API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 10th, 2012
311
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 59.31 KB | None | 0 0
raw download clone embed print report
  1. OTL logfile created on: 9.4.2012 16:22:42 - Run 4
  2. OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\čp\Desktop
  3. Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
  4. Internet Explorer (Version = 8.0.6001.18702)
  5. Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy
  6.  
  7. 1,93 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 63,79% Memory free
  8. 3,78 Gb Paging File | 3,15 Gb Available in Paging File | 83,38% Paging File free
  9. Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
  10.  
  11. %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
  12. Drive C: | 96,12 Gb Total Space | 39,71 Gb Free Space | 41,31% Space Free | Partition Type: NTFS
  13. Drive D: | 136,76 Gb Total Space | 134,79 Gb Free Space | 98,56% Space Free | Partition Type: NTFS
  14.  
  15. Computer Name: NONE-122C813CAE | User Name: čp | Logged in as Administrator.
  16. Boot Mode: Normal | Scan Mode: Current user
  17. Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
  18.  
  19. [color=#E56717]========== Processes (SafeList) ==========[/color]
  20.  
  21. PRC - [2012.04.09 00:12:27 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\čp\Desktop\OTL.exe
  22. PRC - [2012.03.13 22:20:05 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
  23. PRC - [2012.03.13 22:20:04 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
  24. PRC - [2011.11.21 06:33:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
  25. PRC - [2011.09.08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
  26. PRC - [2011.08.15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
  27. PRC - [2010.11.30 18:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
  28. PRC - [2010.05.20 01:20:44 | 012,776,728 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
  29. PRC - [2008.11.04 11:39:20 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
  30. PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
  31.  
  32.  
  33. [color=#E56717]========== Modules (No Company Name) ==========[/color]
  34.  
  35. MOD - [2012.04.08 09:57:30 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
  36. MOD - [2012.03.13 22:20:05 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
  37. MOD - [2012.03.13 22:20:04 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
  38. MOD - [2012.02.17 18:24:45 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
  39. MOD - [2012.02.16 17:06:22 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
  40. MOD - [2012.02.16 17:04:36 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
  41. MOD - [2012.02.16 17:04:31 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
  42. MOD - [2012.02.16 17:04:28 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
  43. MOD - [2011.11.21 06:33:00 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
  44. MOD - [2011.10.13 17:28:02 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
  45. MOD - [2010.11.30 18:26:54 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
  46. MOD - [2010.11.30 18:26:52 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
  47. MOD - [2010.11.30 18:26:52 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
  48. MOD - [2010.05.20 01:20:46 | 000,077,592 | ---- | M] () -- C:\Program Files\RegCure\zlibwapi.dll
  49. MOD - [2010.05.20 01:20:44 | 012,776,728 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
  50. MOD - [2010.05.20 01:20:44 | 000,541,976 | ---- | M] () -- C:\Program Files\RegCure\AutoUpdate.dll
  51.  
  52.  
  53. [color=#E56717]========== Win32 Services (SafeList) ==========[/color]
  54.  
  55. SRV - File not found [Disabled | Unknown] -- -- (Abomlarvgnsh)
  56. SRV - [2012.04.08 09:57:30 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
  57. SRV - [2012.03.13 22:20:05 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
  58. SRV - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
  59. SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
  60. SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
  61. SRV - [2009.07.17 10:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\WINDOWS\system32\yk51x86.dll -- (yksvc)
  62. SRV - [2008.11.04 11:39:20 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
  63.  
  64.  
  65. [color=#E56717]========== Driver Services (SafeList) ==========[/color]
  66.  
  67. DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
  68. DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
  69. DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
  70. DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
  71. DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
  72. DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
  73. DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
  74. DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
  75. DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
  76. DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\P07D0~1\LOCALS~1\Temp\catchme.sys -- (catchme)
  77. DRV - [2011.10.07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
  78. DRV - [2011.10.04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
  79. DRV - [2011.09.13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
  80. DRV - [2011.08.08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
  81. DRV - [2011.07.11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
  82. DRV - [2011.07.11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
  83. DRV - [2011.07.11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
  84. DRV - [2011.07.11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
  85. DRV - [2011.06.24 21:32:28 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
  86. DRV - [2011.06.24 21:32:28 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
  87. DRV - [2011.05.13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
  88. DRV - [2011.05.13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
  89. DRV - [2011.05.13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
  90. DRV - [2011.05.13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
  91. DRV - [2010.05.03 15:50:11 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.SYS -- (AF15BDA)
  92. DRV - [2009.12.13 12:15:45 | 001,735,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
  93. DRV - [2009.07.17 10:10:00 | 000,297,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
  94. DRV - [2008.12.08 17:21:20 | 000,110,080 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
  95. DRV - [2008.12.08 17:21:20 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
  96. DRV - [2008.12.08 17:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
  97. DRV - [2008.12.08 17:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
  98. DRV - [2008.12.08 17:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
  99. DRV - [2008.12.08 17:21:20 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
  100. DRV - [2008.09.22 07:40:46 | 000,109,568 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
  101. DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
  102. DRV - [2008.03.28 12:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
  103.  
  104.  
  105. [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
  106.  
  107.  
  108. [color=#E56717]========== Internet Explorer ==========[/color]
  109.  
  110. IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  111. IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
  112.  
  113. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=100489&mntrId=e4a8e5250000000000000c60765d0ec5
  114. IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
  115. IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
  116. IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={CE62D5EC-430C-468D-B7C4-8271C4BF6D56}&mid=ab1af1860fbc47d6a7c4dd2930b9e736-0&lang=en&ds=AVG&pr=fr&d=2011-10-22 20:27:32&v=10.0.0.7&sap=dsp&q={searchTerms}
  117. IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=0&v=7.5.30.4&i=&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
  118. IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  119.  
  120. [color=#E56717]========== FireFox ==========[/color]
  121.  
  122. FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
  123. FF - prefs.js..browser.search.selectedEngine: ""
  124. FF - prefs.js..browser.startup.homepage: "http://www.google.hr/"
  125. FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
  126. FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
  127. FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
  128. FF - prefs.js..extensions.enabledItems: avg@igeared:7.007.026.001
  129. FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
  130. FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
  131. FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B795c659b-5c2f-4d89-b864-49b8a2b8c5d6%7D&mid=ab1af1860fbc47d6a7c4dd2930b9e736-0&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-22%2020%3A27%3A32&sap=ku&q="
  132.  
  133.  
  134. FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
  135. FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
  136. FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
  137. FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
  138. FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
  139. FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
  140. FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
  141. FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
  142. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
  143. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
  144. FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\čp\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
  145. FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\čp\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
  146. FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\čp\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
  147. FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\čp\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
  148. FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\čp\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
  149.  
  150. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.04.09 21:10:41 | 000,000,000 | ---D | M]
  151. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011.08.21 18:30:40 | 000,000,000 | ---D | M]
  152. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012.04.09 20:27:57 | 000,000,000 | ---D | M]
  153. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.09 21:11:25 | 000,000,000 | ---D | M]
  154. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.09 21:11:25 | 000,000,000 | ---D | M]
  155.  
  156. [2016.04.25 07:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\čp\Application Data\Mozilla\Extensions
  157. [2012.01.18 23:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\čp\Application Data\Mozilla\Firefox\Profiles\jukc4u10.default\extensions
  158. [2012.04.09 20:28:32 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\čp\Application Data\Mozilla\Firefox\Profiles\jukc4u10.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
  159. [2012.04.09 20:28:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\čp\Application Data\Mozilla\Firefox\Profiles\jukc4u10.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
  160. [2012.04.09 20:28:32 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Documents and Settings\čp\Application Data\Mozilla\Firefox\Profiles\jukc4u10.default\extensions\bbrs_002@blabbers.com
  161. [2012.04.09 20:28:32 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\čp\Application Data\Mozilla\Firefox\Profiles\jukc4u10.default\extensions\ffxtlbr@babylon.com
  162. [2011.12.02 16:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
  163. [2012.04.09 21:11:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
  164. [2012.04.09 20:27:57 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\10.0.0.7
  165. File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ÄŤP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JUKC4U10.DEFAULT\EXTENSIONS\{195A3098-0BD5-4E90-AE22-BA1C540AFD1E}
  166. [2012.04.09 21:10:41 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
  167. [2011.11.21 06:33:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
  168. [2010.09.12 16:55:40 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
  169. [2011.11.21 03:41:42 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
  170. [2012.03.13 22:20:04 | 000,003,727 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
  171. [2011.11.30 21:18:59 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
  172. [2011.11.21 03:13:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
  173. [2011.11.21 03:41:42 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
  174. [2011.11.21 03:41:42 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eudict.xml
  175. [2008.04.14 05:42:20 | 000,000,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\HOW TO DECRYPT FILES.txt
  176. [2011.11.21 03:41:42 | 000,001,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hr.xml
  177.  
  178. [color=#E56717]========== Chrome ==========[/color]
  179.  
  180. CHR - default_search_provider: Google ()
  181. CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
  182. CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
  183.  
  184. O1 HOSTS File: ([2012.04.09 00:46:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
  185. O1 - Hosts: 127.0.0.1 localhost
  186. O2 - BHO: (Chatvibes Browser Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
  187. O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
  188. O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
  189. O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
  190. O2 - BHO: (Chatvibes Browser Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
  191. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
  192. O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
  193. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
  194. O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt ()
  195. O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk.EnCiPhErEd ()
  196. O4 - Startup: C:\Documents and Settings\čp\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt ()
  197. O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  198. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
  199. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
  200. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
  201. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
  202. O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  203. O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
  204. O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
  205. O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
  206. O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
  207. O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
  208. O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
  209. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
  210. O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
  211. O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
  212. O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
  213. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FE09BA3-B3BB-496A-9864-02252E3CBF1A}: DhcpNameServer = 192.168.1.1
  214. O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
  215. O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
  216. O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
  217. O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
  218. O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
  219. O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
  220. O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  221. O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
  222. O24 - Desktop WallPaper:
  223. O24 - Desktop BackupWallPaper:
  224. O32 - HKLM CDRom: AutoRun - 1
  225. O32 - AutoRun File - [2009.12.12 06:18:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
  226. O34 - HKLM BootExecute: (autocheck autochk *)
  227. O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
  228. O35 - HKLM\..comfile [open] -- "%1" %*
  229. O35 - HKLM\..exefile [open] -- "%1" %*
  230. O37 - HKLM\...com [@ = comfile] -- "%1" %*
  231. O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  232.  
  233. NetSvcs: 6to4 - File not found
  234. NetSvcs: Ias - File not found
  235. NetSvcs: Iprip - File not found
  236. NetSvcs: Irmon - File not found
  237. NetSvcs: NWCWorkstation - File not found
  238. NetSvcs: Nwsapagent - File not found
  239. NetSvcs: WmdmPmSp - File not found
  240.  
  241. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
  242.  
  243. [2016.05.04 05:13:56 | 000,000,000 | ---D | C] -- C:\$AVG8.VAULT$
  244. [2016.05.02 06:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Room Arranger
  245. [2016.05.02 06:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Start Menu\Programs\Room Arranger
  246. [2016.04.29 05:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
  247. [2016.04.29 05:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
  248. [2016.04.26 03:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Application Data\skypePM
  249. [2016.04.26 03:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Application Data\Skype
  250. [2016.04.26 03:13:29 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
  251. [2016.04.26 03:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
  252. [2016.04.26 03:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Desktop\programi
  253. [2016.04.26 02:52:00 | 000,000,000 | ---D | C] -- C:\output
  254. [2016.04.25 23:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PhotoScape
  255. [2016.04.25 23:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
  256. [2016.04.25 23:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\My Documents\Preuzimanja
  257. [2016.04.25 22:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
  258. [2016.04.25 22:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
  259. [2016.04.25 22:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
  260. [2016.04.25 22:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
  261. [2016.04.25 07:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Local Settings\Application Data\Mozilla
  262. [2016.04.25 07:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Application Data\Mozilla
  263. [2016.04.25 07:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
  264. [2016.04.21 23:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrovision
  265. [2016.04.21 23:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Application Data\WinRAR
  266. [2016.04.20 05:09:12 | 000,110,080 | R--- | C] (ZTE Corporation) -- C:\WINDOWS\System32\drivers\ZTEusbnet.sys
  267. [2016.04.20 05:09:10 | 000,104,960 | R--- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
  268. [2016.04.20 05:09:06 | 000,104,960 | R--- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zteusbvoice.sys
  269. [2016.04.20 05:09:02 | 000,105,344 | R--- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
  270. [2016.04.20 05:08:58 | 000,104,960 | R--- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
  271. [2016.04.20 05:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Application Data\Vodafone
  272. [2016.04.20 05:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
  273. [2016.04.20 05:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
  274. [2016.04.20 05:08:37 | 000,007,680 | R--- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
  275. [2016.04.20 05:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vodafone
  276. [2016.04.20 05:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Vodafone
  277. [2016.04.20 05:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\Vodafone
  278. [2016.04.20 05:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Local Settings\Application Data\{A51078CA-7A85-4433-8D2D-35FB5D9A9609}
  279. [2016.04.15 06:36:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\čp\Desktop\tata
  280. [2016.04.12 02:14:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
  281. [2016.04.12 02:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Application Data\Uniblue
  282. [2016.04.12 02:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Local Settings\Application Data\ACD Systems
  283. [2016.04.12 02:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Application Data\ACD Systems
  284. [2016.04.12 02:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Start Menu\Programs\Webteh
  285. [2016.04.12 02:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Webteh
  286. [2016.04.12 02:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Application Data\BSplayer PRO
  287. [2016.04.12 02:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
  288. [2016.04.12 02:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Application Data\Macromedia
  289. [2016.04.12 02:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Application Data\Adobe
  290. [2016.04.12 02:04:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
  291. [2016.04.12 02:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
  292. [2016.04.12 02:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
  293. [2016.04.12 02:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Application Data\DivX
  294. [2016.04.12 02:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ACD Systems
  295. [2016.04.12 02:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
  296. [2016.04.12 02:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems
  297. [2016.04.12 02:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
  298. [2016.04.12 02:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Local Settings\Application Data\Downloaded Installations
  299. [2016.04.12 02:01:16 | 000,125,184 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagesrv.sys
  300. [2016.04.12 02:01:16 | 000,005,504 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagedrv.sys
  301. [2016.04.12 02:00:59 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
  302. [2016.04.12 02:00:59 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
  303. [2016.04.12 02:00:59 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
  304. [2016.04.12 02:00:59 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
  305. [2016.04.12 02:00:59 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
  306. [2016.04.12 02:00:59 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
  307. [2016.04.12 02:00:58 | 001,628,920 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
  308. [2016.04.12 02:00:58 | 000,518,904 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
  309. [2016.04.12 02:00:58 | 000,379,640 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
  310. [2016.04.12 02:00:58 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
  311. [2016.04.12 02:00:58 | 000,120,056 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
  312. [2016.04.12 02:00:58 | 000,118,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
  313. [2016.04.12 02:00:58 | 000,088,824 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
  314. [2016.04.12 02:00:58 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
  315. [2016.04.12 02:00:58 | 000,066,296 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
  316. [2016.04.12 02:00:58 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
  317. [2016.04.12 02:00:58 | 000,009,464 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
  318. [2016.04.12 02:00:58 | 000,009,336 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
  319. [2016.04.12 02:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
  320. [2016.04.12 02:00:57 | 000,551,672 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
  321. [2016.04.12 02:00:57 | 000,187,128 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
  322. [2016.04.12 02:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
  323. [2016.04.12 02:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX
  324. [2016.04.12 02:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Local Settings\Application Data\Microsoft Help
  325. [2016.04.12 02:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
  326. [2016.04.12 02:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
  327. [2016.04.12 02:00:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\čp\My Documents\My Videos
  328. [2016.04.12 02:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
  329. [2016.04.12 02:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
  330. [2016.04.12 02:00:33 | 000,000,000 | R--D | C] -- C:\MSOCache
  331. [2016.04.12 02:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
  332. [2016.04.12 02:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Start Menu\Programs\CCleaner
  333. [2012.04.09 02:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Application Data\Malwarebytes
  334. [2012.04.09 02:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
  335. [2012.04.09 02:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
  336. [2012.04.09 02:01:25 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
  337. [2012.04.09 02:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
  338. [2012.04.09 01:59:31 | 009,604,712 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\čp\Desktop\mbam-setup.exe
  339. [2012.04.09 01:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Desktop\BASE
  340. [2012.04.09 01:14:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
  341. [2012.04.09 01:07:34 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\čp\Desktop\TFC.exe
  342. [2012.04.09 01:03:20 | 000,000,000 | --SD | C] -- C:\ComboFix
  343. [2012.04.09 00:34:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
  344. [2012.04.09 00:32:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
  345. [2012.04.09 00:32:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
  346. [2012.04.09 00:32:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
  347. [2012.04.09 00:31:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
  348. [2012.04.09 00:31:07 | 000,000,000 | ---D | C] -- C:\Qoobox
  349. [2012.04.09 00:12:26 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\čp\Desktop\OTL.exe
  350. [2012.04.08 09:57:30 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
  351. [2012.04.05 22:07:34 | 000,000,000 | ---D | C] -- C:\Config.Msi
  352. [2012.04.03 16:48:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\čp\PrivacIE
  353. [2012.04.03 16:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Desktop\krk - 2012 uskršnji praznici
  354. [2012.03.26 21:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\čp\Desktop\Nova mapa
  355.  
  356. [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
  357.  
  358. [2016.05.08 03:50:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
  359. [2016.05.04 05:43:29 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\čp\Desktop\tata2.lnk.EnCiPhErEd
  360. [2016.04.29 05:07:49 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk.EnCiPhErEd
  361. [2016.04.29 05:07:49 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk.EnCiPhErEd
  362. [2016.04.26 03:15:36 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
  363. [2016.04.25 23:16:10 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\čp\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk.EnCiPhErEd
  364. [2016.04.25 23:16:10 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\čp\Desktop\PhotoScape.lnk.EnCiPhErEd
  365. [2016.04.25 07:50:37 | 000,000,396 | ---- | M] () -- C:\Documents and Settings\čp\Desktop\Wireless.lnk.EnCiPhErEd
  366. [2016.04.25 05:49:52 | 000,000,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\optidsl75.lnk.EnCiPhErEd
  367. [2016.04.12 02:06:04 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\čp\Application Data\Microsoft\Internet Explorer\Quick Launch\BS.Player PRO.lnk.EnCiPhErEd
  368. [2016.04.12 02:04:28 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk.EnCiPhErEd
  369. [2016.04.12 02:04:00 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\čp\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk.EnCiPhErEd
  370. [2016.04.12 02:01:01 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk.EnCiPhErEd
  371. [2016.04.12 02:00:45 | 000,001,460 | ---- | M] () -- C:\Documents and Settings\čp\Desktop\DivX Movies.lnk.EnCiPhErEd
  372. [2012.04.09 16:26:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
  373. [2012.04.09 16:04:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
  374. [2012.04.09 15:56:00 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
  375. [2012.04.09 15:55:49 | 000,444,666 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
  376. [2012.04.09 15:55:49 | 000,072,542 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
  377. [2012.04.09 15:52:02 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
  378. [2012.04.09 15:51:47 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
  379. [2012.04.09 15:51:44 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
  380. [2012.04.09 15:51:43 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
  381. [2012.04.09 15:51:43 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
  382. [2012.04.09 15:51:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
  383. [2012.04.09 06:32:19 | 000,407,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
  384. [2012.04.09 02:29:54 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
  385. [2012.04.09 02:05:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
  386. [2012.04.09 02:02:30 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\čp\Desktop\rkill.com
  387. [2012.04.09 02:00:53 | 009,604,712 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\čp\Desktop\mbam-setup.exe
  388. [2012.04.09 01:32:10 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\čp\Desktop\mbr.exe
  389. [2012.04.09 01:30:39 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\čp\Desktop\5vqinnei.exe
  390. [2012.04.09 01:07:35 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\čp\Desktop\TFC.exe
  391. [2012.04.09 00:58:02 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\čp\Desktop\Prečac do ComboFix.exe.lnk
  392. [2012.04.09 00:46:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
  393. [2012.04.09 00:34:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
  394. [2012.04.09 00:12:27 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\čp\Desktop\OTL.exe
  395. [2012.04.08 22:46:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
  396. [2012.04.08 09:57:30 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
  397. [2012.04.08 09:57:30 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
  398. [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
  399. [2012.04.02 16:55:00 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vodafone Mobile Connect.lnk.EnCiPhErEd
  400. [2012.03.25 15:48:48 | 000,182,366 | ---- | M] () -- C:\Documents and Settings\čp\Desktop\kozjak-staze.jpg.EnCiPhErEd
  401. [2012.03.18 12:19:03 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\čp\Desktop\krešina dijeta 14 dana.lnk.EnCiPhErEd
  402.  
  403. [color=#E56717]========== Files Created - No Company Name ==========[/color]
  404.  
  405. [2016.05.04 21:52:01 | 000,011,264 | -H-- | C] () -- C:\Documents and Settings\čp\My Documents\photothumb.db
  406. [2016.05.04 05:43:31 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\čp\Desktop\tata2.lnk.EnCiPhErEd
  407. [2016.04.29 05:07:49 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk.EnCiPhErEd
  408. [2016.04.26 03:15:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
  409. [2016.04.25 23:16:10 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\čp\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk.EnCiPhErEd
  410. [2016.04.25 23:16:10 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\čp\Desktop\PhotoScape.lnk.EnCiPhErEd
  411. [2016.04.25 22:19:20 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk.EnCiPhErEd
  412. [2016.04.25 07:50:37 | 000,000,396 | ---- | C] () -- C:\Documents and Settings\čp\Desktop\Wireless.lnk.EnCiPhErEd
  413. [2016.04.25 07:47:14 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\čp\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk.EnCiPhErEd
  414. [2016.04.25 07:47:14 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk.EnCiPhErEd
  415. [2016.04.25 05:49:52 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\optidsl75.lnk.EnCiPhErEd
  416. [2016.04.20 05:08:25 | 000,002,557 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vodafone Mobile Connect.lnk.EnCiPhErEd
  417. [2016.04.20 05:08:25 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vodafone SMS.lnk.EnCiPhErEd
  418. [2016.04.12 02:06:04 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\čp\Application Data\Microsoft\Internet Explorer\Quick Launch\BS.Player PRO.lnk.EnCiPhErEd
  419. [2016.04.12 02:04:28 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk.EnCiPhErEd
  420. [2016.04.12 02:04:28 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk.EnCiPhErEd
  421. [2016.04.12 02:04:00 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\čp\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk.EnCiPhErEd
  422. [2016.04.12 02:03:34 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\čp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  423. [2016.04.12 02:02:54 | 000,002,569 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ACDSee Photo Manager 2009.lnk.EnCiPhErEd
  424. [2016.04.12 02:01:01 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk.EnCiPhErEd
  425. [2016.04.12 02:00:45 | 000,001,460 | ---- | C] () -- C:\Documents and Settings\čp\Desktop\DivX Movies.lnk.EnCiPhErEd
  426. [2012.04.09 02:21:39 | 003,299,648 | ---- | C] () -- C:\Documents and Settings\čp\Desktop\P1070616.JPG
  427. [2012.04.09 02:02:23 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\čp\Desktop\rkill.com
  428. [2012.04.09 02:01:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
  429. [2012.04.09 01:32:10 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\čp\Desktop\mbr.exe
  430. [2012.04.09 01:30:38 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\čp\Desktop\5vqinnei.exe
  431. [2012.04.09 00:58:02 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\čp\Desktop\Prečac do ComboFix.exe.lnk
  432. [2012.04.09 00:45:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
  433. [2012.04.09 00:34:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
  434. [2012.04.09 00:34:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
  435. [2012.04.09 00:32:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
  436. [2012.04.09 00:32:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
  437. [2012.04.09 00:32:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
  438. [2012.04.09 00:32:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
  439. [2012.04.09 00:32:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
  440. [2012.04.08 09:57:31 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
  441. [2012.03.25 15:48:47 | 000,182,366 | ---- | C] () -- C:\Documents and Settings\čp\Desktop\kozjak-staze.jpg.EnCiPhErEd
  442. [2012.03.18 12:19:03 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\čp\Desktop\krešina dijeta 14 dana.lnk.EnCiPhErEd
  443. [2012.02.15 17:02:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
  444. [2011.11.24 21:50:58 | 000,000,354 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
  445. [2011.02.06 20:17:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
  446. [2010.11.16 23:51:00 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\čp\Local Settings\Application Data\fusioncache.dat
  447. [2010.05.03 15:50:26 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
  448. [2010.05.03 15:49:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
  449. [2010.05.03 15:47:52 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\AF15IRTBL.bin
  450. [2010.04.17 15:10:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
  451.  
  452. [color=#E56717]========== Custom Scans ==========[/color]
  453.  
  454. [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
  455.  
  456. [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe >[/color]
  457.  
  458. [color=#A23BEC]< MD5 for: AFD.SYS >[/color]
  459. [2011.08.17 15:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
  460. [2011.08.17 15:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
  461. [2011.02.16 15:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
  462. [2008.10.16 17:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
  463. [2008.08.14 12:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
  464. [2008.10.16 16:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
  465. [2008.08.14 12:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
  466. [2011.02.16 15:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
  467. [2008.06.20 13:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
  468. [2011.08.17 15:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
  469.  
  470. [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
  471. [2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
  472. [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
  473. [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
  474. [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
  475. [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
  476. [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
  477.  
  478. [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
  479. [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
  480. [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
  481. [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
  482.  
  483. [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
  484. [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
  485. [2008.04.14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
  486. [2008.04.14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
  487. [2008.04.14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
  488.  
  489. [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
  490. [2008.04.14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
  491. [2008.04.14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
  492. [2008.04.14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
  493.  
  494. [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
  495. [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
  496. [2008.04.14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
  497. [2008.04.14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
  498. [2008.04.14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
  499.  
  500. [color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color]
  501.  
  502. [color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
  503.  
  504. [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
  505. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011.11.21 06:33:03 | 000,714,416 | ---- | M] (Mozilla Corporation)
  506. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011.11.21 06:33:03 | 000,714,416 | ---- | M] (Mozilla Corporation)
  507. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011.11.21 06:33:03 | 000,714,416 | ---- | M] (Mozilla Corporation)
  508. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011.11.21 06:33:00 | 000,924,632 | ---- | M] (Mozilla Corporation)
  509. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011.11.21 06:33:00 | 000,924,632 | ---- | M] (Mozilla Corporation)
  510. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011.11.21 06:33:00 | 000,924,632 | ---- | M] (Mozilla Corporation)
  511. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011.12.16 14:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
  512. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011.12.16 14:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
  513. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011.12.16 14:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
  514. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009.03.08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
  515. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009.03.08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
  516.  
  517. [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
  518. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011.11.21 06:33:03 | 000,714,416 | ---- | M] (Mozilla Corporation)
  519. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011.11.21 06:33:03 | 000,714,416 | ---- | M] (Mozilla Corporation)
  520. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011.11.21 06:33:03 | 000,714,416 | ---- | M] (Mozilla Corporation)
  521. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011.11.21 06:33:00 | 000,924,632 | ---- | M] (Mozilla Corporation)
  522. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011.11.21 06:33:00 | 000,924,632 | ---- | M] (Mozilla Corporation)
  523. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011.11.21 06:33:00 | 000,924,632 | ---- | M] (Mozilla Corporation)
  524. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011.12.16 14:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
  525. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011.12.16 14:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
  526. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011.12.16 14:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
  527. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009.03.08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
  528. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009.03.08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
  529.  
  530. [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s >[/color]
  531. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
  532. "" =
  533. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
  534. "Installed" = 1
  535. "" =
  536. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
  537. "NoChange" = 1
  538. "Installed" = 1
  539. "" =
  540. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
  541. "Installed" = 1
  542. "" =
  543.  
  544. [color=#A23BEC]< HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost /s >[/color]
  545. "HTTPFilter" = HTTPFilter [binary data]
  546. "LocalService" = [Binary data over 100 bytes]
  547. "NetworkService" = DnsCache [binary data]
  548. "netsvcs" = [Binary data over 100 bytes]
  549. "DcomLaunch" = DcomLaunchTermService [binary data]
  550. "rpcss" = RpcSs [binary data] -- [2009.02.09 14:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
  551. "eapsvcs" = eaphost [binary data]
  552. "dot3svc" = dot3svc [binary data] -- [2008.04.14 05:41:54 | 000,132,096 | ---- | M] (Microsoft Corporation)
  553. "imgsvc" = StiSvc [binary data]
  554. "termsvcs" = TermService [binary data]
  555. "yksvcs" = yksvc [binary data]
  556. [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost\DComLaunch]
  557. "CoInitializeSecurityParam" = 1
  558. "DefaultRpcStackSize" = 8
  559. [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost\dot3svc]
  560. "AuthenticationCapabilities" = 12320
  561. "CoInitializeSecurityParam" = 1
  562. [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost\eapsvcs]
  563. "AuthenticationCapabilities" = 12320
  564. "CoInitializeSecurityParam" = 1
  565. [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost\HTTPFilter]
  566. "CoInitializeSecurityParam" = 1
  567. [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService]
  568. "CoInitializeSecurityParam" = 1
  569. "AuthenticationCapabilities" = 8192
  570. [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs]
  571. "CoInitializeSecurityParam" = 1
  572. "AuthenticationCapabilities" = 12320
  573. [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost\PCHealth]
  574. "CoInitializeSecurityParam" = 2
  575. "AuthenticationCapabilities" = 64
  576. [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs]
  577. "CoInitializeSecurityParam" = 1
  578. "DefaultRpcStackSize" = 8
  579.  
  580. [color=#E56717]========== Alternate Data Streams ==========[/color]
  581.  
  582. @Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
  583. @Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
  584. @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
  585.  
  586. < End of report >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!