Čudan rad računara - da li je virus?

Nije mi mnogo poznata ova problematika. Tri razlike u odnosu na dosadašnji rad:
1.Kad uključim računar, uključi se i pregledanje fajlova (CHKDSK) na disku E,
2.Radi sporije,
3.Kad kliknem na IE ili Antivirus program, radi uključivanja, najpre otvori manji prozor " Preuzimanje datoteke - bezbednosno upozorenje", gdje traži preuzimanje, instalaciju ili otkazivanje. Ako na primjer kod IE kliknem na RUN, on mi otvori Operu,a prethodni prozor ostane uključen na ekranu.

Ako je neko imao sličan problem, zamolio bih ga za rešenje.
Pozdrav!

Skini Program DDS http://download.bleepingcomputer.com/sUBs/dds.scr
Dvoklikom pokreni DDS
Sacekaj malo, izbacice ti dva loga
Iskopiraj mi log pod nazivom DDS.txt

Jedna mala napomena: kad sam otvarao NOTEPADE, prvo mi se otvorio neki prozor IE za sigurnost, pa sam preko dugmeta RUN pokratao NOTEPADE.A sad evo trazenog fajla.


DDS (Ver_09-12-01.01) - NTFSx86
Run by AMD at 10:19:00,20 on 28.12.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.511.135 [GMT 1:00]

AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k Akamai
E:\5.instalirani_programi\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
E:\5.instalirani_programi\AppServ\Apache2.2\bin\httpd.exe
E:\5.instalirani_programi\AppServ\MySQL\bin\mysqld.exe
C:\Program Files\StudioLine Photo Basic\NMSAccess.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Browsers\Opera\opera.exe
C:\WINDOWS\system32\notepad.exe
E:\6.download\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = ${URL_SEARCHPAGE}
uSearch Bar = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
mSearch Page = ${URL_SEARCHPAGE}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
uURLSearchHooks: Free Lunch Design Toolbar: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - c:\program files\free_lunch_design\tbFree.dll
mWinlogon: Taskman=c:\recycler\s-1-5-21-5022025655-5243487776-667105670-1513\sysdate.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Alcohol Toolbar Helper: {52d06f97-5511-43fa-8fda-c481864fd26e} - c:\program files\alcohol toolbar\v3.2.0.0\Alcohol_Toolbar.dll
BHO: Free Lunch Design Toolbar: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - c:\program files\free_lunch_design\tbFree.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\5.instalirani_programi\adobecs4\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Alcohol Toolbar: {4c4e7cdb-5bfc-4d74-83e2-8ae659b7eda2} - c:\program files\alcohol toolbar\v3.2.0.0\Alcohol_Toolbar.dll
TB: VSPopUp: {c89657e6-d083-4ea3-81d2-d7ad3d0ed490} - c:\windows\system32\vsPop.dll
TB: Zend Studio: {95188727-288f-4581-a48d-eab3bd027314} - c:\progra~1\zend\zendst~2.0\bin\ZENDIE~1.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\5.instalirani_programi\adobecs4\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Free Lunch Design Toolbar: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - c:\program files\free_lunch_design\tbFree.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - e:\5.instalirani_programi\adobecs4\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [antispy] c:\program files\ieantivirus\scan.exe
uRun: [MySQL Data Wizard Agent] c:\program files\sql maestro group\data wizard for mysql\MyDataWizardA.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs4\Bridge.exe" -stealth
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Software Informer] "c:\program files\software informer\softinfo.exe" -autorun
uRun: [fsm]
uRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [MSI Live] c:\program files\msi\msi live\SetWallpaper.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.6.0_07\bin\jusched.exe
mRun: [Acrobat Assistant 8.0] "e:\5.instalirani_programi\adobecs4\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - e:\5.instalirani_programi\adobecs4\acrobat 8.0\acrobat\AdobeCollabSync.exe
IE: Append to existing PDF - e:\5.instalirani_programi\adobecs4\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\5.instalirani_programi\adobecs4\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\5.instalirani_programi\adobecs4\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\5.instalirani_programi\adobecs4\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\5.instalirani_programi\adobecs4\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\5.instalirani_programi\adobecs4\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\5.instalirani_programi\adobecs4\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\5.instalirani_programi\adobecs4\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Subscribe in RSS Bandit - c:\documents and settings\amd\application data\rssbandit\iecontext_subscribebandit.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - {95188727-288F-4581-A48D-EAB3BD027314} - c:\progra~1\zend\zendst~2.0\bin\ZENDIE~1.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {ED2C4C66-C3B5-49A5-A999-C4F3566E8A9B} = 212.200.191.166,212.200.190.166
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\amd\applic~1\mozilla\firefox\profiles\vayaalab.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\amd\application data\mozilla\firefox\profiles\vayaalab.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\components\FFExternalAlert.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\browsers\opera\program\plugins\npdsplay.dll
FF - plugin: c:\browsers\opera\program\plugins\NPOFFICE.DLL
FF - plugin: c:\browsers\opera\program\plugins\NPSWF32.dll
FF - plugin: c:\browsers\opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\browsers\program\plugins\npdsplay.dll
FF - plugin: c:\browsers\program\plugins\NPSWF32.dll
FF - plugin: c:\browsers\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\NPOFF12.DLL
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-22 114768]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-9-25 574808]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-3 14336]
R2 Apache2.2;Apache2.2;e:\5.instalirani_programi\appserv\apache2.2\bin\httpd.exe [2008-1-17 24635]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-2-3 138680]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-12-23 54752]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-2-3 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-2-3 352920]
S2 PHPGeekUtil;PHPGeekUtil;"c:\apache\apache.exe" --ntservice --> c:\apache\APACHE.EXE [?]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe --> c:\xampp\service.exe [?]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-8-17 18688]
S3 DNSFILT;DNSFILT;\??\c:\program files\atguard\dnsfilt.sys --> c:\program files\atguard\DNSFILT.SYS [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 FWFILT;FWFILT;\??\c:\program files\atguard\fwfilt.sys --> c:\program files\atguard\FWFILT.SYS [?]
S3 HTTPFILT;HTTPFILT;\??\c:\program files\atguard\httpfilt.sys --> c:\program files\atguard\HTTPFILT.SYS [?]

=============== Created Last 30 ================

2009-12-27 14:28:25 0 d-----w- c:\windows\system32\NtmsData
2009-12-27 14:25:43 0 d-sh--w- c:\documents and settings\amd\IECompatCache
2009-12-27 11:24:20 0 d-----w- c:\program files\common files\Akamai
2009-12-25 21:44:59 0 d-----w- c:\program files\Free_Lunch_Design
2009-12-25 21:12:57 0 d-----w- c:\program files\Santa Claus in Trouble
2009-12-24 17:32:29 0 d-----w- c:\program files\Carambis
2009-12-24 16:54:44 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-24 16:54:32 0 d-----w- c:\program files\PC Connectivity Solution
2009-12-24 16:46:05 0 d-----w- c:\docume~1\alluse~1\applic~1\OviInstallerCache
2009-12-24 16:18:48 0 d-----w- c:\program files\common files\LogoManager
2009-12-24 16:17:48 0 d-----w- c:\program files\MobiMB Mobile Media Browser
2009-12-24 08:56:04 0 d-----w- c:\program files\Microsoft ActiveSync
2009-12-24 07:40:42 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-24 07:40:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-24 07:21:34 0 d-----w- c:\docume~1\amd\applic~1\Software Informer
2009-12-24 07:21:32 0 d-----w- c:\program files\Software Informer
2009-12-24 06:59:06 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-24 06:59:06 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-24 06:59:06 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-12-24 06:50:06 0 d-----w- c:\program files\common files\PCSuite
2009-12-24 06:49:44 0 d-----w- c:\program files\common files\Nokia
2009-12-24 06:48:54 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-24 06:48:53 0 d-----w- c:\program files\Nokia
2009-12-23 19:11:38 0 d-----w- c:\program files\Microsoft Office Outlook Connector
2009-12-23 19:10:57 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-12-23 19:03:27 0 d-----w- c:\program files\Microsoft
2009-12-23 19:02:56 0 d-----w- c:\program files\Windows Live SkyDrive
2009-12-23 18:38:51 0 d-----w- c:\program files\common files\Windows Live
2009-12-23 18:37:57 1409 ----a-w- c:\windows\QTFont.for
2009-12-23 18:37:56 54156 ---ha-w- c:\windows\QTFont.qfn
2009-12-23 18:00:35 0 d-----w- c:\program files\Conduit
2009-12-23 17:59:25 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-12-23 17:57:50 0 d-----w- c:\program files\PC Drivers HeadQuarters
2009-12-23 16:41:27 0 d-sh--w- c:\documents and settings\amd\PrivacIE
2009-12-23 16:37:43 0 d-sh--w- c:\documents and settings\amd\IETldCache
2009-12-23 16:35:25 0 d-----w- c:\windows\ie8updates
2009-12-23 16:30:06 0 dc-h--w- c:\windows\ie8
2009-12-23 16:30:05 0 d-----w- c:\windows\system32\sr-Cyrl-CS
2009-12-23 16:26:12 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-23 13:11:40 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-22 18:47:58 77824 ----a-w- c:\windows\system32\xvid.ax
2009-12-22 18:47:57 0 d-----w- c:\program files\Xvid
2009-12-22 18:47:52 0 d-----w- c:\program files\FDRLab
2009-12-22 18:25:02 48640 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2009-12-22 15:52:21 118 ----a-w- c:\windows\system32\MRT.INI
2009-12-21 20:32:05 0 d-----w- c:\program files\Barbie(TM)
2009-12-21 19:12:30 126 ----a-w- c:\windows\PRLTP_USBdrv.ini
2009-12-19 11:39:57 63 --sh--r- C:\autorun.inf

==================== Find3M ====================

2009-12-21 17:25:24 960 --sha-w- C:\5lvjovma.sys
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2002-07-31 18:55:12 106 --sh--w- c:\windows\WSYS049.SYS

============= FINISH: 10:19:42,06 ===============

Skini na desktop ovaj program http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Iskljuci antivirus
Pokreni Combofix obavezno sa desktopa
Klikni yes ili ok za sve sto pita
Kad zavrsi izbacice ti log koji ces mi iskopirati.

Skinuo sam na desktop. Kad sam ga pokrenuo(na desni klik / Pokreni kao... / inace nece na Otvori), otvorio se jedan mali prozorcic, gdje na gornjoj strani pise ComboFix, a ispod ima bijela trakica. Nista me ne pita. Radio je (vjerovatno u pozadini) oko 30 min, pa sam ga iskljucio i odustao. A sta bi sada, kad smo vec poceli?

Jesi li iskljucio antivirus?
Pokreni ga ponovo i sacekaj da odradi do kraja, nemoj da si nestrpljiv. Takodje nemoj da ubadas USB stick u komp dok ne zavrsimo ciscenje, jer je zarazen.

Avast ces da iskljucis na sledeci nacin:
Desni klik na ikonicu pored sata, zatim klikni na podesavanje programa (Program settings)
Klikni na zadnju stavku u levom prozoru
Cekiraj Avast samo-odbrambeni modul (Disable avast! self-defence) ok.
Zatim ponovo desni klik na ikonicu pored sata i zaustavi stalnu zastitu.

Tek onda pokreni Combofix i sacekaj da odradi do kraja.

btw obrisi tu ikonicu sa desktopa i skini novu verziju combofixa.

ComboFix izbacuje prozor da je Inkompatibilan OS (kad ga ukljucim kao trenutni korisnik sa zastitom racunara od neovlascenih aktivnosti). Sta dalje?

Skini ovaj program http://swandog46.geekstogo.com/avenger2/download.php
Raspakuj ga u folder
Dvoklikom pokreni avenger.exe
Iskopiraj ovaj tekst u beli prozor programa



Zatim klikni Execute pa dva puta Yes.
Kompjuter ce se restartovati, mozda dva puta.
Kopiraj mi log fajl C:\avenger.txt

_{[Ovu poruku je menjao valjan dana 29.12.2009. u 16:41 GMT+1]}

Raspakujem ga i kad dva puta kliknem iskace mi ponovo mali prozor:Preuzimanje datoteke-bezbednosno upozorenje sa dugmadima:Pokreni, Sacuvaj i Otkazi. Na dugme Pokreni iskace novi prozor sa natpisom Publisher: Unknown Publisher i dugmadima Run i Don`t Run.
Ne moze se instalirati ni preko Kontrol panela - Nazalost.
Sta sada?

Uspio sam ga pokrenuti. Javicu se. Pozdrav!

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\recycler\s-1-5-21-5022025655-5243487776-667105670-1513\sysdate.exe" not found!
Deletion of file "c:\recycler\s-1-5-21-5022025655-5243487776-667105670-1513\sysdate.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\autorun.inf" not found!
Deletion of file "C:\autorun.inf" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\5lvjovma.sys" not found!
Deletion of file "C:\5lvjovma.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\5lvjovma" not found!
Deletion of driver "5lvjovma" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman"
Deletion of registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Posto je Kristi1 zauzet ja cu nastaviti:

pokusaj pokrenuti oba programa...slobodno pokusaj vise puta ako neuspes iz prve,nista nemozes zeznuti.
Ukoliko neki alat pokrenes,izbaci log,ali pokusaj da pokrenes oba:

..........................
1. Skini RSIT program na Desktop
http://images.malwareremoval.com/random/RSIT.exe

pokreni RSIT
idi na Continue i kad zavrsi izbacice dva loga:
log.txt
info.txt
(lokacija: C:\rsit)

kopiraj mi log.txt


...........................

Skini OTL program na Desktop
http://oldtimer.geekstogo.com/OTL.exe

Pokreni ga, idi na Run Scan

Otovrice se Notepad ( log ) koji ces kopirati ovde. Ako se ne otvori trebao bi na Desktop-u da sacuva notepad (log) sa imenom OTL.txt

...........................


pokusaj da mi das i svez DDS log

---

log.txt:
Logfile of random's system information tool 1.06 (written by random/random)
Run by AMD at 2009-12-29 21:51:10
Microsoft Windows XP Professional Service Pack 2
System drive C: has 6 GB (18%) free of 30 GB
Total RAM: 511 MB (18% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52D06F97-5511-43FA-8FDA-C481864FD26E}]
Alcohol Toolbar Helper - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll [2007-01-10 798720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
Free Lunch Design Toolbar - C:\Program Files\Free_Lunch_Design\tbFree.dll [2009-05-20 2085400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - Alcohol Toolbar - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll [2007-01-10 798720]
{C89657E6-D083-4EA3-81D2-D7AD3D0ED490} - VSPopUp - C:\WINDOWS\system32\vsPop.dll [2007-02-28 299008]
{95188727-288F-4581-A48D-EAB3BD027314} - Zend Studio - C:\PROGRA~1\Zend\ZENDST~2.0\bin\ZENDIE~1.DLL [2006-11-29 188416]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - Free Lunch Design Toolbar - C:\Program Files\Free_Lunch_Design\tbFree.dll [2009-05-20 2085400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe []
"MSI Live"=C:\Program Files\MSI\MSI Live\SetWallpaper.exe []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Acrobat Assistant 8.0"=E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]
""= []
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"antispy"=C:\Program Files\IEAntiVirus\scan.exe []
"MySQL Data Wizard Agent"=C:\Program Files\SQL Maestro Group\Data Wizard for MySQL\MyDataWizardA.exe []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []
"AdobeBridge"=C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe -stealth []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"Software Informer"=C:\Program Files\Software Informer\softinfo.exe [2009-11-25 2011205]
"fsm"= []
""= []
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"PUT2VIDQLG"=C:\DOCUME~1\AMD\LOCALS~1\Temp\c.exe [2009-12-29 181760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00PCTFW]
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySQL Data Wizard Agent]
C:\Program Files\SQL Maestro Group\Data Wizard for MySQL\MyDataWizardA.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll,NvStartup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QKSMTPServer3]
C:\PROGRA~1\QKSMTP~1\QKSmtpServer3.exe [2005-08-08 959488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SinapsiAntispam]
C:\Program Files\Sinapsi Antispam\SinapsiAntispam.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-07-11 295606]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Acrobat\ADOBEC~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AMD^Start Menu^Programs^Startup^Registration .LNK]
C:\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East - Demo\Register\RegistrationReminder.exe -d 803305 -l english -r 7 -g -c us -i []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AMD^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
C:\xampp\mysql\bin\WINMYS~1.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-06-02 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\xampp\apache\bin\apache.exe"="C:\xampp\apache\bin\apache.exe:*:Disabled:Apache HTTP Server"
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\Program Files\Rapid PHP 2007\rapidphp.exe"="C:\Program Files\Rapid PHP 2007\rapidphp.exe:*:Enabled:Rapid PHP 2007"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80af2674-aa8e-11dc-a9f6-000fea372d9b}]
shell\AutoRun\command - 22yj2fy1.exe
shell\open\command - 22yj2fy1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b68f396-a200-11dd-afac-000fea372d9b}]
shell\AutoRun\command - G:\yew.bat
shell\explore\command - G:\yew.bat
shell\open\command - G:\yew.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9360fbd0-557a-11dc-a8c6-000fea372d9b}]
shell\AuToplaY\command - G:\ojxg.exe
shell\AutoRun\command - G:\ojxg.exe
shell\eXpLOre\command - G:\ojxg.exe
shell\open\command - G:\ojxg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ddcb024-54a6-11dc-a8ba-806d6172696f}]
shell\AutoRun\command - 22yj2fy1.exe
shell\open\command - 22yj2fy1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ddcb025-54a6-11dc-a8ba-806d6172696f}]
shell\AutoRun\command - 22yj2fy1.exe
shell\open\command - 22yj2fy1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae829b54-6655-11dd-ae38-000fea372d9b}]
shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d91c0b20-68a1-11dd-ae48-000fea372d9b}]
shell\AutoRun\command - G:\
shell\explore\command - RECYCLER\autorun.exe -ExploreCurDir
shell\open\command - RECYCLER\autorun.exe -OpenCurDir


======File associations======

.ini - open - "C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"
.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 1 months======

2009-12-29 21:51:11 ----D---- C:\Program Files\trend micro
2009-12-29 21:51:10 ----D---- C:\rsit
2009-12-29 20:33:32 ----A---- C:\avenger.txt
2009-12-29 20:23:11 ----D---- C:\Avenger
2009-12-29 20:20:15 ----A---- C:\zip.exe
2009-12-29 20:20:15 ----A---- C:\cleanup.exe
2009-12-29 20:20:15 ----A---- C:\cleanup.bat
2009-12-29 13:48:38 ----D---- C:\32788R22FWJFW
2009-12-29 13:13:09 ----A---- C:\WINDOWS\msb.exe
2009-12-29 11:03:25 ----D---- C:\saslPrep_3968
2009-12-29 10:51:58 ----A---- C:\WINDOWS\msa.exe
2009-12-29 10:51:38 ----A---- C:\WINDOWS\system32\sshnas.dll
2009-12-29 10:07:15 ----SD---- C:\ComboFix
2009-12-29 10:07:15 ----D---- C:\WINDOWS\ERDNT
2009-12-29 10:07:14 ----A---- C:\WINDOWS\system32\CF19309.exe
2009-12-29 10:07:09 ----D---- C:\Qoobox
2009-12-27 15:28:25 ----D---- C:\WINDOWS\system32\NtmsData
2009-12-27 12:24:20 ----D---- C:\Program Files\Common Files\Akamai
2009-12-25 22:44:59 ----D---- C:\Program Files\Free_Lunch_Design
2009-12-25 22:12:57 ----D---- C:\Program Files\Santa Claus in Trouble
2009-12-25 11:46:58 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-12-25 11:46:30 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-12-24 18:32:29 ----D---- C:\Program Files\Carambis
2009-12-24 17:54:32 ----D---- C:\Program Files\PC Connectivity Solution
2009-12-24 17:50:25 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-12-24 17:50:15 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-12-24 17:49:20 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-12-24 17:47:58 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-12-24 17:46:05 ----D---- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
2009-12-24 17:18:48 ----D---- C:\Program Files\Common Files\LogoManager
2009-12-24 17:17:48 ----D---- C:\Program Files\MobiMB Mobile Media Browser
2009-12-24 11:27:39 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-24 11:25:14 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-12-24 11:17:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-24 09:56:04 ----D---- C:\Program Files\Microsoft ActiveSync
2009-12-24 09:54:26 ----D---- C:\Program Files\Common Files\DESIGNER
2009-12-24 08:21:34 ----D---- C:\Documents and Settings\AMD\Application Data\Software Informer
2009-12-24 08:21:32 ----D---- C:\Program Files\Software Informer
2009-12-24 07:59:06 ----A---- C:\WINDOWS\system32\muweb.dll
2009-12-24 07:59:06 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-12-24 07:59:06 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-12-24 07:51:46 ----D---- C:\Documents and Settings\AMD\Application Data\PC Suite
2009-12-24 07:51:41 ----D---- C:\Documents and Settings\AMD\Application Data\Nokia
2009-12-24 07:51:40 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
2009-12-24 07:50:06 ----D---- C:\Program Files\Common Files\PCSuite
2009-12-24 07:49:44 ----D---- C:\Program Files\Common Files\Nokia
2009-12-24 07:48:54 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2009-12-24 07:48:53 ----D---- C:\Program Files\Nokia
2009-12-24 07:44:52 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2009-12-23 20:12:20 ----D---- C:\Program Files\Microsoft Silverlight
2009-12-23 20:11:38 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-12-23 20:09:06 ----D---- C:\Program Files\Microsoft Sync Framework
2009-12-23 20:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$
2009-12-23 20:03:27 ----D---- C:\Program Files\Microsoft
2009-12-23 20:02:56 ----D---- C:\Program Files\Windows Live SkyDrive
2009-12-23 20:02:20 ----D---- C:\Program Files\Windows Live
2009-12-23 19:38:51 ----D---- C:\Program Files\Common Files\Windows Live
2009-12-23 19:00:35 ----D---- C:\Program Files\Conduit
2009-12-23 18:59:25 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2009-12-23 18:57:50 ----D---- C:\Program Files\PC Drivers HeadQuarters
2009-12-23 17:35:25 ----D---- C:\WINDOWS\ie8updates
2009-12-23 17:30:06 ----HDC---- C:\WINDOWS\ie8
2009-12-23 17:30:05 ----D---- C:\WINDOWS\system32\sr-Cyrl-CS
2009-12-23 14:12:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-23 14:12:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-23 14:12:32 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-23 14:12:25 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-23 14:12:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-23 14:12:09 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-23 14:12:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-23 14:11:52 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-23 14:11:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-23 14:11:40 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-12-23 14:11:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-12-23 14:11:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-23 14:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-23 14:11:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-23 14:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-23 14:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-22 19:47:57 ----D---- C:\Program Files\Xvid
2009-12-22 19:47:52 ----D---- C:\Program Files\FDRLab
2009-12-22 16:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-22 16:52:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-22 16:52:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-22 16:52:21 ----A---- C:\WINDOWS\system32\MRT.INI
2009-12-22 16:49:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-22 16:49:39 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-21 21:32:05 ----D---- C:\Program Files\Barbie(TM)
2009-12-21 20:12:30 ----A---- C:\WINDOWS\PRLTP_USBdrv.ini

======List of files/folders modified in the last 1 months======

2009-12-29 21:51:11 ----RD---- C:\Program Files
2009-12-29 21:48:04 ----SD---- C:\WINDOWS\Tasks
2009-12-29 21:21:15 ----D---- C:\WINDOWS\Prefetch
2009-12-29 20:36:23 ----D---- C:\WINDOWS\Temp
2009-12-29 20:33:32 ----D---- C:\WINDOWS\system32\drivers
2009-12-29 20:31:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-29 20:23:11 ----D---- C:\WINDOWS\system32
2009-12-29 20:21:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-29 16:49:14 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-29 13:14:20 ----D---- C:\WINDOWS
2009-12-29 11:41:20 ----D---- C:\Program Files\WinRAR
2009-12-29 10:18:05 ----HD---- C:\WINDOWS\inf
2009-12-29 10:18:04 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-29 10:17:37 ----SHD---- C:\WINDOWS\Installer
2009-12-29 10:17:37 ----SHD---- C:\Config.Msi
2009-12-28 18:00:40 ----D---- C:\WINDOWS\security
2009-12-28 17:54:51 ----D---- C:\WINDOWS\Registration
2009-12-27 16:20:32 ----D---- C:\My Web Sites
2009-12-27 15:30:54 ----A---- C:\WINDOWS\system32\perfmon.msc
2009-12-27 15:20:05 ----D---- C:\Documents and Settings\AMD\Application Data\Macromedia
2009-12-27 15:20:03 ----D---- C:\Program Files\Macromedia
2009-12-27 15:20:02 ----D---- C:\WINDOWS\Downloaded Installations
2009-12-27 12:24:20 ----D---- C:\Program Files\Common Files
2009-12-27 08:45:08 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-27 08:44:16 ----RSD---- C:\WINDOWS\assembly
2009-12-27 08:25:05 ----D---- C:\WINDOWS\system32\config
2009-12-25 17:46:23 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-12-25 17:13:54 ----D---- C:\Program Files\Mozilla Thunderbird
2009-12-25 11:47:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-25 11:46:45 ----A---- C:\WINDOWS\imsins.BAK
2009-12-25 01:51:16 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-24 22:06:42 ----D---- C:\WINDOWS\AppPatch
2009-12-24 17:57:26 ----D---- C:\WINDOWS\WinSxS
2009-12-24 17:49:33 ----D---- C:\Program Files\Windows Media Player
2009-12-24 17:48:20 ----D---- C:\WINDOWS\system32\Logfiles
2009-12-24 15:47:22 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-24 11:47:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-24 11:22:47 ----D---- C:\Program Files\Internet Explorer
2009-12-24 11:21:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-24 10:08:10 ----D---- C:\WINDOWS\SHELLNEW
2009-12-24 09:58:20 ----A---- C:\WINDOWS\ODBC.INI
2009-12-24 09:56:48 ----RSD---- C:\WINDOWS\Fonts
2009-12-24 07:58:07 ----SD---- C:\Documents and Settings\AMD\Application Data\Microsoft
2009-12-24 07:51:08 ----D---- C:\Program Files\DIFX
2009-12-23 20:21:11 ----D---- C:\Program Files\Windows Live Toolbar
2009-12-23 20:11:42 ----D---- C:\Program Files\Common Files\System
2009-12-23 20:08:43 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-23 20:07:28 ----D---- C:\WINDOWS\system32\DirectX
2009-12-23 20:03:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-23 17:37:12 ----D---- C:\WINDOWS\Help
2009-12-23 17:33:42 ----D---- C:\WINDOWS\WBEM
2009-12-23 17:33:23 ----D---- C:\WINDOWS\Media
2009-12-23 17:20:11 ----D---- C:\WINDOWS\system32\en-us
2009-12-23 17:00:06 ----D---- C:\WINDOWS\ie7updates
2009-12-21 21:32:57 ----A---- C:\WINDOWS\ka.ini
2009-12-20 17:12:57 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt
2009-12-06 20:30:00 ----SHD---- C:\RECYCLER
2009-12-01 12:06:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-06-02 3100160]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-04-14 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-04-14 13056]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-03 163584]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-02-03 10368]
R3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 a2lzuh9n;a2lzuh9n; C:\WINDOWS\system32\drivers\a2lzuh9n.sys []
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 DNSFILT;DNSFILT; \??\C:\Program Files\Atguard\DNSFILT.SYS []
S3 FWFILT;FWFILT; \??\C:\Program Files\Atguard\FWFILT.SYS []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
S3 HTTPFILT;HTTPFILT; \??\C:\Program Files\Atguard\HTTPFILT.SYS []
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
S3 NDISFILT;NDISFILT; \??\C:\Program Files\Atguard\NDISFILT.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-09-25 574808]
R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
R2 Apache2.2;Apache2.2; E:\5.instalirani_programi\AppServ\Apache2.2\bin\httpd.exe [2008-01-17 24635]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-02 552960]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 mysql;mysql; E:\5.instalirani_programi\AppServ\MySQL\bin\mysqld --defaults-file=E:\50CEE~1.INS\AppServ\MySQL\my.ini mysql []
R2 NMSAccess;NMSAccess; C:\Program Files\StudioLine Photo Basic\NMSAccess.exe [2006-12-12 65536]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920]
S2 PHPGeekUtil;PHPGeekUtil; c:\apache\APACHE.EXE --ntservice []
S2 XAMPP;XAMPP Service; C:\xampp\service.exe []
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-01 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2007-12-27 68096]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Ok...dok ja pregledavam log ti pazljivo procitaj ovo uputstvo:
http://www.elitesecurity.org/t...e-programa-HijackThis-ComboFix
i pokusaj ispocetka pokrenuti Combofix ( obrisi stari i skini novi po uputstvu)

ako ne ...i dalje pokusaj DDS i OTL log da postavis

.............................................................................................................................


Samo da ti kazem da ti je system i jako losem stanju...gledaj nekako da pokrenes Combofix:
gledaj da pre skidanja programa promenis naziv iz Combofix.exe u npr. scanner.exe ili C-F.exe

ako niako nece....onda moramo na mnogo robusniji nacin da pokusamo resiti problem...

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
'Vako::


Skini AVZ program na Desktop ( AVZ Antiviral Toolkit)
http://devbuilds.kaspersky-labs.com/devbuilds/AVZ/avz4.zip

*raspakuj arhivu u neki folder
*pokreni AVZ dvoklikom na ovu ikonicu:



*u meniju izaberi File > Standard Scripts;
*u prozoru koji se otvori stikliraj opciju 2 i klikni Execute Selected Scripts;
*klikni Yes;
*po zavrsetku skeniranja dobices obavestenje: Script Executed;

*izadji iz programa.

Uploaduj fajl virusinfo_syscheck.zip koji se nalazi u avz\log folderu na forum uz poruku.

<sub>[Ovu poruku je menjao magna86 dana 29.12.2009. u 22:23 GMT+1]

[Ovu poruku je menjao magna86 dana 29.12.2009. u 22:23 GMT+1]</sub>

---

A dok magna86 pregleda log, ja bih te zamolio da do daljnjeg ne kacis nijedan USB flash na tvoj racunar, jer iz onog sto sam ja video brzim preletom preko tvog loga upravo preko flasha su ti dolazili "nezvani gosti" nekoliko puta...

da...to sam zaboravio da kazem...fleske su ti zarazene...to cemo kasnije...

edit:

Probaj Combofix da pokrenes iz safe moda...

U svakom slucaju javi sta si uradio



_{[Ovu poruku je menjao magna86 dana 29.12.2009. u 22:34 GMT+1]}

---

Ako nikako ne uspes da pokrenes ovo sto ti kristi1 i magna86 predlazu, imas jos dve alternative koje meni padaju na pamet:

prva je da skines neki od besplatnih AV skenera koji su pravljeni za pokretanje direktno sa zarazenog racunara - jedan od njih je Dr.Web CureIt! a drugi je Sunbelt Vipre Rescue. Preporucljivo je da skeniranje pokrenes iz safe mode-a (prilikom pokretanja racunara pritiskas F8 sve dok ne dobijes opcije za odabir izmedju nekoliko nacina podizanja, i odaberes safe mode with networking kako bi AV program mogao eventualno da se azurira ako je potrebno).

Druga alternativa je da na nekom "zdravom" racunaru skines ISO image nekog Rescue CD-a, dvoklikom na taj ISO fajl narezes ga na CD, i zatim tvoj racunar bootujes sa takvog CD-a. Moja preporuka je Dr.Web® LiveCD, pa Kaspersky Rescue Disk, pa onda bilo sta od preostalog...

Naravno, kazem jos jednom, pokusaj najpre da odradis ono su ti kristi1 i magna86 rekli, pa ako nikako ne ide, onda probaj neku od ovih varijanti.

Magna!
Evo saljem OTL fajl.

OTL logfile created on: 29.12.2009 22:49:24 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\AMD\Desktop\virusi
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000419 | Country: Russia | Language: RUS | Date Format: dd.MM.yyyy

511,00 Mb Total Physical Memory | 188,00 Mb Available Physical Memory | 37,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 56,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 5,40 Gb Free Space | 18,44% Space Free | Partition Type: NTFS
Drive D: | 41,01 Gb Total Space | 4,87 Gb Free Space | 11,86% Space Free | Partition Type: NTFS
Drive E: | 41,47 Gb Total Space | 10,13 Gb Free Space | 24,43% Space Free | Partition Type: NTFS
Drive F: | 589,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMD-D7AB8F22C24
Current User Name: AMD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009.12.29 21:47:30 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AMD\Desktop\virusi\OTL.exe
PRC - [2009.12.29 10:53:05 | 00,182,784 | ---- | M] () -- C:\WINDOWS\msb.exe
PRC - [2009.11.25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.11.25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.11.25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.05.19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.02.06 18:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2008.06.02 16:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008.02.13 11:00:20 | 07,336,576 | ---- | M] () -- E:\5.instalirani_programi\AppServ\MySQL\bin\mysqld.exe
PRC - [2008.01.17 18:37:26 | 00,024,635 | ---- | M] (Apache Software Foundation) -- E:\5.instalirani_programi\AppServ\Apache2.2\bin\httpd.exe
PRC - [2007.09.25 09:00:46 | 00,574,808 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007.05.28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2006.12.12 12:47:26 | 00,065,536 | ---- | M] () -- C:\Program Files\StudioLine Photo Basic\NMSAccess.exe
PRC - [2006.11.21 18:39:48 | 01,118,720 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
PRC - [2006.11.02 19:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006.02.28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004.08.03 23:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001.08.23 12:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009.12.29 21:47:30 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AMD\Desktop\virusi\OTL.exe
MOD - [2004.08.03 23:57:02 | 01,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.03 23:56:44 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2004.08.03 23:56:38 | 02,897,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (XAMPP)
SRV - File not found [Auto | Stopped] -- -- (PHPGeekUtil)
SRV - [2009.12.29 10:51:40 | 00,229,888 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\sshnas.dll -- (SSHNAS)
SRV - [2009.12.27 12:24:45 | 02,431,024 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/rswin_3629.dll -- (Akamai)
SRV - [2009.11.25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.10.27 09:26:36 | 00,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.08.05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.05.19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.01.01 10:05:11 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.06.02 20:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008.06.02 16:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008.02.13 11:00:20 | 07,336,576 | ---- | M] () [Auto | Running] -- E:\5.instalirani_programi\AppServ\MySQL\bin\mysqld.exe -- (mysql)
SRV - [2008.01.17 18:37:26 | 00,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- E:\5.instalirani_programi\AppServ\Apache2.2\bin\httpd.exe -- (Apache2.2)
SRV - [2007.12.27 22:59:01 | 00,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2007.09.25 09:00:46 | 00,574,808 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007.05.28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007.03.20 15:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006.12.12 12:47:26 | 00,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\StudioLine Photo Basic\NMSAccess.exe -- (NMSAccess)
SRV - [2006.11.02 19:40:12 | 00,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.10.26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.02.28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2004.08.03 23:56:46 | 00,064,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009.11.25 00:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.08.05 22:48:42 | 00,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008.08.26 09:26:12 | 00,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.14 06:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008.06.02 19:20:54 | 03,100,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.02.06 02:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007.02.03 10:55:42 | 00,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007.01.10 21:43:46 | 00,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006.04.24 16:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.04.14 19:09:06 | 00,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.04.14 19:09:04 | 00,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.07.25 10:04:08 | 00,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005.03.09 15:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.12.22 10:07:12 | 02,304,320 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.08.03 23:41:36 | 00,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004.08.03 22:03:36 | 00,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004.08.03 22:02:24 | 00,163,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR)
DRV - [2004.08.03 21:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFDPSP2.sys -- (HSF_DP)
DRV - [2004.08.03 21:41:56 | 00,011,868 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004.08.03 21:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFCXTS2.sys -- (winachsf)
DRV - [2004.08.03 21:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFBS2S2.sys -- (HSFHWBS2)
DRV - [2004.07.17 10:36:38 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001.08.23 12:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.08.23 12:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001.08.23 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001.08.17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search...rms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ru.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 6F DA 0F 71 84 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFree.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Free Lunch Design Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/Resu...chSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Free Lunch Design Customized Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1708250&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.16
FF - prefs.js..extensions.enabledItems: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}:2.0.4.1
FF - prefs.js..extensions.enabledItems: {6b7b8cf5-e00a-49be-ab7d-f9a89053d40c}:2.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.723
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {3c9761ad-a43d-4447-b924-f5d83cb48063}:2.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.12.24 07:50:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2009.12.24 17:54:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: C:\Program Files\Flock\flock\plugins
FF - HKLM\software\mozilla\Flock\Extensions\\Components: C:\Program Files\Flock\flock\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Browsers\Mozilla\components [2009.07.11 17:16:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Browsers\Mozilla\plugins [2009.12.18 23:21:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.12.25 17:13:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.12.25 17:13:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Browsers\Netscape\components [2009.07.11 17:16:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Browsers\Netscape\plugins [2009.12.18 23:21:35 | 00,000,000 | ---D | M]

[2008.12.30 12:02:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Mozilla\Extensions
[2008.12.30 12:02:51 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AMD\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2009.12.26 02:04:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Mozilla\Firefox\Profiles\vayaalab.default\extensions
[2008.08.01 14:00:47 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AMD\Application Data\Mozilla\Firefox\Profiles\vayaalab.default\extensions\{3c9761ad-a43d-4447-b924-f5d83cb48063}
[2009.12.25 22:44:58 | 00,000,000 | ---D | M] (Free Lunch Design Toolbar) -- C:\Documents and Settings\AMD\Application Data\Mozilla\Firefox\Profiles\vayaalab.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}
[2008.12.06 21:10:46 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AMD\Application Data\Mozilla\Firefox\Profiles\vayaalab.default\extensions\{6b7b8cf5-e00a-49be-ab7d-f9a89053d40c}
[2009.07.03 21:32:54 | 00,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\AMD\Application Data\Mozilla\Firefox\Profiles\vayaalab.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009.12.26 02:04:13 | 00,000,557 | ---- | M] () -- C:\Documents and Settings\AMD\Application Data\Mozilla\Firefox\Profiles\vayaalab.default\searchplugins\bing.xml
[2009.05.31 18:45:28 | 00,000,896 | ---- | M] () -- C:\Documents and Settings\AMD\Application Data\Mozilla\Firefox\Profiles\vayaalab.default\searchplugins\conduit.xml

O1 HOSTS File: (23 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Alcohol Toolbar Helper) - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll ()
O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFree.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Alcohol Toolbar) - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll ()
O3 - HKLM\..\Toolbar: (VSPopUp) - {C89657E6-D083-4EA3-81D2-D7AD3D0ED490} - C:\WINDOWS\system32\vsPop.dll (VS INFORMATICA)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Alcohol Toolbar) - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Alcohol Toolbar) - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (VSPopUp) - {C89657E6-D083-4EA3-81D2-D7AD3D0ED490} - C:\WINDOWS\system32\vsPop.dll (VS INFORMATICA)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe File not found
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSI Live] C:\Program Files\MSI\MSI Live\SetWallpaper.exe File not found
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe File not found
O4 - HKCU..\Run: [antispy] C:\Program Files\IEAntiVirus\scan.exe File not found
O4 - HKCU..\Run: [fsm] File not found
O4 - HKCU..\Run: [MySQL Data Wizard Agent] C:\Program Files\SQL Maestro Group\Data Wizard for MySQL\MyDataWizardA.exe File not found
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [PUT2VIDQLG] C:\Documents and Settings\AMD\Local Settings\Temp\c.exe ()
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - E:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Documents and Settings\AMD\Application Data\RssBandit\iecontext_subscribebandit.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll ()
O9 - Extra 'Tools' menuitem : Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6...tall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6...tall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6...tall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com...ockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.01.24 22:01:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.12.22 13:48:22 | 00,000,063 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.12.22 13:48:22 | 00,000,063 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{80af2674-aa8e-11dc-a9f6-000fea372d9b}\Shell\AutoRun\command - "" = 22yj2fy1.exe
O33 - MountPoints2\{80af2674-aa8e-11dc-a9f6-000fea372d9b}\Shell\open\Command - "" = 22yj2fy1.exe
O33 - MountPoints2\{8b68f396-a200-11dd-afac-000fea372d9b}\Shell\AutoRun\command - "" = G:\yew.bat -- File not found
O33 - MountPoints2\{8b68f396-a200-11dd-afac-000fea372d9b}\Shell\explore\Command - "" = G:\yew.bat -- File not found
O33 - MountPoints2\{8b68f396-a200-11dd-afac-000fea372d9b}\Shell\open\Command - "" = G:\yew.bat -- File not found
O33 - MountPoints2\{9360fbd0-557a-11dc-a8c6-000fea372d9b}\Shell\AuToplaY\commAnD - "" = G:\ojxg.exe -- File not found
O33 - MountPoints2\{9360fbd0-557a-11dc-a8c6-000fea372d9b}\Shell\AutoRun\command - "" = G:\ojxg.exe -- File not found
O33 - MountPoints2\{9360fbd0-557a-11dc-a8c6-000fea372d9b}\Shell\eXpLOre\CoMmAnD - "" = G:\ojxg.exe -- File not found
O33 - MountPoints2\{9360fbd0-557a-11dc-a8c6-000fea372d9b}\Shell\open\coMmand - "" = G:\ojxg.exe -- File not found
O33 - MountPoints2\{9ddcb024-54a6-11dc-a8ba-806d6172696f}\Shell\AutoRun\command - "" = 22yj2fy1.exe
O33 - MountPoints2\{9ddcb024-54a6-11dc-a8ba-806d6172696f}\Shell\open\Command - "" = 22yj2fy1.exe
O33 - MountPoints2\{9ddcb025-54a6-11dc-a8ba-806d6172696f}\Shell\AutoRun\command - "" = 22yj2fy1.exe
O33 - MountPoints2\{9ddcb025-54a6-11dc-a8ba-806d6172696f}\Shell\open\Command - "" = 22yj2fy1.exe
O33 - MountPoints2\{ae829b54-6655-11dd-ae38-000fea372d9b}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{ae829b54-6655-11dd-ae38-000fea372d9b}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{d91c0b20-68a1-11dd-ae48-000fea372d9b}\Shell\AutoRun\command - "" = G:\
O33 - MountPoints2\{d91c0b20-68a1-11dd-ae48-000fea372d9b}\Shell\explore\Command - "" = RECYCLER\autorun.exe -ExploreCurDir
O33 - MountPoints2\{d91c0b20-68a1-11dd-ae48-000fea372d9b}\Shell\open\Command - "" = RECYCLER\autorun.exe -OpenCurDir
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009.12.29 21:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009.12.29 21:51:10 | 00,000,000 | ---D | C] -- C:\rsit
[2009.12.29 21:47:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AMD\Desktop\virusi
[2009.12.29 20:23:11 | 00,000,000 | ---D | C] -- C:\Avenger
[2009.12.29 13:48:38 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009.12.29 11:40:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AMD\Local Settings\Application Data\WinZip
[2009.12.29 11:03:25 | 00,000,000 | ---D | C] -- C:\saslPrep_3968
[2009.12.29 10:07:15 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009.12.29 10:07:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.12.29 10:07:14 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF19309.exe
[2009.12.29 10:07:09 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.12.27 15:28:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009.12.27 15:25:43 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\AMD\IECompatCache
[2009.12.27 12:24:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2009.12.25 22:45:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AMD\Local Settings\Application Data\Free_Lunch_Design
[2009.12.25 22:44:59 | 00,000,000 | ---D | C] -- C:\Program Files\Free_Lunch_Design
[2009.12.25 22:12:57 | 00,000,000 | ---D | C] -- C:\Program Files\Santa Claus in Trouble
[2009.12.24 22:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009.12.24 18:32:29 | 00,000,000 | ---D | C] -- C:\Program Files\Carambis
[2009.12.24 18:01:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AMD\Local Settings\Application Data\Nokia
[2009.12.24 18:01:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AMD\Local Settings\Application Data\NokiaAccount
[2009.12.24 17:54:44 | 00,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2009.12.24 17:54:32 | 00,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2009.12.24 17:50:25 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009.12.24 17:48:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009.12.24 17:46:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2009.12.24 17:18:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LogoManager
[2009.12.24 17:17:48 | 00,000,000 | ---D | C] -- C:\Program Files\MobiMB Mobile Media Browser
[2009.12.24 09:56:04 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009.12.24 09:54:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009.12.24 08:21:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AMD\Application Data\Software Informer
[2009.12.24 08:21:32 | 00,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2009.12.24 07:59:06 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009.12.24 07:59:06 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009.12.24 07:51:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AMD\Application Data\PC Suite
[2009.12.24 07:51:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AMD\Application Data\Nokia
[2009.12.24 07:51:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009.12.24 07:50:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2009.12.24 07:49:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2009.12.24 07:48:54 | 00,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2009.12.24 07:48:53 | 00,000,000 | ---D | C] -- C:\Program Files\Nokia
[2009.12.24 07:44:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009.12.23 20:12:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009.12.23 20:11:38 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2009.12.23 20:10:57 | 00,054,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2009.12.23 20:09:06 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009.12.23 20:03:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009.12.23 20:02:56 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009.12.23 20:02:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009.12.23 19:38:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009.12.23 19:00:35 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
[2009.12.23 19:00:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AMD\Local Settings\Application Data\Conduit
[2009.12.23 18:59:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009.12.23 18:57:50 | 00,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2009.12.23 17:41:27 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\AMD\PrivacIE
[2009.12.23 17:37:43 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\AMD\IETldCache
[2009.12.23 17:35:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009.12.23 17:30:06 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009.12.23 17:30:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sr-Cyrl-CS
[2009.12.22 19:47:57 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009.12.22 19:47:52 | 00,000,000 | ---D | C] -- C:\Program Files\FDRLab
[2009.12.22 19:25:02 | 00,048,640 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\drivers\ser2pl.sys
[2009.12.22 18:28:43 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009.12.22 18:28:43 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009.12.21 21:32:05 | 00,000,000 | ---D | C] -- C:\Program Files\Barbie(TM)
[2009.08.25 14:55:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Opera
[2009.08.25 14:55:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Opera
[2009.01.10 22:49:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008.08.14 20:41:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008.01.17 20:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007.10.09 19:27:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2007.02.03 10:27:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007.02.03 10:24:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2001.01.14 10:05:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009.12.29 22:50:10 | 00,000,236 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009.12.29 22:26:18 | 00,000,270 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2009.12.29 20:36:28 | 00,002,227 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009.12.29 20:34:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.12.29 20:33:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.12.29 20:32:15 | 19,136,512 | -H-- | M] () -- C:\Documents and Settings\AMD\NTUSER.DAT
[2009.12.29 20:31:49 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\AMD\ntuser.ini
[2009.12.29 20:30:29 | 00,026,386 | ---- | M] () -- C:\backup.reg
[2009.12.29 20:30:28 | 00,135,168 | ---- | M] () -- C:\zip.exe
[2009.12.29 20:30:28 | 00,019,286 | ---- | M] () -- C:\cleanup.exe
[2009.12.29 20:30:28 | 00,000,574 | ---- | M] () -- C:\cleanup.bat
[2009.12.29 17:20:25 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009.12.29 16:49:14 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.12.29 12:34:15 | 02,113,014 | -H-- | M] () -- C:\Documents and Settings\AMD\Local Settings\Application Data\IconCache.db
[2009.12.29 11:42:47 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\AMD\Desktop\Prečica do WinRAR.lnk
[2009.12.29 10:53:05 | 00,182,784 | ---- | M] () -- C:\WINDOWS\msb.exe
[2009.12.29 10:51:50 | 00,182,784 | ---- | M] () -- C:\WINDOWS\msa.exe
[2009.12.29 10:51:40 | 00,229,888 | ---- | M] () -- C:\WINDOWS\System32\sshnas.dll
[2009.12.29 10:07:03 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF19309.exe
[2009.12.28 13:20:12 | 00,001,720 | ---- | M] () -- C:\Documents and Settings\AMD\Desktop\TC Professional.lnk
[2009.12.28 10:04:38 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\AMD\Desktop\Microsoft Office Word 2003.lnk
[2009.12.27 15:30:54 | 00,058,273 | ---- | M] () -- C:\WINDOWS\System32\perfmon.msc
[2009.12.27 10:36:56 | 00,203,264 | ---- | M] () -- C:\Documents and Settings\AMD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.27 09:36:20 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.12.25 20:56:33 | 00,113,064 | ---- | M] () -- C:\Documents and Settings\AMD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009.12.25 20:52:49 | 02,574,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.12.25 11:46:45 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009.12.24 18:33:58 | 00,005,048 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2009.12.24 17:49:42 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009.12.24 17:48:33 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009.12.24 11:47:06 | 00,441,418 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.12.24 11:47:05 | 00,520,028 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.12.24 11:47:05 | 00,069,862 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.12.24 11:43:23 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\AMD\Desktop\Microsoft Office Access 2003.lnk
[2009.12.24 09:58:20 | 00,000,567 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009.12.23 20:05:33 | 00,000,891 | ---- | M] () -- C:\Documents and Settings\AMD\My Documents\My Sharing Folders.lnk
[2009.12.23 19:37:57 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009.12.23 17:40:08 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\AMD\Desktop\Internet Explorer.lnk
[2009.12.22 19:47:55 | 00,000,727 | ---- | M] () -- C:\Documents and Settings\AMD\Desktop\save2pc Light.lnk
[2009.12.22 18:36:58 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\AMD\Desktop\Microsoft Office PowerPoint 2003.lnk
[2009.12.22 18:28:43 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009.12.22 16:52:21 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009.12.21 21:32:57 | 00,000,371 | ---- | M] () -- C:\WINDOWS\ka.ini
[2009.12.21 20:12:30 | 00,000,126 | ---- | M] () -- C:\WINDOWS\PRLTP_USBdrv.ini
[2009.12.21 11:49:55 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009.12.21 11:49:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009.12.20 23:51:55 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009.12.20 23:51:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009.12.20 20:21:09 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009.12.20 20:21:09 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009.12.20 15:12:07 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009.12.20 15:12:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009.12.19 23:09:21 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009.12.19 23:09:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009.12.19 13:45:56 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009.12.19 13:45:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009.12.19 00:25:28 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009.12.19 00:25:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009.12.18 23:18:57 | 00,002,583 | ---- | M] () -- C:\Documents and Settings\AMD\Desktop\Microsoft Office Excel 2003.lnk
[2009.12.18 20:16:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009.12.18 20:16:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009.12.18 13:32:43 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009.12.18 13:32:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009.12.18 00:15:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009.12.18 00:15:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009.12.17 20:32:18 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009.12.17 20:32:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009.12.17 11:12:42 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009.12.17 11:12:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009.12.16 23:16:57 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009.12.16 23:16:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009.12.16 13:21:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009.12.16 13:21:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009.12.16 00:08:51 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009.12.16 00:08:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009.12.15 13:30:34 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009.12.15 13:30:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009.12.14 23:30:12 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009.12.14 23:30:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009.12.14 13:12:04 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009.12.14 13:12:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009.12.13 23:13:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009.12.13 23:13:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009.12.13 20:20:26 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009.12.13 20:20:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009.12.29 20:20:16 | 00,026,386 | ---- | C] () -- C:\backup.reg
[2009.12.29 20:20:15 | 00,135,168 | ---- | C] () -- C:\zip.exe
[2009.12.29 20:20:15 | 00,019,286 | ---- | C] () -- C:\cleanup.exe
[2009.12.29 20:20:15 | 00,000,574 | ---- | C] () -- C:\cleanup.bat
[2009.12.29 13:13:09 | 00,182,784 | ---- | C] () -- C:\WINDOWS\msb.exe
[2009.12.29 11:42:47 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\AMD\Desktop\Prečica do WinRAR.lnk
[2009.12.29 10:52:00 | 00,000,270 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2009.12.29 10:51:58 | 00,182,784 | ---- | C] () -- C:\WINDOWS\msa.exe
[2009.12.29 10:51:51 | 00,000,236 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009.12.29 10:51:38 | 00,229,888 | ---- | C] () -- C:\WINDOWS\System32\sshnas.dll
[2009.12.28 13:20:12 | 00,001,720 | ---- | C] () -- C:\Documents and Settings\AMD\Desktop\TC Professional.lnk
[2009.12.24 18:33:58 | 00,005,048 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2009.12.24 17:48:33 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009.12.24 11:43:23 | 00,002,483 | ---- | C] () -- C:\Documents and Settings\AMD\Desktop\Microsoft Office Access 2003.lnk
[2009.12.23 19:37:57 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009.12.23 19:37:56 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009.12.23 17:40:08 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\AMD\Desktop\Internet Explorer.lnk
[2009.12.22 19:47:58 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2009.12.22 19:47:55 | 00,000,727 | ---- | C] () -- C:\Documents and Settings\AMD\Desktop\save2pc Light.lnk
[2009.12.22 18:36:58 | 00,002,495 | ---- | C] () -- C:\Documents and Settings\AMD\Desktop\Microsoft Office PowerPoint 2003.lnk
[2009.12.22 16:52:21 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.12.21 20:12:30 | 00,000,126 | ---- | C] () -- C:\WINDOWS\PRLTP_USBdrv.ini
[2009.12.18 23:19:36 | 00,002,497 | ---- | C] () -- C:\Documents and Settings\AMD\Desktop\Microsoft Office Word 2003.lnk
[2009.12.18 23:18:57 | 00,002,583 | ---- | C] () -- C:\Documents and Settings\AMD\Desktop\Microsoft Office Excel 2003.lnk
[2009.03.05 22:54:36 | 00,000,218 | ---- | C] () -- C:\WINDOWS\TDW.INI
[2009.03.05 22:54:36 | 00,000,176 | ---- | C] () -- C:\WINDOWS\BPW.INI
[2009.01.30 16:51:48 | 00,004,869 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vjgbkfiu.iik
[2009.01.06 11:16:28 | 00,013,360 | ---- | C] () -- C:\Documents and Settings\AMD\Application Data\WebBuilder.prf
[2009.01.02 11:17:57 | 00,000,028 | ---- | C] () -- C:\WINDOWS\PSetup.ini
[2008.12.13 18:03:02 | 00,009,557 | ---- | C] () -- C:\WINDOWS\PlantStudio2.ini
[2008.10.24 14:25:15 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008.10.22 14:30:35 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008.10.06 15:36:34 | 00,476,752 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
[2008.10.06 15:26:25 | 00,002,516 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008.10.06 15:26:25 | 00,000,088 | ---- | C] () -- C:\WINDOWS\System32\24707126AF.sys
[2008.09.30 08:15:05 | 00,000,071 | ---- | C] () -- C:\WINDOWS\md_dte.dll
[2008.09.08 20:18:12 | 00,002,123 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008.08.31 14:57:18 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll
[2008.08.12 17:16:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\vspopup.dll
[2008.07.18 04:59:45 | 00,002,444 | ---- | C] () -- C:\WINDOWS\MDVDP.Ini
[2008.07.15 18:49:32 | 00,749,568 | ---- | C] () -- C:\WINDOWS\System32\swfgen.dll
[2008.07.14 21:39:39 | 00,255,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008.07.14 20:59:14 | 00,005,030 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uzvyslhl.frr
[2008.07.10 08:38:05 | 00,102,912 | ---- | C] () -- C:\WINDOWS\System32\JPEGCODE.DLL
[2008.06.06 16:16:13 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008.05.08 10:15:34 | 00,043,381 | ---- | C] () -- C:\WINDOWS\php.ini
[2008.05.07 20:17:10 | 02,076,672 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2008.02.05 20:23:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2008.01.23 21:21:31 | 00,000,112 | ---- | C] () -- C:\Documents and Settings\AMD\Application Data\msdreg.dat
[2007.12.28 21:30:58 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007.12.22 19:08:51 | 00,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\˜113.›sys
[2007.12.21 14:03:57 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007.12.17 12:07:07 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\Hooks.dll
[2007.10.05 21:08:23 | 00,000,106 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2007.09.05 18:57:19 | 00,000,052 | ---- | C] () -- C:\WINDOWS\Relax.ini
[2007.09.04 11:35:02 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.09.03 15:28:26 | 00,203,264 | ---- | C] () -- C:\Documents and Settings\AMD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.09.03 13:38:13 | 00,000,504 | ---- | C] () -- C:\WINDOWS\my.ini
[2007.02.03 11:19:17 | 00,000,567 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.02.03 11:03:00 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007.02.03 11:03:00 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.02.03 11:03:00 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.02.03 11:02:58 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007.02.03 11:02:58 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007.02.03 10:58:47 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\BCGPOleAcc.dll
[2007.01.16 09:47:53 | 00,001,419 | ---- | C] () -- C:\WINDOWS\dreamcoder_mysql.INI
[2007.01.13 17:35:22 | 00,000,371 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007.01.11 20:20:50 | 00,000,032 | ---- | C] () -- C:\WINDOWS\tdlp32.ini
[2007.01.10 21:43:46 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006.08.25 16:07:16 | 00,002,058 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM2.DLL
[2006.08.05 02:13:32 | 00,002,519 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM9.DLL
[2006.05.02 23:38:24 | 00,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2005.06.11 10:47:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2004.07.17 10:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002.03.21 15:39:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002.02.08 03:20:20 | 00,002,063 | ---- | C] () -- C:\WINDOWS\System32\my.ini
[2001.09.19 21:52:22 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\sablot.dll
[2001.08.16 19:04:46 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\ming.dll
[2001.07.26 20:44:38 | 00,475,136 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll
[2001.07.23 13:20:20 | 00,252,768 | ---- | C] () -- C:\WINDOWS\System32\capicom.dll
[2001.05.16 23:17:04 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2001.05.16 23:16:30 | 00,860,160 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001.01.29 17:04:42 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2001.01.29 16:41:45 | 00,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\1MŠ13.sys
[2001.01.29 16:29:32 | 00,000,214 | ---- | C] () -- C:\WINDOWS\Mapedit.ini
[2001.01.24 22:01:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WebSubmit.INI
[2001.01.24 22:01:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\graphedit.INI
[2000.10.22 19:26:44 | 00,438,334 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2000.10.22 05:41:26 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\libsasl.dll
[2000.10.07 07:41:10 | 00,747,486 | ---- | C] () -- C:\WINDOWS\System32\iconv-1.3.dll
[2000.09.27 02:28:20 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\libpq.dll
[2000.08.24 19:44:10 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2000.08.24 19:44:08 | 00,078,848 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[1999.05.24 12:26:42 | 00,317,440 | ---- | C] () -- C:\WINDOWS\System32\FdfTk.dll
[1997.09.08 01:13:48 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\mSQL.dll

[color=#E56717]========== LOP Check ==========[/color]

[2001.01.24 22:01:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Absolutist
[2007.02.03 10:55:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2008.12.07 17:39:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show
[2008.12.30 14:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ConeXware
[2009.01.06 11:14:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Devart
[2008.08.12 15:31:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EwisoftWeb
[2008.02.19 17:11:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\files comnon
[2009.12.24 07:45:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008.02.18 21:42:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeKSoft
[2009.12.24 17:46:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2009.12.23 18:59:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009.12.24 07:51:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008.12.30 14:08:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PKWARE
[2001.01.24 23:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008.06.20 14:17:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REL Software
[2007.01.09 22:48:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008.09.07 20:41:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2008.12.30 13:45:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007.02.03 10:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\ACD Systems
[2008.12.14 23:33:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Agelong Tree
[2008.12.13 17:59:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Ambient Design
[2008.04.28 19:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Aptana
[2001.01.29 17:31:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Artweaver
[2009.01.02 11:09:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\BarbieIP
[2007.12.19 19:57:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\blaxxun interactive
[2007.01.14 15:54:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Blumentals
[2009.07.08 22:39:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\BSplayer Pro
[2008.07.24 17:05:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Cayoren
[2009.03.16 11:43:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\com.adobe.ExMan
[2009.01.06 11:14:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Devart
[2008.07.15 18:52:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Electrum
[2008.04.28 12:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\EndNote
[2008.07.19 10:04:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\FDRLab
[2008.03.20 22:17:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Flock
[2009.02.06 17:46:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\gnupg
[2008.09.29 16:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\iComment
[2001.01.29 17:18:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Inkscape
[2007.10.09 19:26:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\iolo
[2008.12.27 15:15:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\ITTNord
[2008.10.18 22:58:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Leadertech
[2007.12.22 21:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\LuckaSoft
[2008.07.19 09:56:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Micro-Sys
[2008.01.23 21:21:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\MSDict
[2000.02.25 19:21:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\MSNInstaller
[2009.01.07 22:19:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\MySQL
[2007.10.07 15:00:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Netscape
[2009.12.24 18:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Nokia
[2008.12.30 11:57:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Opera
[2009.12.24 07:51:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\PC Suite
[2007.10.06 17:45:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\PCToolsFirewallPlus
[2008.02.05 20:22:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\PHP Designer 2007
[2008.12.30 14:08:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\PKWARE
[2001.01.24 23:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\PlayFirst
[2008.06.20 14:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\REL Software
[2009.06.01 14:11:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\RssBandit
[2008.08.18 11:50:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\scriptocean
[2009.07.08 22:38:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Smart PC Solutions
[2009.12.27 15:04:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Software Informer
[2008.03.18 21:25:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\SQL Maestro Group
[2008.12.13 16:19:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\SQL-Front
[2008.10.09 17:01:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Star-Tools
[2009.01.01 12:37:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Subversion
[2008.12.27 21:01:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Thunderbird
[2008.06.10 13:16:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Tonbrand
[2008.12.30 13:45:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Uniblue
[2008.10.07 08:31:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\X-Chat 2
[2001.01.29 15:59:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AMD\Application Data\Xara
[2009.12.29 22:50:10 | 00,000,236 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009.12.29 22:26:18 | 00,000,270 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2007.10.05 21:10:01 | 00,000,013 | -H-- | M] ()(C:\Documents and Settings\All Users\Application Data\?113.›sys) -- C:\Documents and Settings\All Users\Application Data\˜113.›sys
[2007.10.05 21:10:01 | 00,000,013 | -H-- | C] ()(C:\Documents and Settings\All Users\Application Data\?113.›sys) -- C:\Documents and Settings\All Users\Application Data\˜113.›sys

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 156 bytes -> C:\Documents a

Ako nije moguce pokretanje ComboFix-a, promijeniti mu ime a originalni naziv kopirati, pokrenuti preimenovanu aplikaciju i kad isteknu "crvici" i pojavi se plavi prozor vratiti sa rename/paste originalno ime ComboFix. Tako bi treblo da prodje i da se on izbori sa malware-om koji ometa njegovo pokretanje. Probati vise puta, meni uvijek uspijeva.

Evo izvestaja od ComboFix-a, sa fajla ComboFix.txt:
ComboFix 09-12-29.05 - AMD 30.12.2009 14:41:56.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.511.278 [GMT 1:00]
Running from: C:\Documents and Settings\AMD\Desktop\virusi\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091230-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe
C:\data
C:\DOCUME~1\AMD\LOCALS~1\Temp\sshnas.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\AMD\Local Settings\Temporary Internet Files\MF14593ED.gif
C:\Documents and Settings\AMD\Local Settings\Temporary Internet Files\SF0ED.gif
C:\RECYCLER\S-1-5-21-5022025655-5243487776-667105670-1513
C:\RECYCLER\S-1-5-21-7447616189-6156694743-577924888-6520
C:\RECYCLER\S-1-5-21-8970895981-6549857589-034862723-1918
C:\WINDOWS\msa.exe
C:\WINDOWS\msb.exe
C:\WINDOWS\system32\sshnas.dll
C:\WINDOWS\system32\vspopup.dll
C:\WINDOWS\system32\Y14L8iyF.exe.a_a
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
D:\autorun.inf
E:\autorun.inf

----- BITS: Possible infected sites -----

hxxp://nds1.nokia.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_AVPsys
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.

2009-12-29 20:51:11 . 2009-12-29 20:51:15 -------- d-----w- C:\Program Files\trend micro
2009-12-29 20:51:10 . 2009-12-29 20:51:23 -------- d-----w- C:\rsit
2009-12-29 19:20:16 . 2009-12-29 19:30:29 26386 ----a-w- C:\backup.reg
2009-12-29 19:20:15 . 2009-12-29 19:30:28 574 ----a-w- C:\cleanup.bat
2009-12-29 19:20:15 . 2009-12-29 19:30:28 135168 ----a-w- C:\zip.exe
2009-12-29 10:40:16 . 2009-12-29 10:40:16 -------- d-----w- C:\Documents and Settings\AMD\Local Settings\Application Data\WinZip
2009-12-29 10:03:25 . 2009-12-29 10:03:25 -------- d-----w- C:\saslPrep_3968
2009-12-29 09:07:14 . 2009-12-29 09:07:03 388608 ----a-w- C:\WINDOWS\system32\CF19309.exe
2009-12-27 14:28:25 . 2009-12-28 16:54:36 -------- d-----w- C:\WINDOWS\system32\NtmsData
2009-12-27 14:25:43 . 2009-12-27 14:25:43 -------- d-sh--w- C:\Documents and Settings\AMD\IECompatCache
2009-12-27 11:24:20 . 2009-12-30 13:57:01 -------- d-----w- C:\Program Files\Common Files\Akamai
2009-12-25 21:45:01 . 2009-12-26 09:01:48 -------- d-----w- C:\Documents and Settings\AMD\Local Settings\Application Data\Free_Lunch_Design
2009-12-25 21:44:59 . 2009-12-25 21:45:03 -------- d-----w- C:\Program Files\Free_Lunch_Design
2009-12-25 21:12:57 . 2009-12-25 21:12:59 -------- d-----w- C:\Program Files\Santa Claus in Trouble
2009-12-24 17:32:29 . 2009-12-27 07:45:08 -------- d-----w- C:\Program Files\Carambis
2009-12-24 17:01:57 . 2009-12-24 17:01:57 -------- d-----w- C:\Documents and Settings\AMD\Local Settings\Application Data\Nokia
2009-12-24 17:01:42 . 2009-12-24 17:01:42 -------- d-----w- C:\Documents and Settings\AMD\Local Settings\Application Data\NokiaAccount
2009-12-24 16:54:44 . 2008-08-26 08:26:12 18816 ----a-w- C:\WINDOWS\system32\drivers\pccsmcfd.sys
2009-12-24 16:54:32 . 2009-12-24 16:54:38 -------- d-----w- C:\Program Files\PC Connectivity Solution
2009-12-24 16:48:20 . 2009-12-24 16:49:34 -------- d-----w- C:\WINDOWS\system32\drivers\UMDF
2009-12-24 16:46:05 . 2009-12-24 16:46:05 -------- d-----w- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
2009-12-24 16:18:48 . 2009-12-24 16:18:51 -------- d-----w- C:\Program Files\Common Files\LogoManager
2009-12-24 16:17:48 . 2009-12-24 16:18:54 -------- d-----w- C:\Program Files\MobiMB Mobile Media Browser
2009-12-24 10:19:15 . 2009-12-24 10:19:15 -------- d-----w- C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft Help
2009-12-24 08:56:04 . 2009-12-24 08:56:04 -------- d-----w- C:\Program Files\Microsoft ActiveSync
2009-12-24 07:40:42 . 2009-10-29 07:45:38 12800 -c----w- C:\WINDOWS\system32\dllcache\xpshims.dll
2009-12-24 07:40:42 . 2009-10-29 07:45:34 246272 -c----w- C:\WINDOWS\system32\dllcache\ieproxy.dll
2009-12-24 07:21:34 . 2009-12-27 14:04:23 -------- d-----w- C:\Documents and Settings\AMD\Application Data\Software Informer
2009-12-24 07:21:32 . 2009-12-24 07:21:34 -------- d-----w- C:\Program Files\Software Informer
2009-12-24 06:59:06 . 2009-08-06 18:23:46 274288 ----a-w- C:\WINDOWS\system32\mucltui.dll
2009-12-24 06:59:06 . 2009-08-06 18:23:46 215920 ----a-w- C:\WINDOWS\system32\muweb.dll
2009-12-24 06:51:46 . 2009-12-24 06:51:46 -------- d-----w- C:\Documents and Settings\AMD\Application Data\PC Suite
2009-12-24 06:51:41 . 2009-12-24 17:02:04 -------- d-----w- C:\Documents and Settings\AMD\Application Data\Nokia
2009-12-24 06:51:40 . 2009-12-24 06:51:40 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Suite
2009-12-24 06:50:06 . 2009-12-24 06:50:06 -------- d-----w- C:\Program Files\Common Files\PCSuite
2009-12-24 06:49:44 . 2009-12-24 16:56:40 -------- d-----w- C:\Program Files\Common Files\Nokia
2009-12-24 06:48:54 . 2009-10-06 10:52:36 91136 ----a-w- C:\WINDOWS\system32\nmwcdcls.dll
2009-12-24 06:48:53 . 2009-12-24 16:54:52 -------- d-----w- C:\Program Files\Nokia
2009-12-24 06:44:52 . 2009-12-24 06:45:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Installations
2009-12-23 19:12:20 . 2009-12-24 10:40:19 -------- d-----w- C:\Program Files\Microsoft Silverlight
2009-12-23 19:11:38 . 2009-12-23 19:11:42 -------- d-----w- C:\Program Files\Microsoft Office Outlook Connector
2009-12-23 19:10:57 . 2009-08-05 21:48:42 54752 ----a-w- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys
2009-12-23 19:09:06 . 2009-12-23 19:09:06 -------- d-----w- C:\Program Files\Microsoft Sync Framework
2009-12-23 19:09:03 . 2009-12-23 19:09:03 -------- d-sh--w- C:\Documents and Settings\LocalService\IETldCache
2009-12-23 19:03:27 . 2009-12-23 19:03:27 -------- d-----w- C:\Program Files\Microsoft
2009-12-23 19:02:56 . 2009-12-23 19:02:56 -------- d-----w- C:\Program Files\Windows Live SkyDrive
2009-12-23 19:02:20 . 2009-12-23 19:10:53 -------- d-----w- C:\Program Files\Windows Live
2009-12-23 18:38:51 . 2009-12-23 18:38:51 -------- d-----w- C:\Program Files\Common Files\Windows Live
2009-12-23 18:00:35 . 2009-12-23 18:00:35 -------- d-----w- C:\Program Files\Conduit
2009-12-23 18:00:35 . 2009-12-23 18:00:35 -------- d-----w- C:\Documents and Settings\AMD\Local Settings\Application Data\Conduit
2009-12-23 17:59:25 . 2009-12-23 17:59:25 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2009-12-23 17:57:50 . 2009-12-23 17:57:50 -------- d-----w- C:\Program Files\PC Drivers HeadQuarters
2009-12-23 16:41:27 . 2009-12-23 16:41:48 -------- d-sh--w- C:\Documents and Settings\AMD\PrivacIE
2009-12-23 16:37:43 . 2009-12-23 16:37:43 -------- d-sh--w- C:\Documents and Settings\AMD\IETldCache
2009-12-23 16:35:25 . 2009-12-24 10:22:27 -------- d-----w- C:\WINDOWS\ie8updates
2009-12-23 16:30:06 . 2009-12-23 16:34:24 -------- dc-h--w- C:\WINDOWS\ie8
2009-12-23 16:30:05 . 2009-12-23 16:33:41 -------- d-----w- C:\WINDOWS\system32\sr-Cyrl-CS
2009-12-23 16:26:12 . 2009-10-02 04:44:07 92160 -c----w- C:\WINDOWS\system32\dllcache\iecompat.dll
2009-12-23 13:11:40 . 2004-08-03 22:56:48 221184 ----a-w- C:\WINDOWS\system32\wmpns.dll
2009-12-22 18:47:57 . 2009-12-22 18:47:59 -------- d-----w- C:\Program Files\Xvid
2009-12-22 18:47:52 . 2009-12-22 18:47:52 -------- d-----w- C:\Program Files\FDRLab
2009-12-22 18:25:02 . 2005-07-25 09:04:08 48640 ----a-w- C:\WINDOWS\system32\drivers\ser2pl.sys
2009-12-22 17:28:43 . 2009-11-24 23:50:12 114768 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2009-12-22 17:28:43 . 2009-11-24 23:50:00 20560 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2009-12-21 20:32:05 . 2009-12-21 20:32:05 -------- d-----w- C:\Program Files\Barbie(TM)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.