Poslao: 03 Mar 2012 17:40
|
offline
- Pridružio: 21 Avg 2011
- Poruke: 44
|
Pozdrav. Popravili ste mi na leto kompjuter, sada opet imam problem. Od pre četiri-pet dana računar mi se koči, nezavisno od toga da li je uključen internet ili ne, sada sve više i više. Ne mogu da otvorim nijedan folder, čekam i čekam, on se ukoči, ne okreće se ni ikonica za Avast antivirusni program koja se uvek okreće. Kada nešto otvori, opet folder unutra ne mogu da otvorim, čekam i čekam, nekad prijavi not respond. Tako i sa stranama na internetu. Kada hoću da listam word dokument, secka, ili stane, pa odjednom ode na kraju. Nije mi tako radio računar. Sada mi je jedva ovo sve odradio sa programima da prikačim na stranici. Imam Avast antivirusni 6, internet ADSL sa protokom 4. Skenirala sam računar da vidim da li je virus, kaže nema virusa. Koristim Windows XP. Pokušala sam i da isključim antivirusni program u nadi da možda on koči računar pošto se stalno apdejtuje, međutim on isto radi. Kada se pojavi prozor, pokušam da ga pomerim, onaj stari i dalje stoji a pojavi se još jedan (u stvari je pomeren, ali kao da sam otvorila dva). Nisam ništa brisala, mislim na drajvere. Inače moj brat je stalno na Facebook-u. Molim vas pomoć, mislim da će mi pasti sistem.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by kris at 16:29:46 on 2012-03-03
Microsoft Windows XP Professional 5.1.2600.3.1251.381.1033.18.512.207 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE
C:\Program Files\BrowserCompanion\BCHelper.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Documents and Settings\All Users\Application Data\bProtector\bProtect.exe
C:\Program Files\Autorun Eater\billy.exe
svchost.exe
C:\Documents and Settings\All Users\Application Data\bProtector\bProtect.exe
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Bandoo\Bandoo.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=110395&babsrc=HP_ss&mntrId=40c1963a000000000000000c6ee9581e
uSearch Page =
uSearch Bar =
mStart Page = hxxp://home.allgameshome.com/
mSearchAssistant =
uURLSearchHooks: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBro0.dll
BHO: Chatvibes Browser Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files\browsercompanion\jsloader.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - c:\program files\blekkotb\auxi\blekkoAu.dll
BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBro0.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Chatvibes Browser Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - c:\program files\browsercompanion\updatebhoWin32.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\window~4\datamngr\toolbar\searchqudtx.dll
BHO: Loader Class: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\window~4\datamngr\BROWSE~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\program files\bandoo\plugins\ie\ieplugin.dll
BHO: CyberDefender-TB Toolbar: {ffb11c0c-da90-4969-a995-8dca2e0fc10a} - c:\program files\cyberdefender-tb\prxtbCybe.dll
TB: CyberDefender-TB Toolbar: {ffb11c0c-da90-4969-a995-8dca2e0fc10a} - c:\program files\cyberdefender-tb\prxtbCybe.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\window~4\datamngr\toolbar\searchqudtx.dll
TB: {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
TB: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBro0.dll
TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [DATAMNGR] c:\progra~1\window~4\datamngr\DATAMN~1.EXE
mRun: [Browser companion helper] c:\program files\browsercompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\kris\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8CC2F0DC-81BF-46A0-A12B-AD3211653A78} : DhcpNameServer = 192.168.1.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
AppInit_DLLs: protector.dll c:\progra~1\bandoo\bndhook.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-1 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-1 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-1 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-1 44768]
R2 bProtector;bProtector;c:\documents and settings\all users\application data\bprotector\bProtect.exe [2012-2-28 773624]
R2 IBUpdaterService;InstallBrain Updater Service;c:\documents and settings\all users\application data\ibupdaterservice\ibsvc.exe [2012-2-28 314808]
S2 gupdate;Google ажурирање услуга (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-17 136176]
S3 gupdatem;Google ажурирање услуга (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-17 136176]
.
=============== Created Last 30 ================
.
2012-03-01 11:44:24 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-01 11:43:44 41184 ----a-w- c:\windows\avastSS.scr
2012-02-28 12:28:15 790520 ----a-w- c:\windows\system32\protector.dll
2012-02-28 12:28:14 -------- d-----w- c:\documents and settings\all users\application data\bProtector
2012-02-28 12:27:39 -------- d-----w- c:\documents and settings\all users\application data\IBUpdaterService
2012-02-28 12:25:28 -------- d-----w- c:\program files\GRETECH
2012-02-17 08:07:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-15 09:49:18 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 09:49:18 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-09 07:50:28 -------- d-----w- c:\documents and settings\kris\local settings\application data\blekkotb
2012-02-09 07:50:16 -------- d-----w- c:\program files\Red Light Green Light
2012-02-09 07:50:08 -------- d-----w- c:\documents and settings\all users\application data\Anti-phishing Domain Advisor
2012-02-09 07:49:56 -------- d-----w- c:\documents and settings\kris\application data\blekkotb
2012-02-09 07:49:41 -------- d-----w- c:\program files\blekkotb
.
==================== Find3M ====================
.
2012-02-21 21:25:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 08:06:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-11 09:06:55 566784 ----a-w- c:\windows\~de74bc.tmp
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-09-03 18:36:20 4676944 ----a-w- c:\program files\a3gpset.exe
.
============= FINISH: 16:30:43,35 ===============
Prilažem Gamer 1
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
|
|
|
|
|
Poslao: 07 Mar 2012 11:10
|
offline
- Pridružio: 21 Avg 2011
- Poruke: 44
|
HVALA VAM puno što ste se javili!!!
Uradila sam kako ste rekli, evo izveštaja.
mycity.rs/must-login.png
OTL logfile created on: 6.3.2012 12:53:23 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\kris\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000081A | Country: Serbia and Montenegro | Language: SRL | Date Format: d.M.yyyy
511,53 Mb Total Physical Memory | 227,27 Mb Available Physical Memory | 44,43% Memory free
1,22 Gb Paging File | 0,85 Gb Available in Paging File | 69,42% Paging File free
Paging file location(s): C:\pagefile.sys 766 766 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,27 Gb Total Space | 14,82 Gb Free Space | 39,77% Space Free | Partition Type: NTFS
Drive D: | 19,52 Gb Total Space | 14,66 Gb Free Space | 75,09% Space Free | Partition Type: FAT32
Drive E: | 19,52 Gb Total Space | 2,24 Gb Free Space | 11,46% Space Free | Partition Type: FAT32
Computer Name: LAV | User Name: kris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.03.06 12:49:03 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kris\Desktop\OTL.exe
PRC - [2012.02.28 13:28:15 | 000,773,624 | ---- | M] (bProtector) -- C:\Documents and Settings\All Users\Application Data\bProtector\bProtect.exe
PRC - [2012.02.09 08:11:59 | 000,648,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2012.01.27 18:07:06 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012.01.17 20:18:44 | 000,232,616 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011.12.16 07:55:44 | 000,187,696 | ---- | M] (Blabbers Communications LTD) -- C:\Program Files\BrowserCompanion\BCHelper.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.05.06 18:09:06 | 000,415,638 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2010.05.06 17:59:36 | 000,516,216 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2008.04.14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.05.12 11:16:50 | 000,072,704 | ---- | M] (Autodata Limited) -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (No Company Name) ==========
MOD - [2012.03.06 08:01:21 | 001,721,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12030600\algo.dll
MOD - [2012.03.04 18:51:12 | 001,721,344 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12030401\algo.dll
MOD - [2012.02.28 13:28:15 | 000,790,520 | ---- | M] () -- C:\WINDOWS\system32\protector.dll
MOD - [2012.02.21 22:25:58 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.08.07 12:54:44 | 000,362,029 | ---- | M] () -- C:\Program Files\BrowserCompanion\sqlite3.dll
MOD - [2004.01.22 17:36:28 | 000,120,832 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012.02.28 13:28:15 | 000,773,624 | ---- | M] (bProtector) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\bProtector\bProtect.exe -- (bProtector)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2006.05.12 11:16:50 | 000,072,704 | ---- | M] (Autodata Limited) [Auto | Running] -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.11.28 18:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008.04.13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.05.11 02:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.05.09 00:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.03.05 05:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.03.05 04:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.03.05 04:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 04:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007.03.05 04:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 04:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2006.11.21 21:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004.06.29 08:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003.07.02 03:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [1997.04.22 09:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = home.allgameshome.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{807FC1E6-CF7E-4B46-B5A0-A988A18689CA}: "URL" = home.allgameshome.com/results.php?category=web&s={searchTerms}
IE - HKLM\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = home.allgameshome.com/results.php?category=web&s={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = searchqu.com/web?src=ieb&appid=113&.....r=0&q={searchTerms}
IE - HKLM\..\SearchScopes\Yandex: "URL" = yandex.ru/yandsearch?clid=124993&text={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = search.babylon.com/?AF=110395&babsrc=HP.....0c6ee9581e
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = home.allgameshome.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = search.babylon.com/?AF=110395&babsrc=HP.....0c6ee9581e
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = search.babylon.com/?q={searchTerms}&AF=110395&babsrc=SP_ss&mntrId=40c1963a000000000000000c6ee9581e
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = websearch.ask.com/redirect?client=ie&tb.....crm&q={searchTerms}&locale=en_EU&apn_ptnrs=PV&apn_dtid=YYYYYYYYRS&apn_uid=E28614DF-1237-4894-8CF7-5C7B5FB6DB64&apn_sauid=F3178448-47D5-4701-8179-A6D7734BE65F
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = blekko.com/?source=c3348dd4&tbp=rbox&am.....A5D&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = searchqu.com/web?src=ieb&appid=113&.....r=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKCU\..\SearchScopes\{B920E11C-ECE3-4BB0-9E43-BD4532CD88FA}: "URL" = websearch.ask.com/redirect?client=ie&tb.....crm&q={searchTerms}&locale=&apn_ptnrs=8E&apn_dtid=YYYYYYM5RS&apn_uid=2A247669-5B56-4BD1-9898-28E235D95625&apn_sauid=66E8BE8B-CD79-499F-A8C6-37FDA6BA322A
IE - HKCU\..\SearchScopes\Moikrug: "URL" = moikrug.ru/persons/?clid=124993&charset=utf-8&keywords={searchTerms}&submitted=1
IE - HKCU\..\SearchScopes\Yandex: "URL" = yandex.ru/yandsearch?clid=124993&text={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2012.03.06 12:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions
[2011.10.26 20:20:39 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011.10.20 13:25:24 | 000,000,000 | ---D | M] (AllGamesHome Toolbar) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD}
[2011.10.26 20:03:59 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@babylon.com
[2011.09.20 17:10:27 | 000,000,000 | ---D | M] (Яндекс.Бар) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru
========== Chrome ==========
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Bandoo (Enabled) = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Browser Companion Helper = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Bandoo = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1367\
CHR - Extension: avast! WebRep = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: AllGamesHome Toolbar = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ookojgjkbgkokilaodflpkfdpedobang\1.0.0.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2011.08.23 16:56:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Chatvibes Browser Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files\blekkotb\auxi\blekkoAu.dll (Visicom Media)
O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Chatvibes Browser Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar" File not found
O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar" File not found
O4 - Startup: C:\Documents and Settings\kris\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CC2F0DC-81BF-46A0-A12B-AD3211653A78}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O20 - AppInit_DLLs: (protector.dll) - C:\WINDOWS\System32\protector.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\kris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.30 15:09:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.08.24 15:58:34 | 000,000,000 | ---D | M] - E:\Autorun Eater -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.03.06 12:49:03 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kris\Desktop\OTL.exe
[2012.03.05 08:38:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\kris\Recent
[2012.03.04 15:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.03 16:26:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kris\My Documents\My Videos
[2012.03.01 12:44:29 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.03.01 12:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Pro Antivirus
[2012.03.01 12:44:28 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.03.01 12:44:25 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.03.01 12:44:25 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.03.01 12:44:24 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.03.01 12:44:24 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.03.01 12:44:24 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.03.01 12:44:23 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.03.01 12:43:44 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.03.01 12:43:42 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.02.28 13:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bProtector
[2012.02.28 13:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\My Documents\GomPlayer
[2012.02.28 13:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\Application Data\GRETECH
[2012.02.28 13:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GOM Player
[2012.02.28 13:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2012.02.17 09:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.02.17 09:07:16 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.02.17 09:07:15 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.02.17 09:07:14 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.02.17 09:07:14 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.02.17 09:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.02.09 08:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\Local Settings\Application Data\blekkotb
[2012.02.09 08:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
[2012.02.09 08:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\Application Data\blekkotb
[2012.02.09 08:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\blekkotb
[2012.02.09 08:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\kris\My Documents\*.tmp files -> C:\Documents and Settings\kris\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.03.06 13:00:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\bProtector.job
[2012.03.06 12:51:46 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A1E99903-C1FC-4CE3-897C-BE97562A6A91}.job
[2012.03.06 12:49:03 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kris\Desktop\OTL.exe
[2012.03.06 12:32:27 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.06 12:32:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.06 12:32:20 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.06 11:18:35 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012.03.06 09:23:21 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.05 11:42:43 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.03.01 12:44:24 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.02.28 13:28:15 | 000,790,520 | ---- | M] () -- C:\WINDOWS\System32\protector.dll
[2012.02.28 13:26:11 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\kris\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012.02.28 13:26:11 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk
[2012.02.28 12:36:34 | 000,204,800 | ---- | M] () -- C:\Documents and Settings\kris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.28 12:30:00 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\kris\default.pls
[2012.02.28 10:26:14 | 010,013,205 | ---- | M] () -- C:\Documents and Settings\kris\Desktop\strano miks.mp3
[2012.02.23 23:59:17 | 000,393,662 | ---- | M] () -- C:\Documents and Settings\kris\My Documents\MSInfo6.mdi
[2012.02.23 23:58:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.21 22:25:58 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.02.17 09:06:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012.02.17 09:06:27 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.02.17 09:06:27 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.02.17 09:06:27 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.02.17 09:06:27 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.02.15 15:33:45 | 000,245,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.15 11:01:30 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.02.15 11:01:30 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.02.14 11:07:50 | 000,086,645 | ---- | M] () -- C:\Documents and Settings\kris\My Documents\426250_10150533639031470_96585976469_9278192_103742443_n.jpg
[2012.02.11 10:06:55 | 000,001,696 | ---- | M] () -- C:\WINDOWS\Ky5s96SF.csa
[2012.02.09 08:38:30 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero ShowTime CE.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\kris\My Documents\*.tmp files -> C:\Documents and Settings\kris\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.03.06 09:15:52 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\bProtector.job
[2012.02.28 13:28:15 | 000,790,520 | ---- | C] () -- C:\WINDOWS\System32\protector.dll
[2012.02.28 13:26:11 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\kris\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012.02.28 13:26:11 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk
[2012.02.28 10:25:49 | 010,013,205 | ---- | C] () -- C:\Documents and Settings\kris\Desktop\strano miks.mp3
[2012.02.23 23:59:16 | 000,393,662 | ---- | C] () -- C:\Documents and Settings\kris\My Documents\MSInfo6.mdi
[2012.02.15 10:49:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.15 10:49:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012.02.14 11:07:50 | 000,086,645 | ---- | C] () -- C:\Documents and Settings\kris\My Documents\426250_10150533639031470_96585976469_9278192_103742443_n.jpg
[2012.02.09 08:38:30 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero ShowTime CE.lnk
[2011.12.03 18:28:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\457420fe37323c3b17516796486456dc_c
[2011.12.03 12:03:59 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2011.12.01 23:34:28 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011.10.23 12:49:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011.09.20 17:08:03 | 010,399,995 | ---- | C] () -- C:\Program Files\aimp_3.00.832_beta_1.zip
[2011.09.03 19:36:02 | 004,676,944 | ---- | C] () -- C:\Program Files\a3gpset.exe
[2011.08.25 21:51:22 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2011.08.17 19:37:16 | 000,000,670 | ---- | C] () -- C:\Program Files\Autorun Eater.lnk
========== Alternate Data Streams ==========
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F036C20D
< End of report >
I ovo mi je izbacio kada je završio skeniranje, niste pomenuli da će i to izaći pa ću vam priložiti:
mycity.rs/must-login.png
Napomena:
Nemojte se ljutiti. Videla sam da mi je (neposredno nakon što sam otvorila temu) neko temu ubacio u kantu, shvatila sam da to znači da moj slučaj neće biti razmatran.
Skinula sam Malware-Anty Malware program koji mi je nasao 9 Malware virusa (koje Avast uopšte nije detektovao da postoje), obrisala sam ih ali i dalje mi računar radi isto kao ranije, možda malo gore. Nakon toga ste se Vi javili. Još jednom hvala što ste se javili, nadam se da sada nećete napustiti moj slučaj.
|
|
|
|
Poslao: 07 Mar 2012 21:51
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Korak 1
Idi u Start -> Run -> %AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs -> Enter
Priloži sve izvještaje uz poruku koristeći opciju Prikači fajl.
Korak 2
Idi u Control Panel -> Add or Remove Programs i deinstaliraj sljedeće programe:
BrowserCompanion
Spam Free Search Bar
Korak 3
Ponovo pokreni program OTL dvoklikom na ikonu.
U bijeli okvir prozora gdje piše Custom Scans/Fixes iskopirati sljedeći tekst:
:files
C:\Documents and Settings\kris\Local Settings\Application Data\blekkotb
C:\Documents and Settings\kris\Application Data\blekkotb
C:\Program Files\blekkotb
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.allgameshome.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{807FC1E6-CF7E-4B46-B5A0-A988A18689CA}: "URL" = http://home.allgameshome.com/results.php?category=web&s={searchTerms}
IE - HKLM\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://home.allgameshome.com/results.php?category=web&s={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\Yandex: "URL" = http://yandex.ru/yandsearch?clid=124993&text={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?AF=110395&babsrc=HP_ss&mntrId=40c1963a000000000000000c6ee9581e
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.allgameshome.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=110395&babsrc=HP_ss&mntrId=40c1963a000000000000000c6ee9581e
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110395&babsrc=SP_ss&mntrId=40c1963a000000000000000c6ee9581e
4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=PV&apn_dtid=YYYYYYYYRS&apn_uid=E28614DF-1237-4894-8CF7-5C7B5FB6DB64&apn_sauid=F3178448-47D5-4701-8179-A6D7734BE65F
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=20120209CD354D81A4C0D7D1F9BD5A5D&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKCU\..\SearchScopes\{B920E11C-ECE3-4BB0-9E43-BD4532CD88FA}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MPC2&o=41647997&src=crm&q={searchTerms}&locale=&apn_ptnrs=8E&apn_dtid=YYYYYYM5RS&apn_uid=2A247669-5B56-4BD1-9898-28E235D95625&apn_sauid=66E8BE8B-CD79-499F-A8C6-37FDA6BA322A
IE - HKCU\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/persons/?clid=124993&charset=utf-8&keywords={searchTerms}&submitted=1
IE - HKCU\..\SearchScopes\Yandex: "URL" = http://yandex.ru/yandsearch?clid=124993&text={searchTerms}
[2011.10.26 20:20:39 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011.10.20 13:25:24 | 000,000,000 | ---D | M] (AllGamesHome Toolbar) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD}
[2011.10.26 20:03:59 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@babylon.com
[2011.09.20 17:10:27 | 000,000,000 | ---D | M] (Яндекс.Бар) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru
CHR - Extension: Bandoo = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\
CHR - Extension: AllGamesHome Toolbar = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ookojgjkbgkokilaodflpkfdpedobang\1.0.0.0_0\
O2 - BHO: (Chatvibes Browser Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files\blekkotb\auxi\blekkoAu.dll (Visicom Media)
O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll ()
O2 - BHO: (Chatvibes Browser Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll ()
:commands
[purity]
[emptytemp]
[reboot]
Obavezno provjeri da li je čitav tekst iz kod polja kopiran.
Klikni taster Run Fix;
Izvještaj koji dobiješ iskopiraj ovde u poruci.
Korak 4
Opet pokreni OTL, klikni na Run scan i kopiraj svjež izvještaj u poruku.
Kakvo je sad stanje sistema?
|
|
|
|
Poslao: 07 Mar 2012 23:38
|
offline
- Pridružio: 21 Avg 2011
- Poruke: 44
|
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
Evo prvog rezultata:
All processes killed
========== FILES ==========
File\Folder C:\Documents and Settings\kris\Local Settings\Application Data\blekkotb not found.
File\Folder C:\Documents and Settings\kris\Application Data\blekkotb not found.
File\Folder C:\Program Files\blekkotb not found.
File\Folder :OTL not found.
Invalid Switch:
File\Folder IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = not found.
File\Folder IE - HKLM\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} not found.
Invalid Switch: results.aspx?q={searchTerms}&src={referrer:source?}
Invalid Switch: results.php?category=web&s={searchTerms}
Invalid Switch: results.php?category=web&s={searchTerms}
Invalid Switch: web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
Invalid Switch: yandsearch?clid=124993&text={searchTerms}
Invalid Switch: ?AF=110395&babsrc=HP_ss&mntrId=40c1963a000000000000000c6ee9581e
Invalid Switch: [binary data]
Invalid Switch: ?AF=110395&babsrc=HP_ss&mntrId=40c1963a000000000000000c6ee9581e
File\Folder IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} not found.
Invalid Switch: ?q={searchTerms}&AF=110395&babsrc=SP_ss&mntrId=40c1963a000000000000000c6ee9581e
Invalid Switch: redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=PV&apn_dtid=YYYYYYYYRS&apn_uid=E28614DF-1237-4894-8CF7-5C7B5FB6DB64&apn_sauid=F3178448-47D5-4701-8179-A6D7734BE65F
Invalid Switch: ?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=20120209CD354D81A4C0D7D1F9BD5A5D&q={searchTerms}
Invalid Switch: web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
Invalid Switch: ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
Invalid Switch: redirect?client=ie&tb=MPC2&o=41647997&src=crm&q={searchTerms}&locale=&apn_ptnrs=8E&apn_dtid=YYYYYYM5RS&apn_uid=2A247669-5B56-4BD1-9898-28E235D95625&apn_sauid=66E8BE8B-CD79-499F-A8C6-37FDA6BA322A
Invalid Switch: ?clid=124993&charset=utf-8&keywords={searchTerms}&submitted=1
Invalid Switch: yandsearch?clid=124993&text={searchTerms}
File\Folder [2011.10.26 20:20:39 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} not found.
File\Folder [2011.10.20 13:25:24 | 000,000,000 | ---D | M] (AllGamesHome Toolbar) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD} not found.
File\Folder [2011.10.26 20:03:59 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@babylon.com not found.
File\Folder [2011.09.20 17:10:27 | 000,000,000 | ---D | M] (Яндекс.Бар) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru not found.
Folder CHR - Extension: Bandoo = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0 not found.
Folder CHR - Extension: AllGamesHome Toolbar = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ookojgjkbgkokilaodflpkfdpedobang\1.0.0.0_0 not found.
File\Folder O2 - BHO: (Chatvibes Browser Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( ) not found.
File\Folder O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files\blekkotb\auxi\blekkoAu.dll (Visicom Media) not found.
File\Folder O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll () not found.
File\Folder O2 - BHO: (Chatvibes Browser Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( ) not found.
File\Folder O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll () not found.
File\Folder :commands not found.
File\Folder [purity] not found.
File\Folder [emptytemp] not found.
File\Folder [reboot] not found.
OTL by OldTimer - Version 3.2.35.1 log created on 03062012_222247
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Nakon prvog pokretanja OTL programa na način kako ste mi rekli, sam je resetovao računar i nakon toga mi je izbacio prozor sa tekstom:
The aplication has failed to start because sqlite3.dll was not found. Reinstalling the application may fix this problem. i samo dugme ok. Ali tada mi se ukočio računar i neko vreme tako pa sam morala da ga resetujem i opet mi je izbacio isto na ekranu i rezultat koji sam priložila gore.
Pokrenula sam nakon toga opet kako ste rekli i evo rezultata:
mycity.rs/must-login.png
Sada kada je sve završeno ne koči se računar kao ranije 50% radi brže, isto je i s internetom. Naiđe recimo posle petnest do dvadeset minuta rada opet tako koči se, kao ranije, resetujem ga i sve tako.
|
|
|
|
Poslao: 08 Mar 2012 00:38
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Izgleda da nam se OTL malo zabagovao pa nije dobro procesirao skriptu. Idemo ponovo:
Korak 1
Pokreni ponovo OTL i kopiraj sljedeći tekst u polje Custom Scan/Fixes
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.allgameshome.com/
IE - HKLM\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKLM\..\SearchScopes\{807FC1E6-CF7E-4B46-B5A0-A988A18689CA}: "URL" = http://home.allgameshome.com/results.php?category=web&s={searchTerms}
IE - HKLM\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://home.allgameshome.com/results.php?category=web&s={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\Yandex: "URL" = http://yandex.ru/yandsearch?clid=124993&text={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?AF=110395&babsrc=HP_ss&mntrId=40c1963a000000000000000c6ee9581e
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.allgameshome.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=110395&babsrc=HP_ss&mntrId=40c1963a000000000000000c6ee9581e
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110395&babsrc=SP_ss&mntrId=40c1963a000000000000000c6ee9581e
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=PV&apn_dtid=YYYYYYYYRS&apn_uid=E28614DF-1237-4894-8CF7-5C7B5FB6DB64&apn_sauid=F3178448-47D5-4701-8179-A6D7734BE65F
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=20120209CD354D81A4C0D7D1F9BD5A5D&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKCU\..\SearchScopes\{B920E11C-ECE3-4BB0-9E43-BD4532CD88FA}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MPC2&o=41647997&src=crm&q={searchTerms}&locale=&apn_ptnrs=8E&apn_dtid=YYYYYYM5RS&apn_uid=2A247669-5B56-4BD1-9898-28E235D95625&apn_sauid=66E8BE8B-CD79-499F-A8C6-37FDA6BA322A
IE - HKCU\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/persons/?clid=124993&charset=utf-8&keywords={searchTerms}&submitted=1
IE - HKCU\..\SearchScopes\Yandex: "URL" = http://yandex.ru/yandsearch?clid=124993&text={searchTerms}
[2011.10.20 13:25:24 | 000,000,000 | ---D | M] (AllGamesHome Toolbar) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD}
[2011.10.26 20:03:59 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@babylon.com
[2011.09.20 17:10:27 | 000,000,000 | ---D | M] (Яндекс.Бар) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru
CHR - plugin: Bandoo (Enabled) = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - Extension: Bandoo = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\
CHR - Extension: AllGamesHome Toolbar = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ookojgjkbgkokilaodflpkfdpedobang\1.0.0.0_0\
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
:commands
[purity]
[emptytemp]
[reboot]
Klikni na Run Fix.
Korak 2
Opet pokreni OTL, klikni na Run scan i postavi svjež izvještaj.
|
|
|
|
Poslao: 08 Mar 2012 10:03
|
offline
- Pridružio: 21 Avg 2011
- Poruke: 44
|
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{807FC1E6-CF7E-4B46-B5A0-A988A18689CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807FC1E6-CF7E-4B46-B5A0-A988A18689CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B920E11C-ECE3-4BB0-9E43-BD4532CD88FA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B920E11C-ECE3-4BB0-9E43-BD4532CD88FA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD}\components folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD}\chrome\content\id_toolbar folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD}\chrome\content folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD}\chrome folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD} folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\searchplugins folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\platform\Darwin\defaults\preferences folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\platform\Darwin\defaults folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\platform\Darwin folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\platform folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\modules\xb folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\modules folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\META-INF folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\defaults\preferences folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\defaults folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\components folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\translate folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\toolbar-items folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\textonly folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\spellchecker folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\searchbox\images folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\searchbox folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\preferences folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\platform-style\win\preferences folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\platform-style\win\keycorrector folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\platform-style\win\alerts folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\platform-style\win folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\platform-style\unix\preferences folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\platform-style\unix\keycorrector folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\platform-style\unix\alerts folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\platform-style\unix folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\platform-style\mac\preferences folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\platform-style\mac\keycorrector folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\platform-style\mac\alerts folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\platform-style\mac folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\platform-style folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\keycorrector folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\images folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\hacks\themes\win folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\hacks\themes\mac folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\hacks\themes folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\hacks folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\ftab folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\first-start folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\dialogs\images\title folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\dialogs\images\status folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\dialogs\images\scrollbar folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\dialogs\images\dialog folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\dialogs\images\checkbox folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\dialogs\images\button\base folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\dialogs\images\button\arrow folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\dialogs\images\button folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\dialogs\images\arrows folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\dialogs\images folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\dialogs folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\browser-icons\throbber folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\browser-icons\reload folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\browser-icons\arrows folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\browser-icons folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\bookmarks folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\bloggers folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\alerts folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic\about folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin\classic folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\skin folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\textonly folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\static-widgets folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\spellchecker folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\services folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\searchbox folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\preferences folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\package-management folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\links folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\keycorrector folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\ftab folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\first-start\images folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\first-start folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\feeds folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\dialogs folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\bookmarks folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\bloggers folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\alerts folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk\about folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\uk folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\textonly folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\static-widgets folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\spellchecker folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\services folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\searchbox folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\preferences folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\package-management folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\links folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\keycorrector folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\ftab folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\first-start\images folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\first-start folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\feeds folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\dialogs folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\bookmarks folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\bloggers folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\alerts folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru\about folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\ru folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\textonly folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\static-widgets folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\spellchecker folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\services folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\searchbox folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\preferences folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\package-management folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\links folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\keycorrector folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\ftab folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\first-start\images folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\first-start folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\feeds folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\dialogs folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\bookmarks folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\bloggers folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\alerts folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk\about folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\kk folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\textonly folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\static-widgets folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\spellchecker folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\services folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\searchbox folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\preferences folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\package-management folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\links folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\keycorrector folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\ftab folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\first-start\images folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\first-start folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\feeds folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\dialogs folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\bookmarks folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\bloggers folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\alerts folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US\about folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\textonly folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\static-widgets folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\spellchecker folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\services folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\searchbox folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\preferences folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\package-management folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\links folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\keycorrector folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\ftab folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\first-start\images folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\first-start folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\feeds folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\dialogs folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\bookmarks folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\bloggers folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\alerts folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be\about folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale\be folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\locale folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\xsl-templ folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\translate folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\textonly\content folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\textonly folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\sub-scripts folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\spellchecker folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\services\mybar\zakladki folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\services\mybar\yaru folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\services\mybar\pdd folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\services\mybar\money folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\services\mybar\moikrug folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\services\mybar\mail folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\services\mybar\lenta folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\services\mybar\fotki folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\services\mybar\bar folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\services\mybar folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\services folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\searchbox folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\preferences folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\partner folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\modules folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\keycorrector folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\ftab folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\first-start\images folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\first-start folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\feeds folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\dialogs folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\presets folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\preferences\templates folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\preferences\static-widgets folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\preferences\images folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\preferences\bindings folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\preferences folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\packages\toolkit\images folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\packages\toolkit folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\packages\common\weather folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\packages\common\traffic folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\packages\common\locale\uk folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\packages\common\locale\ru folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\packages\common\locale\kk folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\packages\common\locale\en folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\packages\common\locale\be folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\packages\common\locale folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\packages\common\icons folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\packages\common folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\packages folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\lib\ui\behaviour folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\lib\ui folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\lib folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\dialogs\popup_browser folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\dialogs\package-management\update folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\dialogs\package-management\placement\images folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\dialogs\package-management\placement folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\dialogs\package-management\notification-update folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\dialogs\package-management\install folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\dialogs\package-management\head folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\dialogs\package-management\disclaimer folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\dialogs\package-management\components\images folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\dialogs\package-management\components folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\dialogs\package-management folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\dialogs folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\ui folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\orange\radio folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\orange\progressmeter folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\orange\notification folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\orange\more\images folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\orange\more folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\orange\label folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\orange\dialog\images folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\orange\dialog folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\orange\checkbox folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\orange\button-link folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\orange\button\images folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\orange\button folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\orange folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\chevron\images\normal folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\chevron\images\hover folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\chevron\images\active folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\chevron\images folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings\chevron folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar\bindings folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\custombar folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\bookmarks folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\bloggers folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\alerts folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content\about folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome\content folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru\chrome folder moved successfully.
C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru folder moved successfully.
C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll moved successfully.
C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0 folder moved successfully.
C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ookojgjkbgkokilaodflpkfdpedobang\1.0.0.0_0 folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Browser companion helper deleted successfully.
C:\Program Files\BrowserCompanion\BCHelper.exe moved successfully.
File rity] not found.
File ptytemp] not found.
File boot] not found.
OTL by OldTimer - Version 3.2.35.1 log created on 03072012_084807
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Posle ponovnog skenitanja evo rezultata>
OTL logfile created on: 7.3.2012 08:54:35 - Run 3
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\kris\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000081A | Country: Serbia and Montenegro | Language: SRL | Date Format: d.M.yyyy
511,53 Mb Total Physical Memory | 145,79 Mb Available Physical Memory | 28,50% Memory free
1,22 Gb Paging File | 0,86 Gb Available in Paging File | 70,69% Paging File free
Paging file location(s): C:\pagefile.sys 766 766 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,27 Gb Total Space | 14,69 Gb Free Space | 39,40% Space Free | Partition Type: NTFS
Drive D: | 19,52 Gb Total Space | 14,66 Gb Free Space | 75,09% Space Free | Partition Type: FAT32
Drive E: | 19,52 Gb Total Space | 2,24 Gb Free Space | 11,46% Space Free | Partition Type: FAT32
Computer Name: LAV | User Name: kris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.03.06 12:49:03 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kris\Desktop\OTL.exe
PRC - [2012.02.28 13:28:15 | 000,773,624 | ---- | M] (bProtector) -- C:\Documents and Settings\All Users\Application Data\bProtector\bProtect.exe
PRC - [2012.02.09 08:11:59 | 000,648,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2012.01.27 18:07:06 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012.01.03 14:10:46 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.05.06 18:09:06 | 000,415,638 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2010.05.06 17:59:36 | 000,516,216 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2008.04.14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.05.12 11:16:50 | 000,072,704 | ---- | M] (Autodata Limited) -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (No Company Name) ==========
MOD - [2012.03.07 19:10:33 | 001,721,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12030701\algo.dll
MOD - [2012.02.28 13:28:15 | 000,790,520 | ---- | M] () -- C:\WINDOWS\system32\protector.dll
MOD - [2012.02.21 22:25:58 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012.02.28 13:28:15 | 000,773,624 | ---- | M] (bProtector) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\bProtector\bProtect.exe -- (bProtector)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2006.05.12 11:16:50 | 000,072,704 | ---- | M] (Autodata Limited) [Auto | Running] -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.11.28 18:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008.04.13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.05.11 02:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.05.09 00:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.03.05 05:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.03.05 04:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.03.05 04:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 04:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007.03.05 04:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 04:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2006.11.21 21:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004.06.29 08:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003.07.02 03:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [1997.04.22 09:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\Yandex: "URL" = yandex.ru/yandsearch?clid=124993&text={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = search.babylon.com/?q={searchTerms}&AF=110395&babsrc=SP_ss&mntrId=40c1963a000000000000000c6ee9581e
IE - HKCU\..\SearchScopes\Moikrug: "URL" = moikrug.ru/persons/?clid=124993&charset=utf-8&keywords={searchTerms}&submitted=1
IE - HKCU\..\SearchScopes\Yandex: "URL" = yandex.ru/yandsearch?clid=124993&text={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2012.03.07 08:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions
[2011.10.26 20:20:39 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
========== Chrome ==========
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Bandoo (Enabled) = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1367\
CHR - Extension: avast! WebRep = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Gmail = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2011.08.23 16:56:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - Startup: C:\Documents and Settings\kris\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CC2F0DC-81BF-46A0-A12B-AD3211653A78}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (protector.dll) - C:\WINDOWS\System32\protector.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\kris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.30 15:09:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.08.24 15:58:34 | 000,000,000 | ---D | M] - E:\Autorun Eater -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.03.06 22:13:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.06 14:33:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\kris\Recent
[2012.03.06 12:49:03 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kris\Desktop\OTL.exe
[2012.03.04 15:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.03 16:26:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kris\My Documents\My Videos
[2012.03.01 12:44:29 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.03.01 12:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Pro Antivirus
[2012.03.01 12:44:28 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.03.01 12:44:25 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.03.01 12:44:25 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.03.01 12:44:24 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.03.01 12:44:24 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.03.01 12:44:24 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.03.01 12:44:23 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.03.01 12:43:44 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.03.01 12:43:42 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.02.28 13:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bProtector
[2012.02.28 13:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\My Documents\GomPlayer
[2012.02.28 13:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\Application Data\GRETECH
[2012.02.28 13:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GOM Player
[2012.02.28 13:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2012.02.17 09:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.02.17 09:07:16 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.02.17 09:07:15 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.02.17 09:07:14 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.02.17 09:07:14 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.02.17 09:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.02.09 08:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\kris\My Documents\*.tmp files -> C:\Documents and Settings\kris\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.03.07 09:01:02 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A1E99903-C1FC-4CE3-897C-BE97562A6A91}.job
[2012.03.07 09:01:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\bProtector.job
[2012.03.07 08:51:04 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.07 08:50:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.07 08:50:53 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.07 08:50:06 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012.03.06 22:20:03 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.06 22:05:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.06 12:49:03 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kris\Desktop\OTL.exe
[2012.03.05 11:42:43 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.03.01 12:44:24 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.02.28 13:28:15 | 000,790,520 | ---- | M] () -- C:\WINDOWS\System32\protector.dll
[2012.02.28 13:26:11 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\kris\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012.02.28 13:26:11 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk
[2012.02.28 12:36:34 | 000,204,800 | ---- | M] () -- C:\Documents and Settings\kris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.28 12:30:00 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\kris\default.pls
[2012.02.28 10:26:14 | 010,013,205 | ---- | M] () -- C:\Documents and Settings\kris\Desktop\strano miks.mp3
[2012.02.23 23:59:17 | 000,393,662 | ---- | M] () -- C:\Documents and Settings\kris\My Documents\MSInfo6.mdi
[2012.02.21 22:25:58 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.02.17 09:06:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012.02.17 09:06:27 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.02.17 09:06:27 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.02.17 09:06:27 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.02.17 09:06:27 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.02.15 15:33:45 | 000,245,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.15 11:01:30 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.02.15 11:01:30 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.02.14 11:07:50 | 000,086,645 | ---- | M] () -- C:\Documents and Settings\kris\My Documents\426250_10150533639031470_96585976469_9278192_103742443_n.jpg
[2012.02.11 10:06:55 | 000,001,696 | ---- | M] () -- C:\WINDOWS\Ky5s96SF.csa
[2012.02.09 08:38:30 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero ShowTime CE.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\kris\My Documents\*.tmp files -> C:\Documents and Settings\kris\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.03.07 08:49:58 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\bProtector.job
[2012.02.28 13:28:15 | 000,790,520 | ---- | C] () -- C:\WINDOWS\System32\protector.dll
[2012.02.28 13:26:11 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\kris\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012.02.28 13:26:11 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk
[2012.02.28 10:25:49 | 010,013,205 | ---- | C] () -- C:\Documents and Settings\kris\Desktop\strano miks.mp3
[2012.02.23 23:59:16 | 000,393,662 | ---- | C] () -- C:\Documents and Settings\kris\My Documents\MSInfo6.mdi
[2012.02.15 10:49:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.15 10:49:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012.02.14 11:07:50 | 000,086,645 | ---- | C] () -- C:\Documents and Settings\kris\My Documents\426250_10150533639031470_96585976469_9278192_103742443_n.jpg
[2012.02.09 08:38:30 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero ShowTime CE.lnk
[2011.12.03 18:28:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\457420fe37323c3b17516796486456dc_c
[2011.12.03 12:03:59 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2011.12.01 23:34:28 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011.10.23 12:49:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011.09.20 17:08:03 | 010,399,995 | ---- | C] () -- C:\Program Files\aimp_3.00.832_beta_1.zip
[2011.09.03 19:36:02 | 004,676,944 | ---- | C] () -- C:\Program Files\a3gpset.exe
[2011.08.25 21:51:22 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2011.08.17 19:37:16 | 000,000,670 | ---- | C] () -- C:\Program Files\Autorun Eater.lnk
========== Alternate Data Streams ==========
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F036C20D
< End of report >
|
|
|
|
|
Poslao: 08 Mar 2012 16:31
|
offline
- Pridružio: 21 Avg 2011
- Poruke: 44
|
Napisano: 08 Mar 2012 16:30
Otvorila sam google hrome ali u listi koju mi je izbacio ne nalazi se bandoo plugin.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\Yandex\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\Moikrug\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\Yandex\ deleted successfully.
OTL by OldTimer - Version 3.2.35.1 log created on 03072012_152420
Posle ponovnog skeniranja rezultat:
OTL logfile created on: 7.3.2012 15:26:01 - Run 4
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\kris\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000081A | Country: Serbia and Montenegro | Language: SRL | Date Format: d.M.yyyy
511,53 Mb Total Physical Memory | 210,88 Mb Available Physical Memory | 41,23% Memory free
1,22 Gb Paging File | 0,87 Gb Available in Paging File | 71,28% Paging File free
Paging file location(s): C:\pagefile.sys 766 766 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,27 Gb Total Space | 14,41 Gb Free Space | 38,66% Space Free | Partition Type: NTFS
Drive D: | 19,52 Gb Total Space | 14,66 Gb Free Space | 75,09% Space Free | Partition Type: FAT32
Drive E: | 19,52 Gb Total Space | 2,23 Gb Free Space | 11,41% Space Free | Partition Type: FAT32
Computer Name: LAV | User Name: kris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.03.06 12:49:03 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kris\Desktop\OTL.exe
PRC - [2012.02.28 13:28:15 | 000,773,624 | ---- | M] (bProtector) -- C:\Documents and Settings\All Users\Application Data\bProtector\bProtect.exe
PRC - [2012.02.09 08:11:59 | 000,648,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2012.01.27 18:07:06 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.05.06 18:09:06 | 000,415,638 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2010.05.06 17:59:36 | 000,516,216 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2008.04.14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.05.12 11:16:50 | 000,072,704 | ---- | M] (Autodata Limited) -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (No Company Name) ==========
MOD - [2012.03.08 10:43:14 | 001,721,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12030800\algo.dll
MOD - [2012.03.07 19:10:33 | 001,721,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12030701\algo.dll
MOD - [2012.02.28 13:28:15 | 000,790,520 | ---- | M] () -- C:\WINDOWS\system32\protector.dll
MOD - [2012.02.21 22:25:58 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012.02.28 13:28:15 | 000,773,624 | ---- | M] (bProtector) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\bProtector\bProtect.exe -- (bProtector)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2006.05.12 11:16:50 | 000,072,704 | ---- | M] (Autodata Limited) [Auto | Running] -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.11.28 18:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008.04.13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.05.11 02:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.05.09 00:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.03.05 05:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.03.05 04:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.03.05 04:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 04:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007.03.05 04:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 04:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2006.11.21 21:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004.06.29 08:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003.07.02 03:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [1997.04.22 09:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = search.babylon.com/?AF=110395&babsrc=HP_ss&.....0c6ee9581e
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = search.babylon.com/?q={searchTerms}&AF=110395&babsrc=SP_ss&mntrId=40c1963a000000000000000c6ee9581e
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2012.03.07 08:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions
[2011.10.26 20:20:39 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\kris\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
========== Chrome ==========
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Bandoo (Enabled) = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Gmail = C:\Documents and Settings\kris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2011.08.23 16:56:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - Startup: C:\Documents and Settings\kris\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CC2F0DC-81BF-46A0-A12B-AD3211653A78}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (protector.dll) - C:\WINDOWS\System32\protector.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\kris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.30 15:09:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.08.24 15:58:34 | 000,000,000 | ---D | M] - E:\Autorun Eater -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.03.06 22:13:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.06 14:33:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\kris\Recent
[2012.03.06 12:49:03 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kris\Desktop\OTL.exe
[2012.03.04 15:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.03 16:26:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kris\My Documents\My Videos
[2012.03.01 12:44:29 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.03.01 12:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Pro Antivirus
[2012.03.01 12:44:28 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.03.01 12:44:25 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.03.01 12:44:25 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.03.01 12:44:24 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.03.01 12:44:24 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.03.01 12:44:24 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.03.01 12:44:23 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.03.01 12:43:44 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.03.01 12:43:42 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.02.28 13:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bProtector
[2012.02.28 13:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\My Documents\GomPlayer
[2012.02.28 13:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\Application Data\GRETECH
[2012.02.28 13:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GOM Player
[2012.02.28 13:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2012.02.17 09:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.02.17 09:07:16 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.02.17 09:07:15 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.02.17 09:07:14 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.02.17 09:07:14 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.02.17 09:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.02.09 08:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\kris\My Documents\*.tmp files -> C:\Documents and Settings\kris\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.03.07 15:30:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\bProtector.job
[2012.03.07 15:20:02 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.07 15:17:33 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A1E99903-C1FC-4CE3-897C-BE97562A6A91}.job
[2012.03.07 15:14:59 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.07 15:14:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.07 15:14:35 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.07 12:24:14 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012.03.07 11:19:13 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.03.07 11:18:13 | 000,207,872 | ---- | M] () -- C:\Documents and Settings\kris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.07 10:11:26 | 000,000,119 | ---- | M] () -- C:\Documents and Settings\kris\default.pls
[2012.03.06 22:05:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.06 12:49:03 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kris\Desktop\OTL.exe
[2012.03.01 12:44:24 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.02.28 13:28:15 | 000,790,520 | ---- | M] () -- C:\WINDOWS\System32\protector.dll
[2012.02.28 13:26:11 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\kris\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012.02.28 13:26:11 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk
[2012.02.28 10:26:14 | 010,013,205 | ---- | M] () -- C:\Documents and Settings\kris\Desktop\strano miks.mp3
[2012.02.23 23:59:17 | 000,393,662 | ---- | M] () -- C:\Documents and Settings\kris\My Documents\MSInfo6.mdi
[2012.02.21 22:25:58 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.02.17 09:06:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012.02.17 09:06:27 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.02.17 09:06:27 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.02.17 09:06:27 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.02.17 09:06:27 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.02.15 15:33:45 | 000,245,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.15 11:01:30 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.02.15 11:01:30 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.02.14 11:07:50 | 000,086,645 | ---- | M] () -- C:\Documents and Settings\kris\My Documents\426250_10150533639031470_96585976469_9278192_103742443_n.jpg
[2012.02.11 10:06:55 | 000,001,696 | ---- | M] () -- C:\WINDOWS\Ky5s96SF.csa
[2012.02.09 08:38:30 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero ShowTime CE.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\kris\My Documents\*.tmp files -> C:\Documents and Settings\kris\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.03.07 08:49:58 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\bProtector.job
[2012.02.28 13:28:15 | 000,790,520 | ---- | C] () -- C:\WINDOWS\System32\protector.dll
[2012.02.28 13:26:11 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\kris\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012.02.28 13:26:11 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk
[2012.02.28 10:25:49 | 010,013,205 | ---- | C] () -- C:\Documents and Settings\kris\Desktop\strano miks.mp3
[2012.02.23 23:59:16 | 000,393,662 | ---- | C] () -- C:\Documents and Settings\kris\My Documents\MSInfo6.mdi
[2012.02.15 10:49:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.15 10:49:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012.02.14 11:07:50 | 000,086,645 | ---- | C] () -- C:\Documents and Settings\kris\My Documents\426250_10150533639031470_96585976469_9278192_103742443_n.jpg
[2012.02.09 08:38:30 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero ShowTime CE.lnk
[2011.12.03 18:28:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\457420fe37323c3b17516796486456dc_c
[2011.12.03 12:03:59 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2011.12.01 23:34:28 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011.10.23 12:49:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011.09.20 17:08:03 | 010,399,995 | ---- | C] () -- C:\Program Files\aimp_3.00.832_beta_1.zip
[2011.09.03 19:36:02 | 004,676,944 | ---- | C] () -- C:\Program Files\a3gpset.exe
[2011.08.25 21:51:22 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2011.08.17 19:37:16 | 000,000,670 | ---- | C] () -- C:\Program Files\Autorun Eater.lnk
========== Alternate Data Streams ==========
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F036C20D
< End of report >
Dopuna: 08 Mar 2012 16:31
Sistem radi dobro, kao da je sve u redu.
|
|
|
|
|