-04-26 19:38 . 2010-04-26 19:38 -------- d-----w- c:\program files\VMware
2010-04-26 19:37 . 2010-04-26 19:31 958000 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-04-26 19:37 . 2010-04-26 19:31 922672 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-04-26 19:37 . 2010-04-26 19:31 760368 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-04-26 19:37 . 2010-04-26 19:31 703024 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-04-26 19:37 . 2010-04-26 19:31 569344 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-04-26 19:37 . 2010-04-26 19:31 360448 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-04-26 19:37 . 2010-04-26 19:31 331776 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-04-26 19:37 . 2010-04-26 19:31 731696 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-04-26 19:29 . 2010-04-26 19:29 -------- d-----w- c:\program files\Common Files\VMware
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\program files\Vimicro
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\users\Djerrro\AppData\Roaming\InstallShield
2010-04-26 19:18 . 2010-04-26 19:18 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Avira
2010-04-26 19:17 . 2010-04-26 17:22 -------- d-----w- c:\programdata\Mozilla Firefox
2010-04-26 19:16 . 2010-04-26 19:16 -------- d-----w- c:\users\Djerrro\AppData\Roaming\URSoft
2010-04-26 19:15 . 2010-04-26 18:03 -------- d-----r- c:\program files\Skype
2010-04-26 18:22 . 2010-04-26 18:22 -------- d-----w- c:\program files\Sandboxie
2010-04-26 18:03 . 2010-04-26 18:03 -------- d-----w- c:\program files\Common Files\Skype
2010-04-26 18:03 . 2010-04-26 18:03 -------- d-----w- c:\programdata\Skype
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TuneUp Software
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\programdata\TuneUp Software
2010-04-26 17:08 . 2010-04-26 15:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-26 16:39 . 2010-04-26 16:39 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Malwarebytes
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\programdata\DFX
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\users\Guest\AppData\Roaming\Winamp
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\users\Administrator\AppData\Roaming\Winamp
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\program files\Common Files\DFX
2010-04-26 16:03 . 2010-04-26 16:03 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-04-26 15:56 . 2010-04-26 15:56 -------- d-----w- c:\programdata\Malwarebytes
2010-04-26 15:47 . 2010-04-26 15:47 0 ----a-w- c:\windows\nsreg.dat
2010-04-26 15:40 . 2010-04-26 15:40 -------- d-----w- c:\programdata\Avira
2010-04-26 15:40 . 2010-04-26 15:40 -------- d-----w- c:\program files\Avira
2010-04-26 15:38 . 2010-04-26 15:38 -------- d-----w- c:\program files\Realtek
2010-04-26 15:27 . 2010-04-26 15:27 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Win7codecs
2010-04-26 15:27 . 2010-04-26 15:27 -------- d-----w- c:\program files\Win7codecs
2010-04-19 11:48 . 2010-04-26 17:48 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-19 11:42 . 2010-04-26 17:48 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-04-19 11:42 . 2010-04-26 17:48 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-12 08:44 . 2010-04-12 08:44 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2010-04-01 15:56 . 2010-04-26 17:22 155648 ----a-w- c:\programdata\Mozilla Firefox\softokn3.dll
2010-04-01 15:56 . 2010-04-26 17:22 98304 ----a-w- c:\programdata\Mozilla Firefox\nssdbm3.dll
2010-04-01 15:56 . 2010-04-26 17:22 249856 ----a-w- c:\programdata\Mozilla Firefox\freebl3.dll
2010-03-08 21:33 . 2010-04-26 17:01 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 12:48 . 2010-03-05 12:48 4254224 ----a-w- c:\windows\system32\qtp-mt334.dll
2010-03-05 12:48 . 2010-03-05 12:48 385544 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2010-03-05 12:48 . 2010-03-05 12:48 249872 ----a-w- c:\windows\system32\prgiso.dll
2010-03-05 12:48 . 2010-03-05 12:48 34392 ----a-w- c:\windows\system32\drivers\UimBus.sys
2010-03-05 12:48 . 2010-03-05 12:48 261416 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2010-03-01 07:05 . 2010-04-26 15:40 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-27 12:07 . 2010-04-26 17:01 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07 . 2010-04-26 17:01 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 07:32 . 2010-04-26 17:00 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-26 17:00 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-26 17:00 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-05-25_17.01.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-26 17:55 . 2010-05-27 16:06 27558 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-05-27 16:06 42700 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-26 15:40 . 2010-05-26 17:05 28520 c:\windows\System32\drivers\ssmdrv.sys
- 2010-04-26 15:40 . 2010-05-25 15:23 28520 c:\windows\System32\drivers\ssmdrv.sys
+ 2010-04-26 23:56 . 2010-05-27 16:04 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-26 23:56 . 2010-05-25 16:52 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-26 23:56 . 2010-05-25 16:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-26 23:56 . 2010-05-27 16:04 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-05-25 16:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-05-27 16:04 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-01 10:18 . 2010-05-25 16:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-01 10:18 . 2010-05-27 16:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-01 10:18 . 2010-05-25 16:50 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-01 10:18 . 2010-05-27 16:02 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-01 10:18 . 2010-05-25 16:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-01 10:18 . 2010-05-27 16:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-26 15:41 . 2010-05-27 16:00 8442 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1696113728-3900944564-1100707938-1000_UserData.bin
+ 2010-05-27 16:04 . 2010-05-27 16:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-25 16:52 . 2010-05-25 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-27 16:04 . 2010-05-27 16:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-05-25 16:52 . 2010-05-25 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-26 15:24 . 2010-05-27 11:48 138916 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-09-26 05:42 556416 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUpdateCheck"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-07-04 12:16 49152 ----a-w- c:\windows\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-09-30 09:15 387584 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-20 11:14 26192680 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 14:15 49152 ----a-w- c:\windows\vmsnap3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2009-10-22 02:59 129584 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows7FirewallControl"=c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-23 879104]
R3 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-19 1050440]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-03-18 475136]
R3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\Drivers\usbVM303.sys [2007-03-16 1474560]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-03-05 40560]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-22 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 372736]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files\Internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet download manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
.
------- File Associations -------
.
.scr=scr
.txt=txt
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85FD0D01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84e4caa0
QueryNameProcedure -> 0x84e4cc30
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-05-27 18:18:42
ComboFix-quarantined-files.txt 2010-05-27 16:18
ComboFix2.txt 2010-05-26 17:23
ComboFix3.txt 2010-05-25 17:03

Pre-Run: 78,299,770,880 bytes free
Post-Run: 78,106,066,944 bytes free

- - End Of File - - 5486B8297DFBE83A9D3A0824F2CC452D

nema ovde nicega...cist PC.Zasto dobijas BSOD ...pa ili zbog loseg instaliranog drajvera (ili rootkit-a) ili zbog neispravnog drajvera.
proverili smo i odstranili postojace rootkit-ove...

evo sta kaze minidump.


BSOD ti najverovatnije prijavljuje gresku sa ovim kodom :S <-- nisam 100% siguran


sorry, ali ovo vise nije za zastitu ;)

1. --> Deinstaliraj AVZ ovako

* Pokreni AVZ
* Idi na File >> Standard Scripts;
* Otvorice se prozor. Izaberi opciju 6 ( Execute Selected Scripts; ) i idi na Yes
* Dobices ovo obavestenje Script Executed;
* Izadji iz programa i obrisi folder u kom se nalazi AVZ

.........................................

2. --> Deinstaliraj Combofix

Idi na Start >> Run
tako kopiraj sledece



Ok. Dobices obavestenje da je Combofix deinstaliran

.........................................

3.--> Pokreni DeFogger i idi na Re-enable;
Pojavice se MsgBox na kome ces kliknuti na Yes

---

Nije mi jasno zasto Combofix svaki put kad ga pokrenem pronadje aktivnost rootkita.Neznam,pogledat cu jos malo za vikend.Probati na nadjem problem.Ako provalim sta je postavit cu ovde,ako ne,ponovo dizem sistem.U svakom slucaju hvala na pomoci i vremenu...Pozdrav !!!

_{[Ovu poruku je menjao djerro dana 30.05.2010. u 12:32 GMT+1]}

ma nemoguce...svaki put?
U pocetku da,naravno ,ali sad nebi smeo da ti javlja nista. PC ti je cist...i logovi su cisti...

uostalom...ajd ovako...

Skini OTL sa ovog linka na Desktop
http://oldtimer.geekstogo.com/OTL.exe

Pokreni ga i idi na Run Scan
Po zavrsetku otvorice ti dva loga (oba ce automacki sacuvati na Desktop-u)
meni koripaj OTL.Txt


a ti posle toga odmah odradi i scan sa Dr.Web Live CD-om.

Prvo skini Active@ ISO Burner na Desktop
program ce omoguciti da narezes Dr.Web na CD i da bude butabilan.
samo instaliraj program i on radi prakticno automacki.
objasnjenje kako program radi mozes procitati http://www.ntfs.com/iso_burner_free.htm

Skines image Dr.Web sa ovog linka:
http://www.freedrweb.com/livecd/

how to (tutorijal) --> procitaj
http://www.freedrweb.com/livecd/how_it_works/

Ubaci CD u zarazen racunar.
butuj sa CD-a , odradi update Dr.Web-a ( ako bude trebalo) i ostavi ga da skenira.
Skeniranje ce trajati i do 4 sata.

---

Sta da ti kazem!?Procitao sam tvoj post,izbrisao Combofix,skinuo novu verziju,pokrenuo i :"Combofix has detected the presence of rootkit activity and needs to reboot the machine."Restart,skeniranje....Logo:

ComboFix 10-05-26.03 - Djerrro 05/28/2010 21:26:42.10.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1984.1322 [GMT 2:00]
Running from: c:\users\Djerrro\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-28 )))))))))))))))))))))))))))))))
.

2010-05-28 19:33 . 2010-05-28 19:34 -------- d-----w- c:\users\Djerrro\AppData\Local\temp
2010-05-28 19:33 . 2010-05-28 19:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-28 19:33 . 2010-05-28 19:33 -------- d-----w- c:\users\Neso i Sanja\AppData\Local\temp
2010-05-28 19:33 . 2010-05-28 19:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-05-28 19:33 . 2010-05-28 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-28 19:33 . 2010-05-28 19:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-05-28 19:33 . 2010-05-28 19:33 -------- d-----w- c:\users\__vmware_user__\AppData\Local\temp
2010-05-28 15:13 . 2010-05-28 15:13 25957 ----a-w- c:\users\Djerrro\AppData\Roaming\IDM\DwnlData\Djerrro\Dropbox-200.8.64_337\Dropbox-200.8.64.exe
2010-05-27 19:30 . 2010-05-27 19:30 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Proxima Software
2010-05-25 17:15 . 2010-05-25 17:15 388096 ----a-r- c:\users\Djerrro\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-25 15:55 . 2010-05-25 18:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-24 15:52 . 2010-05-24 15:52 -------- d-----w- c:\users\Djerrro\AppData\Roaming\WinPatrol
2010-05-24 15:52 . 2009-06-10 21:42 24 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Autoexec.bat
2010-05-24 15:52 . 2009-06-10 21:42 10 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Config.sys
2010-05-23 19:48 . 2010-05-28 19:20 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TeraCopy
2010-05-23 19:48 . 2010-05-23 19:48 -------- d-----w- c:\program files\TeraCopy
2010-05-23 15:04 . 2010-05-23 15:04 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ABBYY
2010-05-23 14:59 . 2010-05-23 14:59 -------- d-----w- c:\program files\Common Files\ABBYY
2010-05-23 14:57 . 2010-05-23 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\ABBYY
2010-05-23 14:57 . 2010-05-23 16:35 -------- d-----w- c:\program files\ABBYY FineReader 10
2010-05-23 14:57 . 2010-05-23 14:57 -------- d-----w- c:\programdata\ABBYY
2010-05-23 13:43 . 2010-05-23 13:43 -------- d-----w- C:\Team17
2010-05-22 07:48 . 2010-05-22 07:48 -------- d-----w- c:\users\Djerrro\AppData\Roaming\EAST Technologies
2010-05-22 06:44 . 2010-05-22 12:55 47360 ----a-w- c:\users\Djerrro\AppData\Roaming\pcouffin.sys
2010-05-22 06:44 . 2010-05-22 06:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-22 06:41 . 2010-05-22 06:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Scooter Software
2010-05-21 20:57 . 2010-05-22 12:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Vso
2010-05-21 17:55 . 2010-02-26 14:26 220024 ----a-w- c:\windows\system32\sigcheck.exe
2010-05-20 18:40 . 2010-05-20 18:40 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Alzex
2010-05-19 16:53 . 2010-05-19 16:53 -------- d-----w- c:\programdata\complexbackup
2010-05-19 16:52 . 2010-05-19 16:52 -------- d-----w- c:\programdata\backup
2010-05-19 16:15 . 2010-05-19 16:15 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-19 16:15 . 2010-05-19 16:15 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-05-19 16:15 . 2010-05-19 16:15 35552 ----a-w- c:\windows\system32\wups.dll
2010-05-19 16:14 . 2010-05-19 16:14 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-05-19 16:14 . 2010-05-19 16:14 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-19 16:14 . 2010-05-19 16:14 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-05-19 16:14 . 2010-05-19 16:14 44768 ----a-w- c:\windows\system32\wups2.dll
2010-05-19 16:14 . 2010-05-19 16:14 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-19 16:14 . 2010-05-19 16:14 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-05-19 16:13 . 2010-05-26 17:13 -------- d-----w- c:\windows\system32\catroot2
2010-05-19 02:30 . 2010-05-19 02:30 -------- d-----w- c:\windows\Standalone System Sweeper
2010-05-18 18:22 . 2010-05-18 18:22 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Kaspersky Lab
2010-05-18 18:08 . 2010-05-18 18:08 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-17 17:38 . 2010-05-22 15:46 -------- d-----w- c:\program files\Google
2010-05-17 15:00 . 2010-05-28 19:09 -------- d-----w- c:\program files\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Local\Flock
2010-05-16 10:03 . 2010-05-16 10:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PE Explorer
2010-05-15 20:55 . 2010-05-15 20:55 -------- d-----w- c:\programdata\Everstrike
2010-05-15 20:55 . 2010-05-15 20:55 -------- d-----w- c:\program files\Universal Shield 4.3
2010-05-14 15:55 . 2010-05-14 15:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SeriousBit
2010-05-14 15:51 . 2007-01-05 15:55 116736 ----a-w- c:\windows\system32\RestoratorContextMenu.dll
2010-05-14 15:51 . 2010-05-14 15:51 -------- d-----w- c:\program files\Restorator 2009
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\programdata\TechSmith
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\program files\TechSmith
2010-05-13 18:59 . 2010-05-13 18:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-13 18:41 . 2010-05-13 18:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TechSmith
2010-05-13 17:02 . 2010-05-13 17:02 -------- d-----w- c:\users\Djerrro\AppData\Local\assembly
2010-05-13 16:22 . 2010-05-13 16:22 -------- d-----w- c:\users\Djerrro\AppData\Local\TechSmith
2010-05-12 19:24 . 2010-05-12 19:25 -------- d-----w- c:\programdata\SFlash
2010-05-12 19:20 . 2010-05-12 19:21 -------- d-----w- c:\programdata\Visual Watermark
2010-05-12 15:19 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-10 18:01 . 2009-09-09 14:43 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-05-10 18:01 . 2010-05-10 18:01 214448 ----a-w- c:\users\Djerrro\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-10 18:01 . 2010-05-10 18:08 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDM
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Internet download manager
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Softvnn
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Password Generator Professional
2010-05-09 19:49 . 2010-05-09 19:49 -------- d-----w- c:\users\Djerrro\AppData\Local\Office
2010-05-09 19:25 . 2010-05-09 20:12 -------- d-----w- c:\program files\FileZillaPortable
2010-05-08 20:27 . 2010-05-08 20:27 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PgcEdit
2010-05-08 20:06 . 2010-05-26 18:33 -------- d-----w- c:\program files\Trillian
2010-05-08 19:58 . 2010-05-08 19:58 -------- d-----w- c:\users\Djerrro\AppData\Local\BuildAGadget Content
2010-05-07 22:27 . 2010-05-07 22:27 -------- d-----w- c:\program files\BTMPro
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Souptoys
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\programdata\Souptoys
2010-05-05 19:06 . 2010-05-05 19:06 -------- d-----w- c:\windows\system32\RightClickFiles
2010-05-05 17:08 . 2010-05-14 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\Runscanner.net
2010-05-05 17:01 . 2010-05-05 17:07 8107 ----a-w- c:\windows\w7dsd.reg
2010-05-05 17:01 . 2010-05-05 17:07 8089 ----a-w- c:\windows\w7dse.reg
2010-05-05 17:01 . 2010-05-05 17:01 233888 ----a-w- c:\windows\system32\DreamScene.dll
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__\AppData\Roaming\Winamp
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__
2010-05-03 12:24 . 2010-05-03 15:42 -------- d-----w- c:\program files\Winamp
2010-05-03 12:24 . 2010-05-03 12:30 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Winamp
2010-05-02 18:35 . 2010-05-18 15:58 -------- d-----w- c:\users\Djerrro\AppData\Local\ElevatedDiagnostics
2010-05-02 16:57 . 2010-05-12 20:12 -------- d-----w- c:\users\Djerrro\AppData\Local\Paint.NET
2010-05-02 11:15 . 2010-05-02 11:15 -------- d-----w- C:\PFiles
2010-05-02 10:52 . 2010-05-02 10:52 -------- d-----w- c:\program files\Windows Movie Maker 6.0
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\drivers\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\wbem\sr-Latn-CS
2010-05-01 22:13 . 2010-05-01 22:13 -------- d-----w- c:\program files\MSECache
2010-05-01 20:16 . 2010-05-20 16:32 -------- d-----w- c:\users\Neso i Sanja
2010-05-01 19:58 . 2010-05-07 19:09 -------- d-----w- c:\users\Djerrro\Destkop
2010-05-01 18:19 . 2010-05-01 18:19 -------- d-----w- c:\users\Djerrro\AppData\Roaming\HateML
2010-05-01 14:23 . 2010-05-01 14:23 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ArcticLine
2010-05-01 14:10 . 2010-05-01 14:10 4575232 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\gert.tls.dll
2010-05-01 13:46 . 2010-05-01 13:46 -------- d-----w- c:\windows\Sun
2010-05-01 13:30 . 2010-05-01 13:30 -------- d-----w- c:\program files\Common Files\Java
2010-05-01 13:29 . 2010-05-01 13:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 13:29 . 2010-05-01 13:29 -------- d-----w- c:\program files\Java
2010-05-01 09:49 . 2010-05-01 09:49 -------- d-----w- c:\programdata\TreeCardGames
2010-05-01 09:49 . 2010-05-01 09:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SolSuite
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-04-30 19:49 . 2010-05-01 14:11 -------- d-----w- c:\windows\PCHEALTH
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft.NET
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-30 19:48 . 2010-04-30 19:48 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-04-30 19:47 . 2010-04-30 19:47 -------- d-----w- c:\users\Djerrro\AppData\Local\Microsoft Help
2010-04-30 19:47 . 2010-05-02 08:32 -------- d-----w- c:\programdata\Microsoft Help
2010-04-30 19:01 . 2010-04-30 19:01 -------- d-----w- c:\users\Djerrro\AppData\Local\PreEmptive Solutions
2010-04-30 17:52 . 2010-05-25 18:42 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Thinstall
2010-04-30 17:46 . 2010-04-30 17:46 -------- d-----w- c:\users\Djerrro\AppData\Roaming\translateclient
2010-04-30 17:34 . 2010-05-28 15:35 -------- d-----w- c:\program files\Everything-1.2.1.451a
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-29 18:44 . 2010-05-08 09:46 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDMComp
2010-04-29 18:31 . 2010-05-01 13:42 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Trillian
2010-04-29 18:06 . 2010-04-29 18:07 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IcoFX
2010-04-29 15:26 . 2010-04-29 15:26 -------- d-----w- c:\users\Djerrro\AppData\Local\GHISLER
2010-04-29 15:22 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-29 15:22 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-29 15:22 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-29 15:21 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 19:26 . 2010-04-26 19:29 -------- d-----w- c:\programdata\VMware
2010-05-28 19:19 . 2010-04-26 16:29 -------- d-----w- c:\program files\MODEM Mobile Connection
2010-05-28 17:13 . 2010-04-26 19:32 -------- d-----w- c:\users\Djerrro\AppData\Roaming\VMware
2010-05-28 16:12 . 2010-04-26 18:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Skype
2010-05-28 16:00 . 2010-04-28 11:36 -------- d-----w- c:\users\Djerrro\AppData\Roaming\skypePM
2010-05-28 15:17 . 2010-04-26 16:12 -------- d-----w- c:\users\Djerrro\AppData\Roaming\DMCache
2010-05-28 15:05 . 2010-04-26 15:22 -------- d-----w- c:\users\Djerrro\AppData\Roaming\uTorrent
2010-05-25 17:52 . 2010-04-26 18:02 -------- d-----w- c:\program files\Trend Micro
2010-05-23 13:43 . 2010-04-26 15:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-23 13:43 . 2010-04-26 15:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-16 20:25 . 2010-04-26 17:57 -------- d-----w- c:\program files\TC UP
2010-05-16 20:22 . 2010-04-27 19:50 -------- d-----w- c:\users\Djerrro\AppData\Roaming\XnView
2010-05-16 18:07 . 2010-04-27 18:44 -------- d-----w- c:\users\Djerrro\AppData\Roaming\vlc
2010-05-15 18:55 . 2010-04-26 15:17 -------- d-----w- c:\programdata\Win7codecs
2010-05-15 14:25 . 2010-04-26 15:22 -------- d-----w- c:\program files\uTorrent
2010-05-15 13:35 . 2010-04-26 20:10 -------- d-----w- c:\program files\SysTracer
2010-05-12 15:19 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 09:21 . 2010-04-26 16:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-08 12:29 . 2010-04-26 16:26 -------- d-----w- c:\programdata\NVIDIA
2010-05-08 12:14 . 2010-05-08 12:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-03 15:42 . 2010-04-26 16:05 -------- d-----w- c:\program files\DFX
2010-05-02 16:06 . 2010-04-26 15:25 -------- d-----w- c:\program files\Windows7FirewallControl
2010-05-02 08:46 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-05-01 08:39 . 2010-04-26 15:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-30 20:44 . 2010-04-28 17:23 -------- d-----w- c:\programdata\Apple Computer
2010-04-30 20:09 . 2010-04-30 20:09 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-30 20:09 . 2010-04-30 20:09 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-04-30 20:09 . 2010-04-30 20:09 -------- d-----w- c:\program files\Interplay
2010-04-30 19:51 . 2010-04-26 15:48 108824 ----a-w- c:\users\Djerrro\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-29 13:39 . 2010-04-26 15:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-04-26 15:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 18:58 . 2010-04-28 18:58 -------- d-----w- c:\programdata\Paragon
2010-04-28 18:46 . 2010-04-28 18:46 -------- d-----w- c:\programdata\explauncher
2010-04-28 18:46 . 2010-04-28 18:46 -------- d-----w- c:\programdata\launcher
2010-04-28 18:43 . 2010-04-28 18:43 25214 ----a-r- c:\users\Djerrro\AppData\Roaming\Thinstall\VB Decompiler Pro\%SystemRoot%\Installer\{AF58CE7A-B48F-4DDF-8FB7-838DDC22D63C}\RunProductNameDskt_985F828E0E98429F9C05EF3BDE7568F7.exe
2010-04-28 18:43 . 2010-04-28 18:43 -------- d-----w- c:\program files\Paragon Software
2010-04-28 18:03 . 2010-04-28 18:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\WebcamMax
2010-04-28 17:58 . 2010-04-28 17:58 -------- d-----w- c:\programdata\FLEXnet
2010-04-28 17:53 . 2010-04-26 15:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-28 17:52 . 2010-04-28 17:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-28 17:51 . 2010-04-28 17:51 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-28 17:40 . 2010-04-28 17:40 -------- d-----w- c:\users\Djerrro\AppData\Roaming\inkscape
2010-04-28 17:38 . 2010-04-27 19:42 -------- d-----w- c:\users\Djerrro\AppData\Roaming\HEXelon
2010-04-28 17:23 . 2010-04-28 17:23 -------- d-----w- c:\program files\QuickTime
2010-04-28 17:22 . 2010-04-28 17:22 -------- d-----w- c:\program files\Common Files\Apple
2010-04-28 17:22 . 2010-04-28 17:22 -------- d-----w- c:\programdata\Apple
2010-04-28 15:07 . 2010-04-26 16:49 -------- d-----w- c:\program files\SystemExplorerPortable
2010-04-28 11:54 . 2010-04-26 19:51 -------- d-----w- c:\users\Djerrro\AppData\Roaming\BSplayer PRO
2010-04-27 19:59 . 2010-04-27 19:59 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Nero
2010-04-27 19:58 . 2010-04-27 19:58 -------- d-----w- c:\program files\Nero
2010-04-27 19:58 . 2010-04-27 19:58 -------- d-----w- c:\program files\Common Files\Nero
2010-04-27 19:58 . 2010-04-27 19:58 -------- d-----w- c:\programdata\Nero
2010-04-27 18:44 . 2010-04-27 18:44 -------- d-----w- c:\program files\VideoLAN
2010-04-27 18:23 . 2010-04-27 18:23 -------- d-----w- c:\program files\PowerISO
2010-04-27 14:57 . 2010-04-27 14:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-26 20:36 . 2010-04-26 20:35 -------- d-----w- c:\program files\Rainlendar2
2010-04-26 20:20 . 2010-04-26 20:20 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-04-26 20:12 . 2010-04-26 20:11 -------- d-----w- c:\program files\WhereIsIt
2010-04-26 20:11 . 2010-04-26 15:58 -------- d-----w- c:\programdata\WhereIsIt
2010-04-26 20:09 . 2010-04-26 20:09 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-04-26 20:08 . 2010-04-26 20:08 -------- d-----w- c:\program files\Mario Forever
2010-04-26 19:59 . 2010-04-26 19:59 -------- d-----w- c:\program files\Webteh
2010-04-26 19:40 . 2010-04-26 19:31 909320 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-04-26 19:40 . 2010-04-26 19:31 625200 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-04-26 19:38 . 2010-04-26 19:38 -------- d-----w- c:\program files\VMware
2010-04-26 19:37 . 2010-04-26 19:31 958000 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-04-26 19:37 . 2010-04-26 19:31 922672 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-04-26 19:37 . 2010-04-26 19:31 760368 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-04-26 19:37 . 2010-04-26 19:31 703024 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-04-26 19:37 . 2010-04-26 19:31 569344 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-04-26 19:37 . 2010-04-26 19:31 360448 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-04-26 19:37 . 2010-04-26 19:31 331776 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-04-26 19:37 . 2010-04-26 19:31 731696 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-04-26 19:29 . 2010-04-26 19:29 -------- d-----w- c:\program files\Common Files\VMware
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\program files\Vimicro
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\users\Djerrro\AppData\Roaming\InstallShield
2010-04-26 19:18 . 2010-04-26 19:18 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Avira
2010-04-26 19:17 . 2010-04-26 17:22 -------- d-----w- c:\programdata\Mozilla Firefox
2010-04-26 19:16 . 2010-04-26 19:16 -------- d-----w- c:\users\Djerrro\AppData\Roaming\URSoft
2010-04-26 19:15 . 2010-04-26 18:03 -------- d-----r- c:\program files\Skype
2010-04-26 18:22 . 2010-04-26 18:22 -------- d-----w- c:\program files\Sandboxie
2010-04-26 18:03 . 2010-04-26 18:03 -------- d-----w- c:\program files\Common Files\Skype
2010-04-26 18:03 . 2010-04-26 18:03 -------- d-----w- c:\programdata\Skype
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TuneUp Software
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\programdata\TuneUp Software
2010-04-26 17:08 . 2010-04-26 15:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-26 16:39 . 2010-04-26 16:39 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Malwarebytes
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\programdata\DFX
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\users\Guest\AppData\Roaming\Winamp
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\users\Administrator\AppData\Roaming\Winamp
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\program files\Common Files\DFX
2010-04-26 16:03 . 2010-04-26 16:03 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-04-26 15:56 . 2010-04-26 15:56 -------- d-----w- c:\programdata\Malwarebytes
2010-04-26 15:47 . 2010-04-26 15:47 0 ----a-w- c:\windows\nsreg.dat
2010-04-26 15:40 . 2010-04-26 15:40 -------- d-----w- c:\programdata\Avira
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-09-26 05:42 556416 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUpdateCheck"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-07-04 12:16 49152 ----a-w- c:\windows\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-09-30 09:15 387584 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-20 11:14 26192680 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 14:15 49152 ----a-w- c:\windows\vmsnap3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2009-10-22 02:59 129584 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows7FirewallControl"=c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-23 879104]
R3 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-19 1050440]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-03-18 475136]
R3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\Drivers\usbVM303.sys [2007-03-16 1474560]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-03-05 40560]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-22 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 372736]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files\Internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet download manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
.
------- File Associations -------
.
.txt=txt
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85FB0D01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84e4caa0
QueryNameProcedure -> 0x84e4cc30
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-05-28 21:36:49
ComboFix-quarantined-files.txt 2010-05-28 19:36

Pre-Run: 77,003,878,400 bytes free
Post-Run: 76,954,554,368 bytes free

- - End Of File - - F3454EEC2CEE980D15221D52A1E03285

A evo ti i drugi logo:


OTL logfile created on: 5/28/2010 9:44:31 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Djerrro\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109.30 Gb Total Space | 71.74 Gb Free Space | 65.63% Space Free | Partition Type: NTFS
Drive D: | 188.69 Gb Total Space | 91.46 Gb Free Space | 48.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJERRRO-PC
Current User Name: Djerrro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/05/28 21:42:46 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Djerrro\Desktop\OTL.exe
PRC - [2010/05/15 00:00:00 | 002,370,712 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\stpass.exe
PRC - [2010/04/26 18:50:47 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/04/09 14:32:02 | 000,372,736 | ---- | M] (Sphinx Software) -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/04 17:39:21 | 000,116,024 | ---- | M] (Flock, Inc.) -- C:\Program Files\Flock\flock.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/08/22 12:31:06 | 005,148,672 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2009/07/14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/16 18:33:10 | 007,547,424 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2008/07/16 15:42:58 | 005,827,584 | ---- | M] () -- C:\Program Files\MODEM Mobile Connection\MODEM Mobile Connection.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/05/28 21:42:46 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Djerrro\Desktop\OTL.exe
MOD - [2009/11/30 20:14:36 | 001,514,264 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\spCapBtn.dll
MOD - [2009/11/30 20:14:36 | 000,459,008 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\spPCAct.dll
MOD - [2009/07/14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/03/26 21:35:40 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet download manager\idmmkb.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/04/28 19:51:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/26 19:48:46 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/04/26 18:50:47 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/19 13:45:44 | 001,050,440 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/04/19 13:42:36 | 000,030,024 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/04/09 14:32:02 | 000,372,736 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/12/10 23:04:22 | 000,814,344 | ---- | M] (ABBYY) [On_Demand | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)
SRV - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/09/30 11:15:52 | 000,065,024 | ---- | M] (tzuk) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/09/26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/07/14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/05/26 19:05:51 | 000,028,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/05 14:48:14 | 000,385,544 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/03/05 14:48:12 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2010/03/05 14:48:12 | 000,034,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/25 11:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/22 05:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 05:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 05:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 05:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 04:59:48 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport)
DRV - [2009/10/22 03:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 00:13:36 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2009/10/22 00:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 00:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/30 11:15:52 | 000,116,736 | ---- | M] (tzuk) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/09/27 23:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/16 18:14:18 | 002,375,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/03 14:55:26 | 000,076,800 | ---- | M] (© Everstrike Software) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\US4Vista.sys -- (US30Sys)
DRV - [2008/07/15 11:39:10 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/07/14 01:16:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/07/14 01:16:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/01/23 13:18:58 | 000,879,104 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007/03/18 18:06:32 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav303.sys -- (vvftav303)
DRV - [2007/03/16 16:24:50 | 001,474,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC0303) VIMICRO USB PC Camera (ZC0301PLH)
DRV - [2006/01/13 15:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vd_filedisk.sys -- (VD_FileDisk)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.rs/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: [email protected]:6.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.2
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:4.1.3
FF - prefs.js..extensions.enabledItems: {d7ba87f4-c901-47b7-af80-18d75313aad1}:1.3.0


FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files\Flock\components [2010/05/17 18:30:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/05/24 18:27:35 | 000,000,000 | ---D | M]

[2010/05/16 22:14:55 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Extensions
[2010/05/16 22:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010/05/28 11:28:07 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions
[2010/05/08 10:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/05/08 10:03:45 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/05/25 14:38:51 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2010/04/30 12:34:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/17 21:29:53 | 000,000,000 | ---D | M] (facebookchatbar) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{d7ba87f4-c901-47b7-af80-18d75313aad1}
[2010/04/27 20:06:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/11 19:36:11 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/04/27 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\[email protected]
[2010/05/12 16:11:42 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\[email protected]
[2010/04/27 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\[email protected]
[2010/04/27 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\[email protected]
[2010/04/27 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\[email protected]

O1 HOSTS File: ([2010/05/20 18:29:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet download manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [av

1. OTL log nije ceo...postavi log uz poruku.

2. Otvori Notepad i kopiraj tekst koji se nalazi ispod:



Klikni na File\Save as i sacuvaj tekst kao CFScript na Desktop



Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix.exe
To ce startovati ComboFix, mozda ce doci do restarta sistema (to je normalno)
Kada zavrsi,pojavice se log (C:\ComboFix.txt) koji ces kopirati ovde.

Javi sad stanje.

3...kasnije odaradi ovo sa Dr.Web-om

_{[Ovu poruku je menjao magna86 dana 30.05.2010. u 01:04 GMT+1]}

---

Evo logo,sad je valjda ceo:

OTL logfile created on: 5/28/2010 9:44:31 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Djerrro\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109.30 Gb Total Space | 71.74 Gb Free Space | 65.63% Space Free | Partition Type: NTFS
Drive D: | 188.69 Gb Total Space | 91.46 Gb Free Space | 48.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJERRRO-PC
Current User Name: Djerrro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/05/28 21:42:46 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Djerrro\Desktop\OTL.exe
PRC - [2010/05/15 00:00:00 | 002,370,712 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\stpass.exe
PRC - [2010/04/26 18:50:47 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/04/09 14:32:02 | 000,372,736 | ---- | M] (Sphinx Software) -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/04 17:39:21 | 000,116,024 | ---- | M] (Flock, Inc.) -- C:\Program Files\Flock\flock.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/08/22 12:31:06 | 005,148,672 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2009/07/14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/16 18:33:10 | 007,547,424 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2008/07/16 15:42:58 | 005,827,584 | ---- | M] () -- C:\Program Files\MODEM Mobile Connection\MODEM Mobile Connection.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/05/28 21:42:46 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Djerrro\Desktop\OTL.exe
MOD - [2009/11/30 20:14:36 | 001,514,264 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\spCapBtn.dll
MOD - [2009/11/30 20:14:36 | 000,459,008 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\spPCAct.dll
MOD - [2009/07/14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/03/26 21:35:40 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet download manager\idmmkb.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/04/28 19:51:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/26 19:48:46 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/04/26 18:50:47 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/19 13:45:44 | 001,050,440 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/04/19 13:42:36 | 000,030,024 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/04/09 14:32:02 | 000,372,736 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/12/10 23:04:22 | 000,814,344 | ---- | M] (ABBYY) [On_Demand | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)
SRV - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/09/30 11:15:52 | 000,065,024 | ---- | M] (tzuk) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/09/26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/07/14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/05/26 19:05:51 | 000,028,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/05 14:48:14 | 000,385,544 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/03/05 14:48:12 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2010/03/05 14:48:12 | 000,034,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/25 11:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/22 05:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 05:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 05:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 05:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 04:59:48 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport)
DRV - [2009/10/22 03:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 00:13:36 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2009/10/22 00:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 00:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/30 11:15:52 | 000,116,736 | ---- | M] (tzuk) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/09/27 23:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/16 18:14:18 | 002,375,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/03 14:55:26 | 000,076,800 | ---- | M] (© Everstrike Software) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\US4Vista.sys -- (US30Sys)
DRV - [2008/07/15 11:39:10 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/07/14 01:16:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/07/14 01:16:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/01/23 13:18:58 | 000,879,104 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007/03/18 18:06:32 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav303.sys -- (vvftav303)
DRV - [2007/03/16 16:24:50 | 001,474,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC0303) VIMICRO USB PC Camera (ZC0301PLH)
DRV - [2006/01/13 15:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vd_filedisk.sys -- (VD_FileDisk)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.rs/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: [email protected]:6.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.2
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:4.1.3
FF - prefs.js..extensions.enabledItems: {d7ba87f4-c901-47b7-af80-18d75313aad1}:1.3.0


FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files\Flock\components [2010/05/17 18:30:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/05/24 18:27:35 | 000,000,000 | ---D | M]

[2010/05/16 22:14:55 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Extensions
[2010/05/16 22:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010/05/28 11:28:07 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions
[2010/05/08 10:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/05/08 10:03:45 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/05/25 14:38:51 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2010/04/30 12:34:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/17 21:29:53 | 000,000,000 | ---D | M] (facebookchatbar) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{d7ba87f4-c901-47b7-af80-18d75313aad1}
[2010/04/27 20:06:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/11 19:36:11 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/04/27 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\[email protected]
[2010/05/12 16:11:42 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\[email protected]
[2010/04/27 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\[email protected]
[2010/04/27 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\[email protected]
[2010/04/27 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Djerrro\AppData\Roaming\mozilla\Firefox\Profiles\d36a13yw.default\extensions\[email protected]

O1 HOSTS File: ([2010/05/20 18:29:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet download manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUpdateCheck = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PreventItemCreationInUsersFilesFolder = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoReadingPane = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPreviewPane = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeWebView = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnails = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeThisFolder = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebView = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontShowSuperHidden = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AlwaysShowClassicMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentProgForNewUserInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserFolderInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchComputerLinkInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchProgramsInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchInternetInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchFilesInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchCommInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarLockAll = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoResize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoAddRemoveToolbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoDragToolbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoRedock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInplaceSharing = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseFoldersInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TurnOffSPIAnimations = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\WindowsUpdate: DisableWindowsUpdateAccess = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet download manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet download manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet download manager\IEExt.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6...tall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6...tall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6...tall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/05/28 21:42:40 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Djerrro\Desktop\OTL.exe
[2010/05/28 21:36:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/28 21:36:52 | 000,000,000 | ---D | C] -- C:\Users\Neso i Sanja\AppData\Local\temp
[2010/05/28 21:20:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/27 21:30:02 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Proxima Software
[2010/05/25 17:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/05/25 17:54:41 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\spybotSD
[2010/05/24 17:52:32 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\WinPatrol
[2010/05/23 21:48:59 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\TeraCopy
[2010/05/23 21:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2010/05/23 21:12:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/23 17:04:22 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\ABBYY
[2010/05/23 16:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ABBYY
[2010/05/23 16:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 10
[2010/05/23 16:57:18 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\ABBYY
[2010/05/23 16:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2010/05/23 15:43:56 | 000,000,000 | ---D | C] -- C:\Team17
[2010/05/22 19:29:36 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\Ervin
[2010/05/22 16:27:36 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Documents\ConvertXToDVD
[2010/05/22 13:33:52 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Documents\Personal Finances
[2010/05/22 09:48:44 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\EAST Technologies
[2010/05/22 09:47:28 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\East-Tec Eraser 2010
[2010/05/22 08:44:57 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Djerrro\AppData\Roaming\pcouffin.sys
[2010/05/22 08:41:09 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Scooter Software
[2010/05/21 22:57:39 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Vso
[2010/05/21 19:55:58 | 000,220,024 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\sigcheck.exe
[2010/05/20 20:40:59 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Alzex
[2010/05/20 20:32:44 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\USB_by_veto
[2010/05/20 18:11:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/20 18:11:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/20 18:11:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/20 18:11:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/19 18:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\complexbackup
[2010/05/19 18:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\backup
[2010/05/19 18:15:07 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/05/19 18:15:07 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/05/19 18:15:07 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/05/19 18:14:58 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/05/19 18:14:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/05/19 18:14:49 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/05/19 18:14:49 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/05/19 18:13:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010/05/19 04:30:36 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper
[2010/05/18 21:27:58 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\CardRecovery
[2010/05/18 20:22:16 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Kaspersky Lab
[2010/05/18 20:08:33 | 000,000,000 | --SD | C] -- C:\Users\Djerrro\Documents\Passwords Database
[2010/05/18 20:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/05/17 19:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/17 17:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Flock
[2010/05/16 22:14:52 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Flock
[2010/05/16 22:14:52 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\Flock
[2010/05/16 18:09:02 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Documents\DriverGenius
[2010/05/16 12:03:50 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\PE Explorer
[2010/05/16 10:31:36 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\advancedmysqlinjenctioninjoomla
[2010/05/15 22:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Everstrike
[2010/05/15 22:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Universal Shield 4.3
[2010/05/14 21:18:06 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\Kurs za pc servisere
[2010/05/14 21:17:53 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\Nadogradnja i popravka PC-ja
[2010/05/14 17:55:19 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\SeriousBit
[2010/05/14 17:51:48 | 000,116,736 | ---- | C] (bome.com) -- C:\Windows\System32\RestoratorContextMenu.dll
[2010/05/14 17:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Restorator 2009
[2010/05/13 21:01:11 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Documents\Snagit
[2010/05/13 21:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/05/13 21:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/05/13 20:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/13 20:41:15 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\TechSmith
[2010/05/13 19:02:27 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\assembly
[2010/05/13 18:22:34 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\TechSmith
[2010/05/13 17:38:36 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Documents\Outlook Files
[2010/05/12 21:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SFlash
[2010/05/12 21:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Visual Watermark
[2010/05/10 21:11:27 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Documents\ABIX
[2010/05/10 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Desktop\net limit
[2010/05/10 20:01:48 | 000,210,352 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\idmmbc.dll
[2010/05/10 20:01:14 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\IDM
[2010/05/10 20:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Softvnn
[2010/05/10 20:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Internet download manager
[2010/05/10 18:00:23 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Password Generator Professional
[2010/05/09 21:49:36 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\Office
[2010/05/09 21:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\FileZillaPortable
[2010/05/08 22:27:21 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\PgcEdit
[2010/05/08 22:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trillian
[2010/05/08 21:58:35 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\BuildAGadget Content
[2010/05/08 00:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\BTMPro
[2010/05/06 20:39:10 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Souptoys
[2010/05/06 20:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Souptoys
[2010/05/05 21:06:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\RightClickFiles
[2010/05/05 19:08:04 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\Runscanner.net
[2010/05/05 19:01:26 | 000,233,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DreamScene.dll
[2010/05/03 14:24:39 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Winamp
[2010/05/03 14:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/05/02 20:35:47 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\ElevatedDiagnostics
[2010/05/02 18:57:07 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\Paint.NET
[2010/05/02 13:15:37 | 000,000,000 | ---D | C] -- C:\PFiles
[2010/05/02 12:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Movie Maker 6.0
[2010/05/02 10:46:29 | 000,000,000 | ---D | C] -- C:\Windows\sr-Latn-CS
[2010/05/02 10:46:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sr-Latn-CS
[2010/05/02 10:43:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\portcls.sys.mui
[2010/05/02 10:43:50 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\serscan.sys.mui
[2010/05/02 10:43:49 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\ataport.sys.mui
[2010/05/02 10:43:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\amdide.sys.mui
[2010/05/02 10:43:48 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\tcpip.sys.mui
[2010/05/02 10:43:46 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\scfilter.sys.mui
[2010/05/02 10:43:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\bthport.sys.mui
[2010/05/02 10:43:33 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\hidbth.sys.mui
[2010/05/02 10:43:33 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\BTHUSB.SYS.mui
[2010/05/02 10:43:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\bthenum.sys.mui
[2010/05/02 00:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/05/01 21:58:21 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\Destkop
[2010/05/01 20:19:01 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\HateML
[2010/05/01 16:23:19 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\ArcticLine
[2010/05/01 15:46:16 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/05/01 15:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/01 15:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/01 15:29:47 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/01 15:29:47 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/01 15:29:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/01 15:29:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/01 15:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/01 11:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TreeCardGames
[2010/05/01 11:49:17 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\SolSuite
[2010/04/30 22:09:39 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LMRTREND.dll
[2010/04/30 22:09:38 | 000,217,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\strmdll.dll
[2010/04/30 22:09:38 | 000,182,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft3.dll
[2010/04/30 22:09:38 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\System32\tm20dec.ax
[2010/04/30 22:09:37 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unam4ie.exe
[2010/04/30 22:09:36 | 001,088,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\danim.dll
[2010/04/30 22:09:36 | 000,194,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcut.dll
[2010/04/30 22:09:36 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz.drv
[2010/04/30 22:09:36 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w95inf32.dll
[2010/04/30 22:09:36 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w95inf16.dll
[2010/04/30 22:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Interplay
[2010/04/30 22:09:09 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010/04/30 21:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/04/30 21:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/30 21:49:15 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/04/30 21:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/04/30 21:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/04/30 21:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/04/30 21:47:51 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\Microsoft Help
[2010/04/30 21:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/30 21:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/04/30 21:01:28 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\PreEmptive Solutions
[2010/04/30 19:52:39 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Thinstall
[2010/04/30 19:46:21 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\translateclient
[2010/04/30 19:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Everything-1.2.1.451a
[2010/04/29 20:47:18 | 003,600,384 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2010/04/29 20:44:47 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\IDMComp
[2010/04/29 20:31:53 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Trillian
[2010/04/29 20:06:59 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\IcoFX
[2010/04/29 17:26:31 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\GHISLER
[2010/04/29 17:22:04 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/04/29 17:22:04 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32

[s

[2010/04/30 21:49:15 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/04/30 21:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/04/30 21:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/04/30 21:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/04/30 21:47:51 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\Microsoft Help
[2010/04/30 21:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/30 21:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/04/30 21:01:28 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\PreEmptive Solutions
[2010/04/30 19:52:39 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Thinstall
[2010/04/30 19:46:21 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\translateclient
[2010/04/30 19:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Everything-1.2.1.451a
[2010/04/29 20:47:18 | 003,600,384 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2010/04/29 20:44:47 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\IDMComp
[2010/04/29 20:31:53 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\Trillian
[2010/04/29 20:06:59 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Roaming\IcoFX
[2010/04/29 17:26:31 | 000,000,000 | ---D | C] -- C:\Users\Djerrro\AppData\Local\GHISLER
[2010/04/29 17:22:04 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/04/29 17:22:04 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/05/28 21:47:34 | 003,407,872 | -HS- | M] () -- C:\Users\Djerrro\NTUSER.DAT
[2010/05/28 21:42:46 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Djerrro\Desktop\OTL.exe
[2010/05/28 21:37:31 | 003,036,960 | -H-- | M] () -- C:\Users\Djerrro\AppData\Local\IconCache.db
[2010/05/28 21:34:12 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/28 21:33:14 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/28 21:33:14 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/28 21:25:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/28 21:25:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/28 21:25:42 | 1559,928,832 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/27 20:28:40 | 000,000,083 | ---- | M] () -- C:\Windows\wwp.INI
[2010/05/27 17:58:47 | 197,426,837 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/27 17:18:22 | 000,050,477 | ---- | M] () -- C:\Users\Djerrro\Desktop\Defogger.exe
[2010/05/26 19:05:51 | 000,028,520 | ---- | M] () -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/05/25 20:37:11 | 008,066,605 | ---- | M] () -- C:\Users\Djerrro\Desktop\Runalyz-1.6.1.24.exe
[2010/05/25 19:15:58 | 000,002,973 | ---- | M] () -- C:\Users\Djerrro\Desktop\HiJackThis.lnk
[2010/05/23 16:29:39 | 000,722,040 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/23 16:29:39 | 000,620,710 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/23 16:29:39 | 000,105,550 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/23 01:04:56 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/05/22 20:54:18 | 000,000,031 | ---- | M] () -- C:\Windows\RHWDWIN.INI
[2010/05/22 19:32:16 | 002,334,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/22 14:55:39 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Djerrro\AppData\Roaming\pcouffin.sys
[2010/05/22 14:55:39 | 000,007,887 | ---- | M] () -- C:\Users\Djerrro\AppData\Roaming\pcouffin.cat
[2010/05/22 14:55:39 | 000,001,144 | ---- | M] () -- C:\Users\Djerrro\AppData\Roaming\pcouffin.inf
[2010/05/22 13:07:21 | 000,001,189 | ---- | M] () -- C:\Users\Djerrro\AppData\Roaming\vso_ts_preview.xml
[2010/05/22 11:57:07 | 005,146,166 | ---- | M] () -- C:\Users\Djerrro\Desktop\Personal Finances Pro.exe
[2010/05/20 19:35:38 | 000,000,811 | ---- | M] () -- C:\Windows\win.ini
[2010/05/20 19:19:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/20 18:29:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/19 18:15:07 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/05/19 18:15:07 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/05/19 18:15:07 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/05/19 18:14:58 | 000,171,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/05/19 18:14:58 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/05/19 18:14:49 | 002,421,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/05/19 18:14:49 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/05/18 20:08:28 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
[2010/05/16 12:20:05 | 002,034,872 | ---- | M] () -- C:\Users\Djerrro\Desktop\Xyplorer.sfx.exe
[2010/05/15 10:01:44 | 000,008,704 | ---- | M] () -- C:\Users\Djerrro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/12 19:31:40 | 000,000,218 | ---- | M] () -- C:\Users\Djerrro\.recently-used.xbel
[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/08 22:07:05 | 000,001,053 | ---- | M] () -- C:\Users\Djerrro\Desktop\Trillian.lnk
[2010/05/08 14:14:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/05/08 11:09:14 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/05/05 19:07:09 | 000,008,107 | ---- | M] () -- C:\Windows\w7dsd.reg
[2010/05/05 19:07:09 | 000,008,089 | ---- | M] () -- C:\Windows\w7dse.reg
[2010/05/05 19:01:26 | 000,233,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DreamScene.dll
[2010/05/01 15:29:39 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/01 15:29:39 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/01 15:29:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/01 15:29:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/01 12:24:53 | 000,000,083 | ---- | M] () -- C:\Windows\wininit.ini
[2010/04/30 23:11:56 | 000,000,000 | ---- | M] () -- C:\Windows\LiveBilliards,2.INI
[2010/04/30 23:10:33 | 000,000,000 | ---- | M] () -- C:\Windows\LiveBilliards,1.INI
[2010/04/30 22:09:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w95inf32.dll
[2010/04/30 22:09:35 | 000,002,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w95inf16.dll
[2010/04/30 21:51:01 | 000,108,824 | ---- | M] () -- C:\Users\Djerrro\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/30 19:40:51 | 000,001,620 | ---- | M] () -- C:\Users\Djerrro\Desktop\Portabl.lnk
[2010/04/29 20:47:18 | 003,600,384 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/05/27 17:18:21 | 000,050,477 | ---- | C] () -- C:\Users\Djerrro\Desktop\Defogger.exe
[2010/05/25 20:37:05 | 008,066,605 | ---- | C] () -- C:\Users\Djerrro\Desktop\Runalyz-1.6.1.24.exe
[2010/05/25 19:15:58 | 000,002,973 | ---- | C] () -- C:\Users\Djerrro\Desktop\HiJackThis.lnk
[2010/05/25 18:47:22 | 197,426,837 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/23 15:54:54 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2010/05/22 19:31:58 | 002,334,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/22 11:46:48 | 005,146,166 | ---- | C] () -- C:\Users\Djerrro\Desktop\Personal Finances Pro.exe
[2010/05/22 08:45:32 | 000,000,033 | ---- | C] () -- C:\Users\Djerrro\AppData\Roaming\pcouffin.log
[2010/05/22 08:44:57 | 000,007,887 | ---- | C] () -- C:\Users\Djerrro\AppData\Roaming\pcouffin.cat
[2010/05/22 08:44:57 | 000,001,144 | ---- | C] () -- C:\Users\Djerrro\AppData\Roaming\pcouffin.inf
[2010/05/21 22:57:39 | 000,001,189 | ---- | C] () -- C:\Users\Djerrro\AppData\Roaming\vso_ts_preview.xml
[2010/05/20 19:19:10 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/05/20 18:11:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/20 18:11:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/20 18:11:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/20 18:11:38 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/20 18:11:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/18 20:08:28 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
[2010/05/16 12:20:03 | 002,034,872 | ---- | C] () -- C:\Users\Djerrro\Desktop\Xyplorer.sfx.exe
[2010/05/12 19:31:40 | 000,000,218 | ---- | C] () -- C:\Users\Djerrro\.recently-used.xbel
[2010/05/08 22:07:05 | 000,001,053 | ---- | C] () -- C:\Users\Djerrro\Desktop\Trillian.lnk
[2010/05/08 14:14:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/05/07 22:57:06 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/05 19:01:26 | 000,008,107 | ---- | C] () -- C:\Windows\w7dsd.reg
[2010/05/05 19:01:26 | 000,008,089 | ---- | C] () -- C:\Windows\w7dse.reg
[2010/05/01 12:24:53 | 000,000,083 | ---- | C] () -- C:\Windows\wininit.ini
[2010/04/30 23:11:56 | 000,000,000 | ---- | C] () -- C:\Windows\LiveBilliards,2.INI
[2010/04/30 23:10:33 | 000,000,000 | ---- | C] () -- C:\Windows\LiveBilliards,1.INI
[2010/04/30 22:09:36 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010/04/30 22:09:36 | 000,005,672 | ---- | C] () -- C:\Windows\System32\quartz.vxd
[2010/04/29 16:32:16 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/04/28 20:02:36 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2010/04/27 22:36:43 | 000,000,031 | ---- | C] () -- C:\Windows\RHWDWIN.INI
[2010/04/27 10:45:45 | 000,000,082 | ---- | C] () -- C:\Windows\mafosav.INI
[2010/04/26 21:25:36 | 000,139,264 | ---- | C] () -- C:\Windows\System32\vmcoinst_zc0301plh.dll
[2010/04/26 20:22:26 | 000,002,716 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/04/26 17:40:55 | 000,028,520 | ---- | C] () -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/02/21 04:48:22 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/11/02 10:38:16 | 000,009,792 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:C97C8631
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B3D74A13
< End of report >

Sa dr.web-om imam probleme.Skinucu ga ponovo,ali sam ispucao internet za ovaj mesec.Pa cu od Utorka i to odraditi.Evo logo od Combofixa:

ComboFix 10-05-26.03 - Djerrro 05/30/2010 12:09:20.11.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1984.1300 [GMT 2:00]
Running from: c:\users\Djerrro\Desktop\ComboFix.exe
Command switches used :: c:\users\Djerrro\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\w32dasm8.ini

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-30 )))))))))))))))))))))))))))))))
.

2010-05-30 10:16 . 2010-05-30 10:16 -------- d-----w- c:\users\Djerrro\AppData\Local\temp
2010-05-30 10:16 . 2010-05-30 10:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-30 10:16 . 2010-05-30 10:16 -------- d-----w- c:\users\Neso i Sanja\AppData\Local\temp
2010-05-30 10:16 . 2010-05-30 10:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-05-30 10:16 . 2010-05-30 10:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-30 10:16 . 2010-05-30 10:16 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-05-30 10:16 . 2010-05-30 10:16 -------- d-----w- c:\users\__vmware_user__\AppData\Local\temp
2010-05-29 20:30 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-29 20:30 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-29 20:30 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-05-29 20:29 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-05-29 20:29 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-05-29 17:56 . 2010-05-29 18:00 -------- d-----w- c:\users\Djerrro\AppData\Roaming\GHISLER
2010-05-29 14:06 . 2010-05-29 14:06 -------- d-----w- c:\programdata\Network LookOut Administrator Pro
2010-05-29 10:16 . 2010-05-29 10:16 10220 ----a-w- c:\users\Djerrro\AppData\Roaming\IDM\DwnlData\Djerrro\pure9.0.0.192en_340\pure9.0.0.192en.exe
2010-05-29 09:59 . 2010-05-29 10:01 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TheWorld
2010-05-29 09:53 . 2010-05-29 09:53 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SystemTools
2010-05-28 15:13 . 2010-05-28 15:13 25957 ----a-w- c:\users\Djerrro\AppData\Roaming\IDM\DwnlData\Djerrro\Dropbox-200.8.64_337\Dropbox-200.8.64.exe
2010-05-27 19:30 . 2010-05-27 19:30 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Proxima Software
2010-05-25 17:15 . 2010-05-25 17:15 388096 ----a-r- c:\users\Djerrro\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-24 15:52 . 2010-05-24 15:52 -------- d-----w- c:\users\Djerrro\AppData\Roaming\WinPatrol
2010-05-24 15:52 . 2009-06-10 21:42 24 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Autoexec.bat
2010-05-24 15:52 . 2009-06-10 21:42 10 ----a-w- c:\users\Djerrro\AppData\Roaming\WinPatrol\Config.sys
2010-05-23 19:48 . 2010-05-30 09:58 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TeraCopy
2010-05-23 19:48 . 2010-05-23 19:48 -------- d-----w- c:\program files\TeraCopy
2010-05-23 15:04 . 2010-05-23 15:04 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ABBYY
2010-05-23 14:59 . 2010-05-23 14:59 -------- d-----w- c:\program files\Common Files\ABBYY
2010-05-23 14:57 . 2010-05-23 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\ABBYY
2010-05-23 14:57 . 2010-05-23 16:35 -------- d-----w- c:\program files\ABBYY FineReader 10
2010-05-23 14:57 . 2010-05-23 14:57 -------- d-----w- c:\programdata\ABBYY
2010-05-23 13:43 . 2010-05-23 13:43 -------- d-----w- C:\Team17
2010-05-22 07:48 . 2010-05-22 07:48 -------- d-----w- c:\users\Djerrro\AppData\Roaming\EAST Technologies
2010-05-22 06:44 . 2010-05-22 12:55 47360 ----a-w- c:\users\Djerrro\AppData\Roaming\pcouffin.sys
2010-05-22 06:44 . 2010-05-22 06:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-22 06:41 . 2010-05-22 06:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Scooter Software
2010-05-21 20:57 . 2010-05-22 12:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Vso
2010-05-21 17:55 . 2010-02-26 14:26 220024 ----a-w- c:\windows\system32\sigcheck.exe
2010-05-20 18:40 . 2010-05-20 18:40 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Alzex
2010-05-19 16:53 . 2010-05-19 16:53 -------- d-----w- c:\programdata\complexbackup
2010-05-19 16:52 . 2010-05-19 16:52 -------- d-----w- c:\programdata\backup
2010-05-19 16:15 . 2010-05-19 16:15 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-19 16:15 . 2010-05-19 16:15 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-05-19 16:15 . 2010-05-19 16:15 35552 ----a-w- c:\windows\system32\wups.dll
2010-05-19 16:14 . 2010-05-19 16:14 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-05-19 16:14 . 2010-05-19 16:14 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-19 16:14 . 2010-05-19 16:14 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-05-19 16:14 . 2010-05-19 16:14 44768 ----a-w- c:\windows\system32\wups2.dll
2010-05-19 16:14 . 2010-05-19 16:14 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-19 16:14 . 2010-05-19 16:14 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-05-19 16:13 . 2010-05-26 17:13 -------- d-----w- c:\windows\system32\catroot2
2010-05-19 02:30 . 2010-05-19 02:30 -------- d-----w- c:\windows\Standalone System Sweeper
2010-05-18 18:22 . 2010-05-18 18:22 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Kaspersky Lab
2010-05-18 18:08 . 2010-05-18 18:08 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-17 17:38 . 2010-05-22 15:46 -------- d-----w- c:\program files\Google
2010-05-17 15:00 . 2010-05-30 09:50 -------- d-----w- c:\program files\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Flock
2010-05-16 20:14 . 2010-05-16 20:14 -------- d-----w- c:\users\Djerrro\AppData\Local\Flock
2010-05-16 10:03 . 2010-05-16 10:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PE Explorer
2010-05-15 20:55 . 2010-05-15 20:55 -------- d-----w- c:\program files\Universal Shield 4.3
2010-05-14 15:55 . 2010-05-14 15:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SeriousBit
2010-05-14 15:51 . 2007-01-05 15:55 116736 ----a-w- c:\windows\system32\RestoratorContextMenu.dll
2010-05-14 15:51 . 2010-05-14 15:51 -------- d-----w- c:\program files\Restorator 2009
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\programdata\TechSmith
2010-05-13 19:00 . 2010-05-13 19:00 -------- d-----w- c:\program files\TechSmith
2010-05-13 18:59 . 2010-05-13 18:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-13 18:41 . 2010-05-13 18:41 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TechSmith
2010-05-13 17:02 . 2010-05-13 17:02 -------- d-----w- c:\users\Djerrro\AppData\Local\assembly
2010-05-13 16:22 . 2010-05-13 16:22 -------- d-----w- c:\users\Djerrro\AppData\Local\TechSmith
2010-05-12 19:24 . 2010-05-12 19:25 -------- d-----w- c:\programdata\SFlash
2010-05-12 19:20 . 2010-05-12 19:21 -------- d-----w- c:\programdata\Visual Watermark
2010-05-12 15:19 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-10 18:01 . 2009-09-09 14:43 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-05-10 18:01 . 2010-05-10 18:01 214448 ----a-w- c:\users\Djerrro\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-10 18:01 . 2010-05-10 18:08 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDM
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Internet download manager
2010-05-10 18:01 . 2010-05-10 18:01 -------- d-----w- c:\program files\Softvnn
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Password Generator Professional
2010-05-09 19:49 . 2010-05-09 19:49 -------- d-----w- c:\users\Djerrro\AppData\Local\Office
2010-05-09 19:25 . 2010-05-09 20:12 -------- d-----w- c:\program files\FileZillaPortable
2010-05-08 20:27 . 2010-05-08 20:27 -------- d-----w- c:\users\Djerrro\AppData\Roaming\PgcEdit
2010-05-08 20:06 . 2010-05-29 13:15 -------- d-----w- c:\program files\Trillian
2010-05-08 19:58 . 2010-05-08 19:58 -------- d-----w- c:\users\Djerrro\AppData\Local\BuildAGadget Content
2010-05-07 22:27 . 2010-05-07 22:27 -------- d-----w- c:\program files\BTMPro
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Souptoys
2010-05-06 18:39 . 2010-05-06 18:39 -------- d-----w- c:\programdata\Souptoys
2010-05-05 19:06 . 2010-05-05 19:06 -------- d-----w- c:\windows\system32\RightClickFiles
2010-05-05 17:08 . 2010-05-14 20:23 -------- d-----w- c:\users\Djerrro\AppData\Local\Runscanner.net
2010-05-05 17:01 . 2010-05-05 17:07 8107 ----a-w- c:\windows\w7dsd.reg
2010-05-05 17:01 . 2010-05-05 17:07 8089 ----a-w- c:\windows\w7dse.reg
2010-05-05 17:01 . 2010-05-05 17:01 233888 ----a-w- c:\windows\system32\DreamScene.dll
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__\AppData\Roaming\Winamp
2010-05-03 15:42 . 2010-05-03 15:42 -------- d-----w- c:\users\__vmware_user__
2010-05-03 12:24 . 2010-05-03 15:42 -------- d-----w- c:\program files\Winamp
2010-05-03 12:24 . 2010-05-03 12:30 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Winamp
2010-05-02 18:35 . 2010-05-18 15:58 -------- d-----w- c:\users\Djerrro\AppData\Local\ElevatedDiagnostics
2010-05-02 16:57 . 2010-05-12 20:12 -------- d-----w- c:\users\Djerrro\AppData\Local\Paint.NET
2010-05-02 11:15 . 2010-05-02 11:15 -------- d-----w- C:\PFiles
2010-05-02 10:52 . 2010-05-02 10:52 -------- d-----w- c:\program files\Windows Movie Maker 6.0
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\drivers\sr-Latn-CS
2010-05-02 08:46 . 2010-05-02 08:46 -------- d-----w- c:\windows\system32\wbem\sr-Latn-CS
2010-05-01 22:13 . 2010-05-01 22:13 -------- d-----w- c:\program files\MSECache
2010-05-01 20:16 . 2010-05-20 16:32 -------- d-----w- c:\users\Neso i Sanja
2010-05-01 19:58 . 2010-05-07 19:09 -------- d-----w- c:\users\Djerrro\Destkop
2010-05-01 18:19 . 2010-05-01 18:19 -------- d-----w- c:\users\Djerrro\AppData\Roaming\HateML
2010-05-01 14:23 . 2010-05-01 14:23 -------- d-----w- c:\users\Djerrro\AppData\Roaming\ArcticLine
2010-05-01 14:10 . 2010-05-01 14:10 4575232 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\gert.tls.dll
2010-05-01 13:46 . 2010-05-01 13:46 -------- d-----w- c:\windows\Sun
2010-05-01 13:30 . 2010-05-01 13:30 -------- d-----w- c:\program files\Common Files\Java
2010-05-01 13:29 . 2010-05-01 13:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 13:29 . 2010-05-01 13:29 -------- d-----w- c:\program files\Java
2010-05-01 09:49 . 2010-05-01 09:49 -------- d-----w- c:\programdata\TreeCardGames
2010-05-01 09:49 . 2010-05-01 09:55 -------- d-----w- c:\users\Djerrro\AppData\Roaming\SolSuite
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-04-30 19:49 . 2010-05-01 14:11 -------- d-----w- c:\windows\PCHEALTH
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft.NET
2010-04-30 19:49 . 2010-04-30 19:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-30 19:48 . 2010-04-30 19:48 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-04-30 19:47 . 2010-04-30 19:47 -------- d-----w- c:\users\Djerrro\AppData\Local\Microsoft Help
2010-04-30 19:47 . 2010-05-29 13:47 -------- d-----w- c:\programdata\Microsoft Help
2010-04-30 19:01 . 2010-04-30 19:01 -------- d-----w- c:\users\Djerrro\AppData\Local\PreEmptive Solutions
2010-04-30 17:52 . 2010-05-29 20:12 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Thinstall
2010-04-30 17:46 . 2010-04-30 17:46 -------- d-----w- c:\users\Djerrro\AppData\Roaming\translateclient
2010-04-30 17:34 . 2010-05-29 09:08 -------- d-----w- c:\program files\Everything-1.2.1.451a

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 10:08 . 2010-04-26 19:29 -------- d-----w- c:\programdata\VMware
2010-05-30 09:58 . 2010-04-26 16:29 -------- d-----w- c:\program files\MODEM Mobile Connection
2010-05-30 09:21 . 2010-04-26 19:32 -------- d-----w- c:\users\Djerrro\AppData\Roaming\VMware
2010-05-29 20:22 . 2010-04-27 19:58 -------- d-----w- c:\program files\Nero
2010-05-29 18:56 . 2010-04-26 16:12 -------- d-----w- c:\users\Djerrro\AppData\Roaming\DMCache
2010-05-29 13:06 . 2010-04-26 19:51 -------- d-----w- c:\users\Djerrro\AppData\Roaming\BSplayer PRO
2010-05-29 12:51 . 2010-04-26 18:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Skype
2010-05-29 12:49 . 2010-04-28 11:36 -------- d-----w- c:\users\Djerrro\AppData\Roaming\skypePM
2010-05-29 12:41 . 2010-04-26 15:22 -------- d-----w- c:\users\Djerrro\AppData\Roaming\uTorrent
2010-05-25 17:52 . 2010-04-26 18:02 -------- d-----w- c:\program files\Trend Micro
2010-05-23 13:43 . 2010-04-26 15:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-23 13:43 . 2010-04-26 15:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-16 20:25 . 2010-04-26 17:57 -------- d-----w- c:\program files\TC UP
2010-05-16 20:22 . 2010-04-27 19:50 -------- d-----w- c:\users\Djerrro\AppData\Roaming\XnView
2010-05-16 18:07 . 2010-04-27 18:44 -------- d-----w- c:\users\Djerrro\AppData\Roaming\vlc
2010-05-15 18:55 . 2010-04-26 15:17 -------- d-----w- c:\programdata\Win7codecs
2010-05-15 14:25 . 2010-04-26 15:22 -------- d-----w- c:\program files\uTorrent
2010-05-15 13:35 . 2010-04-26 20:10 -------- d-----w- c:\program files\SysTracer
2010-05-12 15:19 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 09:21 . 2010-04-26 16:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-08 12:29 . 2010-04-26 16:26 -------- d-----w- c:\programdata\NVIDIA
2010-05-08 12:14 . 2010-05-08 12:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-08 09:46 . 2010-04-29 18:44 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IDMComp
2010-05-03 15:42 . 2010-04-26 16:05 -------- d-----w- c:\program files\DFX
2010-05-02 16:06 . 2010-04-26 15:25 -------- d-----w- c:\program files\Windows7FirewallControl
2010-05-02 08:46 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-05-02 08:46 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-05-01 13:42 . 2010-04-29 18:31 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Trillian
2010-05-01 08:39 . 2010-04-26 15:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-30 20:44 . 2010-04-28 17:23 -------- d-----w- c:\programdata\Apple Computer
2010-04-30 20:09 . 2010-04-30 20:09 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-30 20:09 . 2010-04-30 20:09 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-04-30 20:09 . 2010-04-30 20:09 -------- d-----w- c:\program files\Interplay
2010-04-30 19:51 . 2010-04-26 15:48 108824 ----a-w- c:\users\Djerrro\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-29 18:07 . 2010-04-29 18:06 -------- d-----w- c:\users\Djerrro\AppData\Roaming\IcoFX
2010-04-29 13:39 . 2010-04-26 15:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-04-26 15:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 19:38 . 2010-04-28 19:38 -------- d-----w- c:\programdata\wipe
2010-04-28 18:58 . 2010-04-28 18:58 -------- d-----w- c:\programdata\Paragon
2010-04-28 18:46 . 2010-04-28 18:46 -------- d-----w- c:\programdata\explauncher
2010-04-28 18:46 . 2010-04-28 18:46 -------- d-----w- c:\programdata\launcher
2010-04-28 18:43 . 2010-04-28 18:43 25214 ----a-r- c:\users\Djerrro\AppData\Roaming\Thinstall\VB Decompiler Pro\%SystemRoot%\Installer\{AF58CE7A-B48F-4DDF-8FB7-838DDC22D63C}\RunProductNameDskt_985F828E0E98429F9C05EF3BDE7568F7.exe
2010-04-28 18:43 . 2010-04-28 18:43 -------- d-----w- c:\program files\Paragon Software
2010-04-28 18:03 . 2010-04-28 18:03 -------- d-----w- c:\users\Djerrro\AppData\Roaming\WebcamMax
2010-04-28 17:58 . 2010-04-28 17:58 -------- d-----w- c:\programdata\FLEXnet
2010-04-28 17:53 . 2010-04-26 15:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-28 17:52 . 2010-04-28 17:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-28 17:51 . 2010-04-28 17:51 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-28 17:40 . 2010-04-28 17:40 -------- d-----w- c:\users\Djerrro\AppData\Roaming\inkscape
2010-04-28 17:38 . 2010-04-27 19:42 -------- d-----w- c:\users\Djerrro\AppData\Roaming\HEXelon
2010-04-28 17:23 . 2010-04-28 17:23 -------- d-----w- c:\program files\QuickTime
2010-04-28 17:22 . 2010-04-28 17:22 -------- d-----w- c:\program files\Common Files\Apple
2010-04-28 17:22 . 2010-04-28 17:22 -------- d-----w- c:\programdata\Apple
2010-04-28 15:07 . 2010-04-26 16:49 -------- d-----w- c:\program files\SystemExplorerPortable
2010-04-27 19:59 . 2010-04-27 19:59 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Nero
2010-04-27 18:44 . 2010-04-27 18:44 -------- d-----w- c:\program files\VideoLAN
2010-04-27 18:23 . 2010-04-27 18:23 -------- d-----w- c:\program files\PowerISO
2010-04-27 14:57 . 2010-04-27 14:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-26 20:36 . 2010-04-26 20:35 -------- d-----w- c:\program files\Rainlendar2
2010-04-26 20:20 . 2010-04-26 20:20 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-04-26 20:12 . 2010-04-26 20:11 -------- d-----w- c:\program files\WhereIsIt
2010-04-26 20:11 . 2010-04-26 15:58 -------- d-----w- c:\programdata\WhereIsIt
2010-04-26 20:09 . 2010-04-26 20:09 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-04-26 20:08 . 2010-04-26 20:08 -------- d-----w- c:\program files\Mario Forever
2010-04-26 19:59 . 2010-04-26 19:59 -------- d-----w- c:\program files\Webteh
2010-04-26 19:40 . 2010-04-26 19:31 909320 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-04-26 19:40 . 2010-04-26 19:31 625200 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-04-26 19:38 . 2010-04-26 19:38 -------- d-----w- c:\program files\VMware
2010-04-26 19:37 . 2010-04-26 19:31 958000 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-04-26 19:37 . 2010-04-26 19:31 922672 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-04-26 19:37 . 2010-04-26 19:31 760368 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-04-26 19:37 . 2010-04-26 19:31 703024 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-04-26 19:37 . 2010-04-26 19:31 569344 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-04-26 19:37 . 2010-04-26 19:31 360448 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-04-26 19:37 . 2010-04-26 19:31 331776 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-04-26 19:37 . 2010-04-26 19:31 731696 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-04-26 19:29 . 2010-04-26 19:29 -------- d-----w- c:\program files\Common Files\VMware
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\program files\Vimicro
2010-04-26 19:25 . 2010-04-26 19:25 -------- d-----w- c:\users\Djerrro\AppData\Roaming\InstallShield
2010-04-26 19:18 . 2010-04-26 19:18 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Avira
2010-04-26 19:17 . 2010-04-26 17:22 -------- d-----w- c:\programdata\Mozilla Firefox
2010-04-26 19:16 . 2010-04-26 19:16 -------- d-----w- c:\users\Djerrro\AppData\Roaming\URSoft
2010-04-26 19:15 . 2010-04-26 18:03 -------- d-----r- c:\program files\Skype
2010-04-26 18:22 . 2010-04-26 18:22 -------- d-----w- c:\program files\Sandboxie
2010-04-26 18:03 . 2010-04-26 18:03 -------- d-----w- c:\program files\Common Files\Skype
2010-04-26 18:03 . 2010-04-26 18:03 -------- d-----w- c:\programdata\Skype
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\users\Djerrro\AppData\Roaming\TuneUp Software
2010-04-26 17:48 . 2010-04-26 17:48 -------- d-----w- c:\programdata\TuneUp Software
2010-04-26 17:08 . 2010-04-26 15:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-26 16:39 . 2010-04-26 16:39 -------- d-----w- c:\users\Djerrro\AppData\Roaming\Malwarebytes
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\programdata\DFX
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\users\Guest\AppData\Roaming\Winamp
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\users\Administrator\AppData\Roaming\Winamp
2010-04-26 16:05 . 2010-04-26 16:05 -------- d-----w- c:\program files\Common Files\DFX
2010-04-26 16:03 . 2010-04-26 16:03 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-09-26 05:42 556416 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUpdateCheck"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-07-04 12:16 49152 ----a-w- c:\windows\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-09-30 09:15 387584 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-20 11:14 26192680 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 14:15 49152 ----a-w- c:\windows\vmsnap3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2009-10-22 02:59 129584 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows7FirewallControl"=c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-23 879104]
R3 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-19 1050440]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-03-18 475136]
R3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\Drivers\usbVM303.sys [2007-03-16 1474560]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-03-05 40560]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-22 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 372736]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files\Internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet download manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85FD1D01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84e4caa0
QueryNameProcedure -> 0x84e4cc30
user & kernel MBR OK

**************************************************************************
.
Completion time: 2010-05-30 12:19:40
ComboFix-quarantined-files.txt 2010-05-30 10:19

Pre-Run: 59,301,986,304 bytes free
Post-Run: 61,786,890,240 bytes free

- - End Of File - - 1B619D40CE0A443B4C213D0EF7E713EC

Zaboravio sam reci da komp radi isto.

Mislio sam da logove prikacis uz poruku da bi tema bila preglednija.
Inace...kao sto vec rekoh ovde nema aktivnog malware-a. samo smo izgubili vreme...

uninstalirai Combofix i AVZ po uputstvu sa mog posta.
To je to.

---