I meni sporo radi kompjuter - sporo otvara programe, sporo ulazi na internet, sporo se pali, odjednom se zakoci i par minuta ne mogu nista da uradim.. Jel moze neko da pomogne? Smile

Poslao sam ti privatnu poruku da otvoriš temu po uputstvu.
To uputstvo ću linkovati i ovde:

Postavi neophodne izveštaje.

Pokusacu da sve uradim kako treba Smile

Prvo, kada upalim kompjuter moram dugo da cekam da bi otvorila bilo koji program, internet sporije radi nego ranije, nekad odjednom sve sto radim stane i moram da cekam par minuta da bi se ponovo pokrenulo..

Pisalo mi je i da mi je puna memorija kad pokusavam da instaliram bilo koji program, i obrisala sam sve osim bas neophodnih programa i i dalje je isto.

Internet je ADSL EchoLife HG520c - 512 Kb/s.


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_30
Run by Administrator at 19:43:59 on 2012-01-11
============== Running Processes ===============
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2776682
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBrot.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBrot.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBrot.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [PicPick Start] c:\program files\picpick\picpick.exe
uRun: [Octoshape Streaming Services] "c:\documents and settings\administrator\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [MediaGet2] c:\documents and settings\administrator\local settings\application data\mediaget2\mediaget.exe --minimized
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\9.0"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RelevantKnowledge] c:\program files\relevantknowledge\rlvknlg.exe -boot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office12\GROOVE.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer =
TCP: Interfaces\{2BBDE495-9CAE-4919-B0F6-F553E882D0CE} : DhcpNameServer =
TCP: Interfaces\{354EF685-314D-4ABC-9DA0-9072FC4404BB} : DhcpNameServer =
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
LSA: Authentication Packages = msv1_0 nwprovau
================= FIREFOX ===================
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\v1g2r4lh.default\
FF - plugin: c:\docume~1\admini~1\applic~1\powerc~1\nppowerloader.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2012-01-06 14:50:00 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-01-06 14:49:52 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-01-06 11:59:05 -------- d-----w- c:\program files\Nextus
2012-01-04 15:01:27 -------- d-----w- c:\program files\Barbie(R) idesign(TM) Ultimate Stylist(TM)
2011-12-28 20:41:19 99328 ----a-w- c:\windows\system32\srusd.dll
2011-12-28 20:41:19 71680 ----a-w- c:\windows\system32\fnfilter.dll
2011-12-28 20:41:19 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-12-19 17:43:58 -------- d-----w- c:\documents and settings\administrator\application data\EurekaLog
2011-12-19 17:02:52 -------- d-----w- c:\program files\RelevantKnowledge
2011-12-19 17:01:56 -------- d-----w- c:\program files\Chit Chat For Facebook
==================== Find3M ====================
2011-11-10 04:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 02:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
============= FINISH: 19:44:24,04 ===============





Nadam se da sam sve dobro uradila, ako treba jos nesto recite Smile

Arrow Deinstaliraj sve programe koje ne koristiš, a naročito nepotrebne toolbarove (Ask Toolbar, Conduit Engine, BrotherSoft, uTorrentBar Toolbar...).

Obavezno deinstaliraj RelevantKnowledge.

Arrow Preuzmi program OTL sa donjeg linka na Desktop:

OTL download
Klikni dati link - u prozoru koji se otvori, kliknite Save;
kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.

Dvoklikom pokreni OTL;

klikni Run Scan;

po završetku skeniranja, izveštaj (koji će biti automatski sačuvan na Desktop-u kao OTL.Txt) će se otvoriti u Notepad-u.

Priloži izveštaj OTL.Txt uz poruku korišćenjem opcije Prikači fajl.

RelevantKnowledge deinstaliran Smile


OTL logfile created on: 12.1.2012 11:25:46 - Run 1
OTL by OldTimer - Version Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000081A | Country: Serbia and Montenegro | Language: SRL | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,11% Memory free
3,85 Gb Paging File | 3,00 Gb Available in Paging File | 77,87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 4,14 Gb Free Space | 10,59% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 67,84 Gb Free Space | 61,68% Space Free | Partition Type: NTFS

Computer Name: XXX-AD749C3C69B | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.12 11:25:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011.12.21 09:08:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.11.01 11:36:25 | 008,355,840 | ---- | M] (MediaGet LLC) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\mediaget.exe
PRC - [2011.09.10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011.09.09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011.08.23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.08.18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.07.11 22:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011.05.23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011.03.28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011.03.16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011.03.09 18:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011.02.08 04:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010.08.05 07:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009.02.28 19:40:38 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009.02.16 09:55:38 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009.01.08 14:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2005.10.15 05:37:16 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011.12.21 09:08:35 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.12.03 19:54:11 | 000,081,920 | ---- | M] () -- C:\Program Files\NCH Software\ExpressZip\ezcm.dll
MOD - [2011.07.07 16:42:10 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.05.05 09:46:46 | 002,293,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\QtCore4.dll
MOD - [2011.03.30 11:48:38 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\imageformats\qmng4.dll
MOD - [2011.03.30 11:48:22 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\imageformats\qgif4.dll
MOD - [2011.03.30 11:48:14 | 000,196,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\imageformats\qjpeg4.dll
MOD - [2011.03.30 08:31:28 | 000,266,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\phonon4.dll
MOD - [2011.03.30 08:16:34 | 008,173,568 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\QtGui4.dll
MOD - [2011.03.30 07:59:26 | 000,971,776 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\QtNetwork4.dll
MOD - [2011.03.30 07:57:58 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\QtXml4.dll
MOD - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010.02.05 19:40:58 | 001,291,264 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2004.08.03 20:56:44 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004.08.03 20:56:44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004.01.22 18:36:28 | 000,120,832 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WZCSVC)
SRV - File not found [Auto | Stopped] -- -- (SSHNAS)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - [2011.09.01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.03.09 18:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.08.05 07:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

========== Driver Services (SafeList) ==========

DRV - [2011.05.27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.18 10:53:06 | 000,016,376 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2011.03.16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010.07.12 03:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010.07.12 03:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010.02.11 13:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.09.04 06:46:07 | 000,045,056 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009.02.28 19:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/03/21 08:27:36] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.02.12 14:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2008.10.31 04:38:08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.07.30 06:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2007.09.19 14:44:46 | 000,101,504 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2004.08.03 23:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004.08.03 19:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2001.08.23 12:30:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.08.23 12:30:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = search.conduit.com/?SearchSource=10&ctid=CT2776682
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\DOCUME~1\ADMINI~1\APPLIC~1\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011.05.03 17:30:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011.12.23 19:19:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.11 20:23:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.11 20:40:54 | 000,000,000 | ---D | M]

[2011.11.28 23:58:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011.11.29 10:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tloua1e1.default\extensions
[2011.11.29 10:01:27 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tloua1e1.default\extensions\toolbar@ask.com
[2012.01.11 20:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v1g2r4lh.default\extensions
[2012.01.11 20:26:41 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v1g2r4lh.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2012.01.11 20:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.21 09:08:35 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.21 06:46:10 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011.06.05 13:54:39 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.12.21 06:34:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:46:10 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011.12.21 06:46:10 | 000,002,782 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pogodakyu.xml
[2011.12.21 06:46:10 | 000,002,421 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vokabular.xml
[2011.12.21 06:46:10 | 000,001,333 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sr.xml

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18776
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.1_0\BabylonChromePI.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\\plugins/avgnpss.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\\
CHR - Extension: uTorrentBar = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\\
CHR - Extension: Picnik = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\\
CHR - Extension: Picasa = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\
CHR - Extension: Psykopaint = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\\

O1 HOSTS File: ([2001.08.23 12:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [MediaGet2] C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\mediaget.exe (MediaGet LLC)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BBDE495-9CAE-4919-B0F6-F553E882D0CE}: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{354EF685-314D-4ABC-9DA0-9072FC4404BB}: DhcpNameServer =
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.03.18 09:54:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.09.05 12:56:22 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{7eeb267a-abbc-11e0-9bf2-001d7d9a1ca0}\Shell\AutoRun\command - "" = K:\RunClubSanDisk.exe
O33 - MountPoints2\{db95900d-5146-11e0-9b0c-001d7d9a1ca0}\Shell\AutoRun\command - "" = uONybV.exe
O33 - MountPoints2\{db95900d-5146-11e0-9b0c-001d7d9a1ca0}\Shell\open\coMMAnd - "" = UOnyBv.eXe
O33 - MountPoints2\{f1e0c34c-1a6b-11e1-9c82-002522bb81d7}\Shell\AutoRun\command - "" = J:\ActivateWarranty(JF).exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.01.12 11:25:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.01.12 09:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\CyberLink PowerDVD 9
[2012.01.11 20:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Solid State Networks
[2012.01.11 19:43:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012.01.11 19:43:28 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.pif
[2012.01.11 19:43:22 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.com
[2012.01.11 19:43:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012.01.06 20:29:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.01.06 20:29:26 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.01.06 20:29:26 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.01.06 12:59:05 | 000,000,000 | ---D | C] -- C:\Program Files\Nextus
[2012.01.06 12:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Frontype
[2012.01.04 16:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\Barbie(R) idesign(TM) Ultimate Stylist(TM)
[2011.12.28 21:41:19 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srusd.dll
[2011.12.28 21:41:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fnfilter.dll
[2011.12.21 20:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2011.12.19 18:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\EurekaLog
[2011.12.19 18:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\RelevantKnowledge
[2011.12.19 18:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Chit Chat For Facebook
[2005.12.17 23:54:50 | 000,060,190 | ---- | C] ( ) -- C:\WINDOWS\System32\modifype.com
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.01.12 11:25:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.01.12 11:11:00 | 000,000,262 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2012.01.12 11:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.01.12 11:00:00 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2012.01.12 10:49:00 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-920026266-725345543-500UA.job
[2012.01.12 09:52:07 | 142,842,249 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012.01.12 09:44:00 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2012.01.12 09:16:34 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012.01.12 09:15:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.11 22:49:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-920026266-725345543-500Core.job
[2012.01.11 20:40:55 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012.01.11 20:22:00 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.01.11 20:22:00 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012.01.11 19:47:06 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\r8ndtu61.exe
[2012.01.11 19:43:29 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.pif
[2012.01.11 19:43:24 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.com
[2012.01.11 19:43:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012.01.11 19:25:46 | 000,033,099 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\firewall 3.JPG
[2012.01.11 19:01:47 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Administrator.job
[2012.01.11 19:00:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012.01.11 17:57:19 | 000,010,698 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\firewall 2.JPG
[2012.01.11 17:56:10 | 000,016,744 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\firewall 1.JPG
[2012.01.11 17:52:35 | 000,620,694 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2012.01.11 17:51:58 | 000,156,020 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012.01.11 17:41:26 | 000,008,681 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fff.JPG
[2012.01.11 17:37:08 | 000,051,420 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\canonG7_frontback.jpg
[2012.01.10 23:37:11 | 000,028,323 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\385796_154180621349665_100002731853578_177336_1737391810_n.jpg
[2012.01.10 00:05:56 | 000,001,529 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2012.01.08 15:54:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.07 13:49:56 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012.01.07 13:49:56 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.01.06 13:17:01 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\expresszipShakeIcon.job
[2012.01.02 13:24:13 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\videopadDowngrade.job
[2012.01.01 21:41:20 | 000,095,052 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sasa-Docek-Tuzla-771.jpg
[2012.01.01 20:40:37 | 000,050,514 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\402554_2345875732793_1427024101_31821613_850238557_n.jpg
[2011.12.31 20:48:22 | 012,076,407 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Kalashnikov.mp3
[2011.12.30 16:49:08 | 000,043,911 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\397477_166623030105424_100002731853578_203210_356410362_n.jpg
[2011.12.30 16:49:04 | 000,040,701 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\396455_336465126380908_100000522706795_1267456_1326506802_n.jpg
[2011.12.25 19:48:39 | 000,804,623 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\page.jpg
[2011.12.21 22:29:07 | 000,357,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Salence.jpg
[2011.12.21 22:21:57 | 000,011,264 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\photothumb.db
[2011.12.19 13:27:50 | 000,003,788 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.19 13:22:51 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2011.12.15 22:41:15 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.13 13:07:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.11 20:40:55 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012.01.11 20:40:55 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012.01.11 20:22:00 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012.01.11 19:47:06 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\r8ndtu61.exe
[2012.01.11 19:25:46 | 000,033,099 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\firewall 3.JPG
[2012.01.11 17:57:19 | 000,010,698 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\firewall 2.JPG
[2012.01.11 17:56:10 | 000,016,744 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\firewall 1.JPG
[2012.01.11 17:41:26 | 000,008,681 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\fff.JPG
[2012.01.11 17:37:07 | 000,051,420 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\canonG7_frontback.jpg
[2012.01.10 23:37:10 | 000,028,323 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\385796_154180621349665_100002731853578_177336_1737391810_n.jpg
[2012.01.10 00:05:56 | 000,001,529 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2012.01.06 13:16:58 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\expresszipShakeIcon.job
[2012.01.01 21:41:23 | 000,095,052 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sasa-Docek-Tuzla-771.jpg
[2012.01.01 20:40:43 | 000,050,514 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\402554_2345875732793_1427024101_31821613_850238557_n.jpg
[2011.12.31 20:50:51 | 012,076,407 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Kalashnikov.mp3
[2011.12.30 16:49:09 | 000,043,911 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\397477_166623030105424_100002731853578_203210_356410362_n.jpg
[2011.12.30 16:49:06 | 000,040,701 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\396455_336465126380908_100000522706795_1267456_1326506802_n.jpg
[2011.12.25 19:46:00 | 000,804,623 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\page.jpg
[2011.12.21 22:29:07 | 000,357,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Salence.jpg
[2011.12.21 22:21:07 | 000,011,264 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\photothumb.db
[2011.12.19 13:22:48 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2011.12.19 13:21:13 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\videopadDowngrade.job
[2011.12.04 23:32:44 | 000,364,718 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011.10.06 13:46:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.07.23 20:10:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.07.14 22:44:17 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2011.06.03 15:54:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2011.05.19 18:51:10 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\AVGAM.EXE
[2011.05.14 14:18:15 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\impborl.dll
[2011.04.27 18:11:18 | 000,079,572 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.04.25 12:17:52 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2011.04.25 12:17:49 | 000,000,096 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2011.04.03 22:05:18 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.03.22 21:26:27 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.21 08:37:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.03.21 08:16:01 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.03.21 08:16:01 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2011.03.21 08:16:01 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.03.21 08:16:01 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2011.03.21 08:16:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2011.03.18 22:32:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.03.18 22:29:30 | 003,580,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.03.18 10:52:00 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011.03.18 09:54:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.06.10 18:33:00 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009.06.10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.06.10 08:29:34 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009.06.10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.06.10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.06.10 08:29:34 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009.06.10 08:29:34 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009.06.10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.09.12 22:54:48 | 000,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006.03.26 04:49:38 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\CabTool.exe
[2006.02.26 15:47:48 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2006.01.28 00:26:52 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\Metapath.exe
[2006.01.23 10:22:02 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\Startup.exe
[2005.12.16 17:24:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\MemTest.EXE
[2005.12.10 00:43:36 | 000,345,600 | ---- | C] () -- C:\WINDOWS\System32\SAFEXP.EXE
[2005.11.26 05:43:40 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\Notepad2.EXE
[2005.11.22 10:03:56 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\modifyPE.exe
[2005.11.22 04:19:24 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\makecab.exe
[2005.11.22 04:19:22 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2005.11.22 04:19:18 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2005.07.14 21:57:33 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004.08.03 21:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.02 10:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003.01.07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.08.23 12:30:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 12:30:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 12:30:00 | 000,454,786 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 12:30:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 12:30:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 12:30:00 | 000,120,947 | ---- | C] () -- C:\WINDOWS\System32\FlushCode.exe
[2001.08.23 12:30:00 | 000,070,444 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 12:30:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2001.08.23 12:30:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 12:30:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 12:30:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== Files - Unicode (All) ==========
[2012.01.12 11:25:20 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\My Documents\???????) -- C:\Documents and Settings\Administrator\My Documents\Пријеми
[2011.12.09 00:39:06 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\My Documents\???????) -- C:\Documents and Settings\Administrator\My Documents\Пријеми

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:EC2E1DEC
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:49D0764C
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1

< End of report >

Arrow Ponovo pokreni program OTL dvoklikom na ikonicu;

U beli okvir prozora gde piše Custom Scans/Fixes iskopirati sledeći tekst:

SRV - File not found [Auto | Stopped] --  -- (SSHNAS)
O33 - MountPoints2\{db95900d-5146-11e0-9b0c-001d7d9a1ca0}\Shell\AutoRun\command - "" = uONybV.exe
O33 - MountPoints2\{db95900d-5146-11e0-9b0c-001d7d9a1ca0}\Shell\open\coMMAnd - "" = UOnyBv.eXe

C:\Program Files\RelevantKnowledge


Arrow Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).
Klikni taster Run Fix;

Log koji dobiješ iskopiraj ovde u poruci.

Kad pokusam da pokrenem Malwarebytes Anti-Malware ovo se pojavi :/

Prekopiraj instalacionu datoteku na neku drugu lokaciju (npr. Desktop ili drugu particiju) i pokušaj da instaliraš program.

Ukoliko ni tako neće da se instalira, opet preuzmi program po uputstvu (može biti da je, iz nekog razloga, neuspešan ili oštećen download datoteke) i sačuvaj na Desktop.

Okači neophodan log Smile

Malwarebytes Anti-Malware (Proba)

Verzija baze: v2012.01.13.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Administrator :: XXX-AD749C3C69B [administrator]

Zaštita: Omogućena

13.1.2012 13:12:24
mbam-log-2012-01-13 (13-12-24).txt

Način skeniranja: Brzo skeniranje
Omogućene opcije skeniranja: Memorija | Automatsko pokretanje | Registar | Datotečni sistem | Heuristika/Dodatno | Heuristika/Shuriken | PUP | PUM
Onemogućene opcije skeniranja: P2P
Skeniranih objekata 171913
Proteklo vreme 9 minuta(e), 8 sekundi

Detektovani procesi u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani moduli u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani ključevi u registru: 3
HKCU\Software\Microsoft\idgbn5xehg (Malware.Trace) -> Stavljeno u karantin i uspešno obrisano
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Stavljeno u karantin i uspešno obrisano
HKLM\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Stavljeno u karantin i uspešno obrisano

Detektovane vrednosti u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovani podaci u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovane fascikle: 0
(Maliciozne stavke nisu pronađene)

Detektovane datoteke: 6
C:\Documents and Settings\Administrator\My Documents\Downloads\cnet2_CNET_TechTracker_Setup_exe (1).exe (PUP.CNET.Adware.Bundle) -> Nikakva akcija nije poduzeta.
C:\Documents and Settings\Administrator\My Documents\Downloads\cnet2_CNET_TechTracker_Setup_exe.exe (PUP.CNET.Adware.Bundle) -> Nikakva akcija nije poduzeta.
C:\Documents and Settings\Administrator\Local Settings\Temp\FH\extension.exe (PUP.Soge) -> Nikakva akcija nije poduzeta.
C:\Documents and Settings\Administrator\My Documents\Downloads\CCFFacebookSetup-v1.454.exe (Adware.RKN) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job (Trojan.FraudPack) -> Stavljeno u karantin i uspešno obrisano


Evo Very Happy

Arrow Pobriši ručno sledeći folder: C:\Program Files\RelevantKnowledge

Znači, dva puta klikneš na My Computer, pa na disk C, pa Program Files, označiš folder RelevantKnowledge i pritisneš taster Delete na tastaturi (i potvrdiš sa Yes brisanje)

Arrow Nakon što to uradiš: opet pokreni program OTL
klikni Run Scan;

po završetku skeniranja, izveštaj (koji će biti automatski sačuvan na Desktop-u kao OTL.Txt) će se otvoriti u Notepad-u.

Priloži izveštaj OTL.Txt uz poruku korišćenjem opcije Prikači fajl.

