Vec je obrisan.. Evo Smile

OTL logfile created on: 16.1.2012 1:28:26 - Run 2
OTL by OldTimer - Version Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000081A | Country: Serbia and Montenegro | Language: SRL | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,58% Memory free
3,85 Gb Paging File | 3,01 Gb Available in Paging File | 78,17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 3,70 Gb Free Space | 9,48% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 67,84 Gb Free Space | 61,68% Space Free | Partition Type: NTFS
Drive E: | 1,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: XXX-AD749C3C69B | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.12 11:25:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.21 09:08:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.11.01 11:36:25 | 008,355,840 | ---- | M] (MediaGet LLC) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\mediaget.exe
PRC - [2011.09.10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011.09.09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011.08.23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.08.18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.07.11 22:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011.05.23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011.03.28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011.03.16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011.03.09 18:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011.02.08 04:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010.08.05 07:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009.02.28 19:40:38 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009.02.16 09:55:38 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009.01.08 14:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2005.10.15 05:37:16 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011.12.21 09:08:35 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.12.03 19:54:11 | 000,081,920 | ---- | M] () -- C:\Program Files\NCH Software\ExpressZip\ezcm.dll
MOD - [2011.07.07 16:42:10 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.05.05 09:46:46 | 002,293,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\QtCore4.dll
MOD - [2011.03.30 11:48:38 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\imageformats\qmng4.dll
MOD - [2011.03.30 11:48:22 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\imageformats\qgif4.dll
MOD - [2011.03.30 11:48:14 | 000,196,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\imageformats\qjpeg4.dll
MOD - [2011.03.30 08:31:28 | 000,266,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\phonon4.dll
MOD - [2011.03.30 08:16:34 | 008,173,568 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\QtGui4.dll
MOD - [2011.03.30 07:59:26 | 000,971,776 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\QtNetwork4.dll
MOD - [2011.03.30 07:57:58 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\QtXml4.dll
MOD - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010.02.05 19:40:58 | 001,291,264 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009.06.10 08:29:34 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008.09.02 12:29:52 | 000,098,304 | ---- | M] () -- C:\Program Files\Photo!\Photo! Editor\IvBar\ivbshlext.dll
MOD - [2008.09.01 21:39:06 | 000,804,352 | ---- | M] () -- C:\Program Files\Photo!\Photo! Editor\IvBar\locs.dll
MOD - [2004.08.03 20:56:44 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004.08.03 20:56:44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004.01.22 18:36:28 | 000,120,832 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WZCSVC)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.09.01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.03.09 18:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.08.05 07:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

========== Driver Services (SafeList) ==========

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.05.27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.18 10:53:06 | 000,016,376 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2011.03.16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010.07.12 03:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010.07.12 03:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010.02.11 13:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.09.04 06:46:07 | 000,045,056 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009.02.28 19:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/03/21 08:27:36] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.02.12 14:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2008.10.31 04:38:08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.07.30 06:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2007.09.19 14:44:46 | 000,101,504 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2004.08.03 23:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004.08.03 19:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2001.08.23 12:30:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.08.23 12:30:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = search.conduit.com/?SearchSource=10&ctid=CT2776682
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\DOCUME~1\ADMINI~1\APPLIC~1\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011.05.03 17:30:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011.12.23 19:19:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.11 20:23:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.11 20:40:54 | 000,000,000 | ---D | M]

[2011.11.28 23:58:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011.11.29 10:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tloua1e1.default\extensions
[2011.11.29 10:01:27 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tloua1e1.default\extensions\toolbar@ask.com
[2012.01.11 20:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v1g2r4lh.default\extensions
[2012.01.11 20:26:41 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v1g2r4lh.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2012.01.11 20:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.21 09:08:35 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.21 06:46:10 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011.06.05 13:54:39 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.12.21 06:34:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:46:10 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011.12.21 06:46:10 | 000,002,782 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pogodakyu.xml
[2011.12.21 06:46:10 | 000,002,421 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vokabular.xml
[2011.12.21 06:46:10 | 000,001,333 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sr.xml

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18776
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.1_0\BabylonChromePI.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\\plugins/avgnpss.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\\
CHR - Extension: uTorrentBar = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\\
CHR - Extension: Picnik = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\\
CHR - Extension: Picasa = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\
CHR - Extension: Psykopaint = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\\

O1 HOSTS File: ([2001.08.23 12:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [MediaGet2] C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaGet2\mediaget.exe (MediaGet LLC)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BBDE495-9CAE-4919-B0F6-F553E882D0CE}: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{354EF685-314D-4ABC-9DA0-9072FC4404BB}: DhcpNameServer =
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.03.18 09:54:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.09.05 12:56:22 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{1d0074e0-f01a-11e0-9c52-aab69042e5d5}\Shell\open\command - "" = C:\WINDOWS\Explorer.exe -- [2005.10.15 05:37:16 | 001,032,192 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{7eeb267a-abbc-11e0-9bf2-001d7d9a1ca0}\Shell\AutoRun\command - "" = K:\RunClubSanDisk.exe
O33 - MountPoints2\{875efab7-51a4-11e0-b9a4-806d6172696f}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2008.04.14 04:42:42 | 000,028,672 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{db95900d-5146-11e0-9b0c-001d7d9a1ca0}\Shell\AutoRun\command - "" = uONybV.exe
O33 - MountPoints2\{db95900d-5146-11e0-9b0c-001d7d9a1ca0}\Shell\open\coMMAnd - "" = UOnyBv.eXe
O33 - MountPoints2\{f1e0c34c-1a6b-11e1-9c82-002522bb81d7}\Shell\AutoRun\command - "" = J:\ActivateWarranty(JF).exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.01.15 12:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\CyberLink PowerDVD 9
[2012.01.14 15:20:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.13 13:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012.01.13 13:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.13 13:07:44 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.13 13:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.13 13:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.01.13 11:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\dd
[2012.01.13 00:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Photo!
[2012.01.13 00:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\Photo!
[2012.01.13 00:11:40 | 008,161,357 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\peditorinst.exe
[2012.01.12 23:00:33 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-
[2012.01.12 11:25:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.01.11 20:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Solid State Networks
[2012.01.11 19:43:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012.01.11 19:43:28 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.pif
[2012.01.11 19:43:22 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.com
[2012.01.11 19:43:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012.01.06 20:29:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.01.06 20:29:26 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.01.06 20:29:26 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.01.06 12:59:05 | 000,000,000 | ---D | C] -- C:\Program Files\Nextus
[2012.01.06 12:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Frontype
[2012.01.04 16:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\Barbie(R) idesign(TM) Ultimate Stylist(TM)
[2011.12.28 21:41:19 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srusd.dll
[2011.12.28 21:41:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fnfilter.dll
[2011.12.21 20:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2011.12.19 18:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\EurekaLog
[2011.12.19 18:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Chit Chat For Facebook
[2005.12.17 23:54:50 | 000,060,190 | ---- | C] ( ) -- C:\WINDOWS\System32\modifype.com
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.01.16 01:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.01.16 00:49:00 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-920026266-725345543-500UA.job
[2012.01.15 23:44:00 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2012.01.15 22:49:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-920026266-725345543-500Core.job
[2012.01.15 19:00:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012.01.15 18:15:20 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Administrator.job
[2012.01.15 13:51:53 | 000,034,518 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\bljak.JPG
[2012.01.15 12:33:52 | 143,068,333 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012.01.15 12:26:28 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012.01.15 12:26:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.14 20:09:54 | 000,028,468 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\222.JPG
[2012.01.14 20:09:43 | 000,003,465 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\111.JPG
[2012.01.14 18:58:23 | 000,158,650 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012.01.13 18:06:24 | 000,620,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2012.01.13 13:07:45 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012.01.13 13:07:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.13 12:46:22 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\masks
[2012.01.13 12:39:10 | 000,191,835 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TAAZ-makeover.jpg.jpg
[2012.01.13 11:03:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.13 00:13:39 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Photo! Editor.lnk
[2012.01.13 00:12:31 | 008,161,357 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\peditorinst.exe
[2012.01.12 23:41:26 | 000,651,324 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\S6300325.jpg
[2012.01.12 23:41:26 | 000,002,873 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2012.01.12 23:06:25 | 000,009,844 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\greska.JPG
[2012.01.12 23:01:58 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-
[2012.01.12 13:16:00 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\expresszipShakeIcon.job
[2012.01.12 11:25:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.01.11 20:40:55 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012.01.11 20:22:00 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.01.11 20:22:00 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012.01.11 19:47:06 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\r8ndtu61.exe
[2012.01.11 19:43:29 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.pif
[2012.01.11 19:43:24 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.com
[2012.01.11 19:43:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012.01.11 19:25:46 | 000,033,099 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\firewall 3.JPG
[2012.01.11 17:57:19 | 000,010,698 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\firewall 2.JPG
[2012.01.11 17:56:10 | 000,016,744 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\firewall 1.JPG
[2012.01.11 17:41:26 | 000,008,681 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fff.JPG
[2012.01.11 17:37:08 | 000,051,420 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\canonG7_frontback.jpg
[2012.01.10 23:37:11 | 000,028,323 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\385796_154180621349665_100002731853578_177336_1737391810_n.jpg
[2012.01.07 13:49:56 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012.01.07 13:49:56 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.01.01 21:41:20 | 000,095,052 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sasa-Docek-Tuzla-771.jpg
[2012.01.01 20:40:37 | 000,050,514 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\402554_2345875732793_1427024101_31821613_850238557_n.jpg
[2011.12.31 20:48:22 | 012,076,407 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Kalashnikov.mp3
[2011.12.30 16:49:08 | 000,043,911 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\397477_166623030105424_100002731853578_203210_356410362_n.jpg
[2011.12.30 16:49:04 | 000,040,701 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\396455_336465126380908_100000522706795_1267456_1326506802_n.jpg
[2011.12.25 19:48:39 | 000,804,623 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\page.jpg
[2011.12.21 22:29:07 | 000,357,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Salence.jpg
[2011.12.21 22:21:57 | 000,011,264 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\photothumb.db
[2011.12.19 13:27:50 | 000,003,788 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.15 13:51:53 | 000,034,518 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\bljak.JPG
[2012.01.14 20:09:54 | 000,028,468 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\222.JPG
[2012.01.14 20:09:43 | 000,003,465 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\111.JPG
[2012.01.13 13:07:45 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012.01.13 13:07:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.13 12:46:22 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\masks
[2012.01.13 12:35:26 | 000,191,835 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TAAZ-makeover.jpg.jpg
[2012.01.13 11:11:40 | 000,388,561 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2011-05-07 18.14.13.jpg
[2012.01.13 00:13:39 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Photo! Editor.lnk
[2012.01.12 23:41:26 | 000,002,873 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2012.01.12 23:41:25 | 000,651,324 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\S6300325.jpg
[2012.01.12 23:06:25 | 000,009,844 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\greska.JPG
[2012.01.11 20:40:55 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012.01.11 20:40:55 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012.01.11 20:22:00 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012.01.11 19:47:06 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\r8ndtu61.exe
[2012.01.11 19:25:46 | 000,033,099 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\firewall 3.JPG
[2012.01.11 17:57:19 | 000,010,698 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\firewall 2.JPG
[2012.01.11 17:56:10 | 000,016,744 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\firewall 1.JPG
[2012.01.11 17:41:26 | 000,008,681 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\fff.JPG
[2012.01.11 17:37:07 | 000,051,420 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\canonG7_frontback.jpg
[2012.01.10 23:37:10 | 000,028,323 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\385796_154180621349665_100002731853578_177336_1737391810_n.jpg
[2012.01.06 13:16:58 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\expresszipShakeIcon.job
[2012.01.01 21:41:23 | 000,095,052 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sasa-Docek-Tuzla-771.jpg
[2012.01.01 20:40:43 | 000,050,514 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\402554_2345875732793_1427024101_31821613_850238557_n.jpg
[2011.12.31 20:50:51 | 012,076,407 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Kalashnikov.mp3
[2011.12.30 16:49:09 | 000,043,911 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\397477_166623030105424_100002731853578_203210_356410362_n.jpg
[2011.12.30 16:49:06 | 000,040,701 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\396455_336465126380908_100000522706795_1267456_1326506802_n.jpg
[2011.12.25 19:46:00 | 000,804,623 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\page.jpg
[2011.12.21 22:29:07 | 000,357,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Salence.jpg
[2011.12.21 22:21:07 | 000,011,264 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\photothumb.db
[2011.12.04 23:32:44 | 000,364,718 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011.10.06 13:46:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.07.23 20:10:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.07.14 22:44:17 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2011.06.03 15:54:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2011.05.19 18:51:10 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\AVGAM.EXE
[2011.05.14 14:18:15 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\impborl.dll
[2011.04.27 18:11:18 | 000,079,572 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.04.25 12:17:52 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2011.04.25 12:17:49 | 000,000,096 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2011.04.03 22:05:18 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.03.22 21:26:27 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.21 08:37:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.03.21 08:16:01 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.03.21 08:16:01 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2011.03.21 08:16:01 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.03.21 08:16:01 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2011.03.21 08:16:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2011.03.18 22:32:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.03.18 22:29:30 | 003,580,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.03.18 10:52:00 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011.03.18 09:54:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.06.10 18:33:00 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009.06.10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.06.10 08:29:34 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009.06.10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.06.10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.06.10 08:29:34 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009.06.10 08:29:34 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009.06.10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.09.12 22:54:48 | 000,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006.03.26 04:49:38 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\CabTool.exe
[2006.02.26 15:47:48 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2006.01.28 00:26:52 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\Metapath.exe
[2006.01.23 10:22:02 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\Startup.exe
[2005.12.16 17:24:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\MemTest.EXE
[2005.12.10 00:43:36 | 000,345,600 | ---- | C] () -- C:\WINDOWS\System32\SAFEXP.EXE
[2005.11.26 05:43:40 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\Notepad2.EXE
[2005.11.22 10:03:56 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\modifyPE.exe
[2005.11.22 04:19:24 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\makecab.exe
[2005.11.22 04:19:22 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2005.11.22 04:19:18 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2005.07.14 21:57:33 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004.08.03 21:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.02 10:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003.01.07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.08.23 12:30:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 12:30:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 12:30:00 | 000,454,786 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 12:30:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 12:30:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 12:30:00 | 000,120,947 | ---- | C] () -- C:\WINDOWS\System32\FlushCode.exe
[2001.08.23 12:30:00 | 000,070,444 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 12:30:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2001.08.23 12:30:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 12:30:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 12:30:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== Files - Unicode (All) ==========
[2012.01.15 15:21:34 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\My Documents\???????) -- C:\Documents and Settings\Administrator\My Documents\Пријеми
[2011.12.09 00:39:06 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\My Documents\???????) -- C:\Documents and Settings\Administrator\My Documents\Пријеми

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:EC2E1DEC
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:49D0764C
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1

< End of report >

Tvoj računar je čist, po pitanju malicioznih programa.

Da li ti je i dalje spor računar? Ukoliko računar nije brži, otvori temu u Windows potforumu.

Arrow Ponovo pokreni OTL i klikni na opciju CleanUp.

Idea Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.

Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.

Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/

Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html

Idea Takođe, poseti ovu temu da vidiš da li ti je pretraživač ranjiv i instaliraš ažurirane komponente

Exclamation Preporučujem ti da deinstaliraš sve tebi nepotrebne toolbarove. Recimo: Ask Toolbar, BrotherSoft Extreme Toolbar, Conduit Engine, RelevantKnowledge, uTorrentBar Toolbar; takođe, deinstaliraj i programe koje ne koristiš (na primer, instalirane su ti dve verzije pretraživača Opera...).

Hvala što veruješ AMF Timu. Smile

Hvala od srca! Very Happy Very Happy

