Kako da se oslobodim ove napasti

Kako da se oslobodim ove napasti

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 9490
  • Gde živiš: ovalni kabinet

Od pre par dana imam problem koji ne mogu da rešim - pojavili su mi se nekakve reklamne gluposti koje prikazujem slikovito.
naime, kada odem kursorom na istaknutu zelenu rečenicu iskače mi prozor sa reklamom ka tupadžijskim sajtovima.
Pokušao sam da ovo uklonim sa Spybot S&D, Baidu antivirusom i nekim ADW Cleanerom ali ništa ne pomaže.






Evo log fajla od DDS-a
Arrow https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav Smile



Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

createsrpoint;
StandardSearch;
emptyfolderscheck;
installer-list;
installedprogs;
uninstall-list;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 9490
  • Gde živiš: ovalni kabinet

Odradio sam po uputstvu - evo izveštaja


Zoek.exe v5.0.0.0 Updated 17-February-2014
Tool run by User on Tue 02/18/2014 at 15:39:47.48.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Desktop\zzoek\zoek.pif [Scan all users] [Script inserted]

==== System Restore Info ======================

2/18/2014 3:41:08 PM Zoek.exe System Restore Point Created Succesfully.

==== Windows Installer Info ======================

7-Zip 9.20 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\96F071321C0410729002000010000000]C:\Windows

\Installer\24923.msi
ACDSee Pro 3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAF082B101EA13E44AA1BD93716D15CD]C:\Windows

\Installer\24993.msi
Adobe Reader XI (11.0.06) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\68AB67CA7DA73301B744BA0000000010]C:\Windows\Installer\2ea0f1c.msi
ASUS nVidia Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1C4AF1A11072C104C81EDFED5403F45F]C:

\Windows\Installer\1e9e5.msi
Call of Duty(R) 4 - Modern Warfare(TM) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\CC96484EE5365DF41A2241792C682D71]C:\Windows\Installer\b85db2.msi
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\9D7B51A8A8099FE4AB48A5DE6E7134EE]C:\Windows\Installer\1c5139f.msi
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\CF73C139D4959A341BF02A2F1B0F4389]C:\Windows\Installer\1c513a6.msi
Command & Conquer Generals [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\71008F6089F849C48B8625535896CF23]C:\Windows\Installer\b2131.msi
Command and ConquerTM Generals Zero Hour [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\342C9E3FE221B6D4CA1C1EEF0CF2C61A]C:\Windows\Installer\15fd5e.msi
D3DX10 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BD4C90EC03660F46A13E87A329932FA]C:\Windows

\Installer\2494b.msi
FormatFactory [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A4270C0AC9463594FBE17F383096969E]C:

\Windows\Installer\8af156.msi
Google Earth [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0336A2D4B8F23E11C9048BCAF6798BE8]C:\Windows

\Installer\14c158.msi
Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:

\Windows\Installer\18d57c1.msi
James Bond 007(TM) - Blood Stone [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\233A65A8338FFC54A902F65342508434]C:\Windows\Installer\1930926.msi
Java 7 Update 25 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF238120752FF]C:

\Windows\Installer\231be95.msi
Java Auto Updater [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401]C:

\Windows\Installer\1b1c42d.msi
Java(TM) 6 Update 33 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF238120633FF]C:

\Windows\Installer\627c5.msi
JavaFX 2.1.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F6071111A6667304777712318267D401]C:\Windows

\Installer\20f1153.msi
Medal of Honor (TM) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8B030514B8E3A264C830149DA53ABAB3]C:

\Windows\Installer\2d37fdf.msi
Microsoft Application Error Reporting [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\000021599B0090400000000000F01FEC]C:\Windows\Installer\2494f.msi
Microsoft Games for Windows - LIVE Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\0ED9D238CFA898648991D4BBEDDBE3F4]C:\Windows\Installer\2075dcb.msi
Microsoft Office Access MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\00002109510090400000000000F01FEC]C:\Windows\Installer\24a30.msi
Microsoft Office Access Setup Metadata MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\00002109711090400000000000F01FEC]C:\Windows\Installer\24a36.msi
Microsoft Office Enterprise 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\00002109030000000000000000F01FEC]C:\Windows\Installer\24a43.msi
Microsoft Office Excel MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\00002109610090400000000000F01FEC]C:\Windows\Installer\249e6.msi
Microsoft Office Groove MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\00002109AB0090400000000000F01FEC]C:\Windows\Installer\249f8.msi
Microsoft Office Groove Setup Metadata MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\00002109411090400000000000F01FEC]C:\Windows\Installer\249fe.msi
Microsoft Office InfoPath MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\00002109440090400000000000F01FEC]C:\Windows\Installer\24a04.msi
Microsoft Office OneNote MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\000021091A0090400000000000F01FEC]C:\Windows\Installer\24a3c.msi
Microsoft Office Outlook MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\00002109A10090400000000000F01FEC]C:\Windows\Installer\249ec.msi
Microsoft Office PowerPoint MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\00002109810090400000000000F01FEC]C:\Windows\Installer\249f2.msi
Microsoft Office Proof (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\00002109F10090400000000000F01FEC]C:\Windows\Installer\24a18.msi
Microsoft Office Proof (French) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\00002109F100C0400000000000F01FEC]C:\Windows\Installer\24a11.msi
Microsoft Office Proof (Spanish) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\00002109F100A0C00000000000F01FEC]C:\Windows\Installer\24a0a.msi
Microsoft Office Proofing (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\00002109C20090400000000000F01FEC]C:\Windows\Installer\24a1e.msi
Microsoft Office Publisher MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\00002109910090400000000000F01FEC]C:\Windows\Installer\24a24.msi
Microsoft Office Shared MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\00002109E60090400000000000F01FEC]C:\Windows\Installer\249da.msi
Microsoft Office Shared Setup Metadata MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\00002109511090400000000000F01FEC]C:\Windows\Installer\249e0.msi
Microsoft Office Word MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\00002109B10090400000000000F01FEC]C:\Windows\Installer\24a2a.msi
Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]C:

\Windows\Installer\24930.msi
Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\1D034B0FAA6BD374B960AAD30DF10D8B]C:\Windows\Installer\2496b.msi
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\3e43b73803c7c394f8a6b2f0402e19c2]C:\Windows\Installer\16c7df4.msi
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\b25099274a207264182f8181add555d0]C:\Windows\Installer\2134eec.msi
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\c1c4f01781cc94c4c8fb1542c0981a2a]C:\Windows\Installer\1179c71.msi
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\6F9E66FF7E38E3A3FA41D89E8A906A4A]C:\Windows\Installer\1aff49a.msi
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-

18\Products\D20352A90C039D93DBF6126ECE614057]C:\Windows\Installer\17eae2.msi
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-

18\Products\CFD2C1F142D260E3CB8B271543DA9F98]C:\Windows\Installer\24a48.msi
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-

18\Products\1D5E3C0FEDA1E123187686FED06E995A]C:\Windows\Installer\26d12d8.msi
MSVCRT [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6C64DD86500CEF47BA082BB611A1FF1]C:\Windows

\Installer\24947.msi
NVIDIA PhysX [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\67C4BD9B4A105D6498017FAA3667BDFA]C:\Windows

\Installer\1e9e1.msi
Skype Click to Call [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7692FC6BE18C0C0489510C7547EF1F02]C:

\Windows\Installer\1c436.msi
SkypeT 6.11 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E7FF67E4ABEA78C47B88DC745E24B5D9]C:\Windows

\Installer\11352.msi
Steam [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9C8928403D4AB094F99FBA20A329833F]C:\Windows

\Installer\32a7b8.msi
swMSM [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C43C21609E58D74B9C5F017D78D7262]C:\Windows

\Installer\1c43e95.msi
Windows Live Communications Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\3D04254D3B6B9FF42B3445CE3E1E0066]C:\Windows\Installer\2495b.msi
Windows Live Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\032440EF5AC97F34B985A55C2AA8F133]

C:\Windows\Installer\2497b.msi
Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\2B51DA16BD0568647A9341EF81D04492]C:\Windows\Installer\2493b.msi
Windows Live Installer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F132F0B0A6ECD384AA32773B467F9571]

C:\Windows\Installer\24943.msi
Windows Live Messenger [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\55565908215A0914C9DA0B003CD6B6B6]

C:\Windows\Installer\24983.msi
Windows Live Messenger [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\884FD4BEFEAAF6043A14BCA2AA13B509]

C:\Windows\Installer\24967.msi
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\4314AE291D01A814191EA5403531A183]C:\Windows\Installer\24973.msi
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\7F80AB91827CC964A853FBDB6333EB80]C:\Windows\Installer\2498b.msi
Windows Live Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\775F634D5961F2D4B844CA679CE90020]C:\Windows\Installer\2497f.msi
Windows Live Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\B6ACDB9A3563B764CA384963D73AFB3E]C:\Windows\Installer\24963.msi
Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\4A9D4F432C248434EB4F5E358C54947E]C:\Windows\Installer\24987.msi
Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\766F6333940964D4896BC447E3BE5C1B]C:\Windows\Installer\2496f.msi
Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\DFDBABC48F94DF74EBD7CEED270725A5]C:\Windows\Installer\2495f.msi
Windows Live SOXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4E3B286A696ED244AC1C470AE61874B]C:

\Windows\Installer\24957.msi
Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\26CEF00243C306D4C98ECE73E2100CF8]C:\Windows\Installer\24953.msi
Windows Live UX Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\E97A59ECCF4EFFF4A857920FB449F22F]C:\Windows\Installer\2493f.msi
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\FDEF50A6E266FB64A85210E0F3C1C996]C:\Windows\Installer\24977.msi
Windows Media Encoder 9 Series [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\0D00C83EB86A81348A6A7F4D5B1BFDE0]C:\Windows\Installer\4f09c.msi
Windows Movie Maker 2.6 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F45FAD3B52BD6854E91F692DB41B0488]

C:\Windows\Installer\1388817.msi
Windows XP Mode [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\36CC4731025Bf3f4898E9E20B00FC1FF]C:

\Windows\Installer\2ca3228.msi
YoutubeMovieMaker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\174C480EF8AF8644391F523B1AE39D24]C:

\Windows\Installer\2091a7f.msi

==== Empty Folders Check ======================

C:\Program Files\1C Company
C:\Program Files\Lavasoft
C:\Program Files\SoundSpectrum
C:\Program Files\TorrentSearch
C:\Program Files\WS-Booster
C:\PROGRA~2\4Sync
C:\Users\User\AppData\Roaming\Media Player Classic
C:\Windows\serviceprofiles\Localservice\AppData\Roaming\Xfire
C:\Users\User\AppData\Local\adawarebp
C:\Users\User\AppData\Local\GameSpy
C:\Users\User\AppData\Local\VirtualStore
C:\Users\User\AppData\Local\WMTools Downloaded Files

==== Installed Programs ======================

ćTorrent
7-Zip 9.20
ACDSee Pro 3
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.0
Ahead.Nero v9.4.13.2
AIMP2
ALCATEL PC Suite V6.3.28
ASIO4ALL
Assassin's Creed Revelations
ASUS nVidia Driver
Baidu Antivirus
BitTorrent
Call of Duty
Call of Duty Modern Warfare 2
Call of Duty Modern Warfare 3 version 1.0
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty: Black Ops
CCleaner
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Core FTP LE
CoreAAC
Counter-Strike 1.6
Counter-Strike Global Offensive
D3DX10
DAEMON Tools Lite
Ez To MP3 Converter
Facebook Video Calling 1.2.0.287
FileZilla Client 3.5.2
FL Studio 10
FLV Cutter 1.0
FormatFactory
Gadwin PrintScreen
GOM Player
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
James Bond 007(TM) - Blood Stone
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 37
JavaFX 2.1.1
K-Lite Mega Codec Pack 8.0.0
Mad Riders
Malwarebytes Anti-Malware verzija 1.75.0.1300
MCShield ::Anti-Malware Tool::
Medal of Honor
Medal of Honor (TM)
Metro Last Light
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 17.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (3.1.6)
MPEG2 Codec(libmpeg2/mad)
MSVCRT
Nokia Connectivity Cable Driver
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 266.77
NVIDIA 3D Vision Driver 266.77
NVIDIA Control Panel 266.77
NVIDIA Drivers
NVIDIA Graphics Driver 266.77
NVIDIA HD Audio Driver 1.1.13.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
Qtracker
Realtek High Definition Audio Driver
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
Skype Click to Call
SkypeT 6.11
SolveigMM AVI Trimmer
SpeedFan (remove only)
Spybot - Search & Destroy
Steam
StreamTransport version: 1.0.2.2171
SUPERAntiSpyware
swMSM
The KMPlayer (remove only)
The Saboteur
The SaboteurT
Total Commander (Remove or Repair)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
VuaaudIx
webasavee
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
Windows XP Mode
WinRAR archiver
World of Tanks v.0.6.5
WS-Sustainer 1.80
YoutubeAdblocker
YoutubeMovieMaker
Zero Gear Demo

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe
C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
G:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k swprv

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (Build 7600)
Memory (RAM): 3327 MB
CPU Info: AMD Athlon(tm) II X2 250 Processor
CPU Speed: 3008.1 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek Digital Output(Optical) |
Realtek Digital Output (Realtek |
Display Adapters: NVIDIA GeForce GTS 450 | NVIDIA GeForce GTS 450 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1440 X 900 - 32 bit
Network: Network Present
Network Adapters: NVIDIA nForce 10/100 Mbps Ethernet
CD / DVD Drives: 3x (E: | I: | J: | ) E: HL-DT-STDVDRAM GH22NS50 | I: DTSOFT BDROM | J: DTSOFT BDROM
Ports: COM1 LPT1
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 97.6GB | D: 368.1GB | G: 9.8GB | H: 27.5GB
Hard Disks - Free: C: 50.2GB | D: 85.2GB | G: 1.7GB | H: 7.2GB
Manufacturer *: Award Software International, Inc.
BIOS Info: AT/AT COMPATIBLE | 06/14/10 | DELL - 42302e31
Time Zone: Central Europe Standard Time
Motherboard *: Gigabyte Technology Co., Ltd. M52LT-D3
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Baidu Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Baidu Antivirus disabled (Outdated)
Default Browser: Windows® Internet Explorer 8.00.7600.16385 (win7_rtm.090713-1255)
Internet Explorer version: 8.0.7600.16385
Mozilla Firefox version: 17.0 (x86 en-US)
Google Chrome version: 32.0.1700.107
Adobe Reader version: 11.0.06.70
Sun Java version: 1.7.0_25 (32-bit)
Flash Player version: 12.0.0.44
Shockwave Player version: 12.0.7r148

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\User\AppData\Local\Temp ====
2014-02-17 13:15:09 C54B767CA838D6DD39CABC8DF017C34C 4048592 ----a-w- C:\Users\User\AppData\Local\temp\a86d3b05-5c83-47c8-be5d-

ca53148a59ee.exe
2014-02-17 13:13:11 061CEC0844761C1A353B40757DC687CA 1728896 ----a-w- C:\Users\User\AppData\Local\temp\aa83aae7-d3b0-408e-b16f-

61e238146a51.exe
====== Java Cache =====
2014-02-14 20:31:04 4CF2CBFA99CD797C4C73C62CBF539CBE 17298 ----a-w- C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache

\6.0\2\273acec2-23f56559
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-02-17 13:15:23 -------- d-----w- C:\Program Files\Lavasoft
2014-02-14 20:33:19 -------- d-----w- C:\Program Files\WS-Booster
2014-02-14 20:32:30 -------- d-----w- C:\Program Files\webasavee
2014-02-14 20:27:29 -------- d-----w- C:\Program Files\SNT
2014-02-14 20:26:38 -------- d-----w- C:\Program Files\YoutubeAdblocker
======= C: =====
2014-02-17 10:54:24 56F600D714371A449070EB29F165392E 275860 ----a-w- C:\cc_20140217_115416.reg
====== C:\Users\User\AppData\Roaming ======
2014-02-17 13:19:23 -------- d-----w- C:\Users\User\AppData\Roaming\LavasoftStatistics
2014-02-17 13:16:55 -------- d-----w- C:\Users\User\AppData\Local\adawarebp
2014-02-14 20:32:30 -------- d-----w- C:\Users\User\AppData\Locallow\{5482A6DC-10A1-FED7-2DBB-A1C8B0EF6012}
2014-02-14 20:27:29 -------- d-----w- C:\Users\User\AppData\Locallow\{0F46BAB1-9407-CD8D-0D7D-F5046023DF34}
2014-02-14 20:26:38 -------- d-----w- C:\Users\User\AppData\Locallow\{F238104A-66D0-9EE3-B3D5-E304E0382661}
2014-02-14 20:26:29 -------- d-----w- C:\Users\User\AppData\Locallow\{4A5D9FC0-AA0B-871C-281D-C30F27577B10}
2014-02-14 20:26:21 -------- d-----w- C:\Users\User\AppData\Local\Comodo
2014-02-14 20:26:21 -------- d-----w- C:\Users\Guest\AppData\Local\Torch
2014-02-14 20:26:21 -------- d-----w- C:\Users\Guest\AppData\Local\Google
2014-02-14 20:26:21 -------- d-----w- C:\Users\Guest\AppData\Local\Comodo
2014-02-14 20:26:21 -------- d-----w- C:\Users\Administrator\AppData\Local\Torch
2014-02-14 20:26:21 -------- d-----w- C:\Users\Administrator\AppData\Local\Google
2014-02-14 20:26:21 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo
2014-02-05 10:30:31 -------- d-----w- C:\Users\User\AppData\Roaming\Mikrotik
====== C:\Users\User ======
2014-02-17 13:41:41 -------- d-----w- C:\ProgramData\Baidu
2014-02-17 13:13:11 -------- d-----w- C:\ProgramData\Lavasoft
2014-02-14 20:32:30 -------- d-----w- C:\ProgramData\webasavee
2014-02-14 20:27:29 -------- d-----w- C:\ProgramData\SNT
2014-02-14 20:27:13 -------- d-----w- C:\ProgramData\GreatSoft
2014-02-14 20:26:54 80477A91FF39AF471E001C61CF31A0BD 1154 --sha-r- C:\ProgramData\ntuser.pol
2014-02-14 20:26:38 -------- d-----w- C:\ProgramData\YoutubeAdblocker
2014-02-14 20:26:21 -------- d-----w- C:\Users\Guest\AppData
2014-02-14 20:26:21 -------- d-----w- C:\Users\Administrator\AppData
2014-02-14 20:26:21 -------- d-----w- C:\ProgramData\341c809bbba4f394

====== C: exe-files ==
2014-02-17 13:15:09 C54B767CA838D6DD39CABC8DF017C34C 4048592 ----a-w- C:\Users\User\AppData\Local\temp\a86d3b05-5c83-47c8-be5d-

ca53148a59ee.exe
2014-02-17 13:13:11 061CEC0844761C1A353B40757DC687CA 1728896 ----a-w- C:\Users\User\AppData\Local\temp\aa83aae7-d3b0-408e-b16f-

61e238146a51.exe
2014-02-14 20:32:44 C023BE37240262B15AC48AB871E2F2B4 423424 ----a-w- C:\ProgramData\YoutubeAdblocker\35YnOavi_K.exe
2014-02-14 20:32:31 C023BE37240262B15AC48AB871E2F2B4 423424 ----a-w- C:\ProgramData\webasavee\Bv1t9Wm5TW.exe
2014-02-14 20:28:02 E717F6CE3A7429BFA6D7F3CF66737A4B 15968 --s-a-r- C:\ProgramData\InstallMate\{04490F03-ADFA-403D-A2D6-

E5D8DFAA2DF5}\Setup.exe
2014-02-14 20:27:29 815B3303270EA4CE5A226F0E011F1BD5 420352 ----a-w- C:\ProgramData\SNT\7oE43u.exe
2014-02-14 20:26:54 C023BE37240262B15AC48AB871E2F2B4 423424 ----a-w- C:\ProgramData\YoutubeAdblocker\_Ecvkg.exe
2014-02-14 20:26:38 C023BE37240262B15AC48AB871E2F2B4 423424 ----a-w- C:\ProgramData\YoutubeAdblocker\2P8xHn.exe
=== C: other files ==
2014-02-17 12:59:55 98AA929BDD3D807248B1C334CF577116 57702 ----a-w- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles

\zqpgwt7a.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi
2014-02-14 20:32:44 8077C9C6DB93133C8169E1EDF59A0821 9006 ----a-w- C:\ProgramData\YoutubeAdblocker\jngocbeodikkdmacgllhacghlaakffif

\jngocbeodikkdmacgllhacghlaakffif.crx
2014-02-14 20:26:54 95A3C483E71A09A72D45A016F36C8F62 8994 ----a-w- C:\ProgramData\YoutubeAdblocker\cffdheckgkfdkdkaiojeldeifaeieajj

\cffdheckgkfdkdkaiojeldeifaeieajj.crx

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3641395576-2003788952-3425881642-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="C:\Program Files\MCShield\mcshieldrtm.exe"
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"Google Update"="C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s"
"Baidu Antivirus"="C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe -auto"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Search Protection"="C:\ProgramData\Search Protection\SearchProtection.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="C:\Program Files\MCShield\mcshieldrtm.exe"
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"Google Update"="C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe /c"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\wuauserv]


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02/06/2014 09:44 AM]
C:\Windows\tasks\AutoSmartDefrag.job --a------ C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe []
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core.job --a------ C:\Users\User\AppData\Local\Facebook\Update

\FacebookUpdate.exe []
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA.job --a------ C:\Users\User\AppData\Local\Facebook\Update

\FacebookUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08/07/2011 09:13 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08/07/2011 09:13 AM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core.job --a------ C:\Users\User\AppData\Local\Google\Update

\GoogleUpdate.exe [09/22/2013 08:19 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA.job --a------ C:\Users\User\AppData\Local\Google\Update

\GoogleUpdate.exe [09/22/2013 08:19 PM]
C:\Windows\tasks\ZoomExUpdaterTask{6A34AEEC-7877-4C0D-81DC-2955B7C49CFE}.job --ah----- C:\ProgramData\Premium\ZoomEx\ZoomEx.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\0" [c:\program files\internet explorer\iexplore.exe]
"C:\Windows\system32\tasks\4596" [wscript.exe C:\Users\User\AppData\Local\Temp\launchie.vbs //B]
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\AutoSmartDefrag" [G:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core" [C:\Users\User\AppData\Local\Facebook\Update

\FacebookUpdate.exe]
"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA" [C:\Users\User\AppData\Local\Facebook\Update

\FacebookUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core" [C:\Users\User\AppData\Local\Google\Update

\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA" [C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\system32\tasks\User_Feed_Synchronization-{2012CD6E-A8EA-4182-A57F-DF7284C8CE6E}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\system32\tasks\ZoomExUpdaterTask{6A34AEEC-7877-4C0D-81DC-2955B7C49CFE}" [C:\ProgramData\Premium\ZoomEx\ZoomEx.exe]

==== Firefox Extensions ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Zoomex - %ProfilePath%\extensions\50ef17c153b4d@50ef17c153b87.com
- webasavee - %ProfilePath%\extensions\9a0uiei5yb@tbzkkaoo.edu
- Flash Video Downloader - %ProfilePath%\extensions\artur.dubovoy@gmail.com
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com
- Battlefield Play4Free - %ProfilePath%\extensions\battlefieldplay4free@ea.com
- YouTube mp3 - %ProfilePath%\extensions\info@youtube-mp3.org
- SNT - %ProfilePath%\extensions\o98.xagm@lryrtkukaieiyoa.com
- Vaudixu - %ProfilePath%\extensions\ook5yuio@em-rx.edu
- VideoFileDownload - Download YouTube Videos - %ProfilePath%\extensions\plugin@videofiledownload.com
- Keep Tube Downloader - %ProfilePath%\extensions\webmaster@keep-tube.com
- EZ to MP3 Converter - %ProfilePath%\extensions\youtube-mp3@eztomp3.com
- YouTube to MP3 - %ProfilePath%\extensions\youtube2mp3@mondayx.de
- YoutubeAdblocker - %ProfilePath%\extensions\zp0rcpwl@xtsm.org
- Undetermined - %ProfilePath%\extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}-TRASH
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Gmail Watcher - %ProfilePath%\extensions\gmailwatcher@sonthakit.xpi
- PageTweak - %ProfilePath%\extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi
- AniWeather - %ProfilePath%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
- Updated Ad Blocker for Firefox 11 - %ProfilePath%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Download Statusbar - %ProfilePath%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
- Redirect Remover - %ProfilePath%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

==== Firefox Plugins ======================

Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default
FD6ACD9D85177259D442A0C4AC15F7B8 - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash
FE5EBC41BC74FEB22D64FCB715F067F5 - C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
4CD25DDA1221224BB92591756ED12602 - C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
A0D63D14016C75D718F5432B13FC6576 - C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
C36444D7301A8C881FC7296B092609C7 - C:\Users\User\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update
C36444D7301A8C881FC7296B092609C7 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update
F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
BE501CBC29B2025A263D80D399F1797A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17
045DCEC5BBF3C9F4A0788FDF90B1DEDE - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\battlefieldplay4free@ea.com

\plugins\npBP4FUpdater.dll - Battlefield Play4Free Updater
E6728F685FA215AF79869CB1B5D4A56C - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION
FC5807B1A2BCEE041A4159431ADD111B - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision
CF46E0E1398B382CE0CE738C67A38DD1 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin
9A6101F29E2E9D41B99CBCC8F106E8FE - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL - 2007 Microsoft Office system
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
B27CCB1168B1960AEC6E9D3E0E0F0D2A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dpcomnokkgidfbnbfhfpofbgieghedec - C:\Program Files\EzToMP3\eztomp3.crx[09/17/2012 07:13 PM]
joifgdlkhokekeaenpkaehbnjhncglbh - C:\ProgramData\TheBflix\joifgdlkhokekeaenpkaehbnjhncglbh.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[10/09/2013 09:59 AM]
oejkcgajlodefenbbjdnaiahmbnnoole - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx[]

Vaudixu - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - Administrator\AppData\Local\Torch\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - Administrator\AppData\Local\Torch\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - Administrator\AppData\Local\Torch\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - Administrator\AppData\Local\Torch\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - Administrator\AppData\Local\Torch\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - Administrator\AppData\Local\Torch\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - Guest\AppData\Local\Torch\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - Guest\AppData\Local\Torch\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - Guest\AppData\Local\Torch\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - Guest\AppData\Local\Torch\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - Guest\AppData\Local\Torch\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - Guest\AppData\Local\Torch\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Google Docs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Vaudixu - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
Google Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
EZ to MP3 Converter - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpcomnokkgidfbnbfhfpofbgieghedec
YTBookMaarK - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
Skype for Chromium - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
YoutubeAdblocker - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.rs/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Uninstall List x86 ======================

ćTorrent [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent]
7-Zip 9.20 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{23170F69-40C1-2701-0920-000001000000}]
ACDSee Pro 3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}]
Adobe Flash Player 12 ActiveX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Adobe Flash Player 12 Plugin [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]
Adobe Reader XI (11.0.06) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}]
Adobe Shockwave Player 12.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player]
Ahead.Nero v9.4.13.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ahead.Nero_is1]
AIMP2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AIMP2]
ALCATEL PC Suite V6.3.28 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ALCATEL PC Suite_is1]
ASIO4ALL [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL]
Assassin's Creed Revelations [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}]
ASUS nVidia Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}]
Baidu Antivirus [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
BitTorrent [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent]
Call of Duty [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Call of Duty]
Call of Duty Modern Warfare 2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Call of Duty Modern Warfare 2_is1]
Call of Duty Modern Warfare 3 version 1.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4B7IL77L-LKS1-75B1-CODMW3-18CD6E6334R1}

_is1]
Call of Duty(R) 4 - Modern Warfare(TM) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E48469CC-635E-4FD5-A122-1497C286D217}]
Call of Duty(R) 4 - Modern Warfare(TM) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{E48469CC-635E-4FD5-A122-

1497C286D217}]
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A15B7D9-908A-4EF9-BA84-

5AEDE61743EE}]
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{8A15B7D9-908A-4EF9-

BA84-5AEDE61743EE}]
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{931C37FC-594D-43A9-B10F-

A2F2B1F03498}]
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{931C37FC-594D-43A9-

B10F-A2F2B1F03498}]
Call of Duty: Black Ops [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Call of Duty: Black Ops_is1]
CCleaner [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
Command & Conquer Generals [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{06F80017-8F98-4C94-B868-52358569FC32}]
Command & Conquer Generals [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}]
Command and ConquerTM Generals Zero Hour [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}]
Command and ConquerTM Generals Zero Hour [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{F3E9C243-122E-4D6B-ACC1-

E1FEC02F6CA1}]
Core FTP LE [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CoreFTP]
CoreAAC [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CoreAAC]
Counter-Strike 1.6 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}]
Counter-Strike Global Offensive [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Counter-Strike Global Offensive_is1]
D3DX10 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}]
DAEMON Tools Lite [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
Ez To MP3 Converter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EzToMP3]
Facebook Video Calling 1.2.0.287 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}]
FileZilla Client 3.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Client]
FL Studio 10 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\FL Studio 10]
FLV Cutter 1.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Cutter_is1]
FormatFactory [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A0C0724A-649C-4953-BF1E-F783036969E9}]
Gadwin PrintScreen [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadwin PrintScreen]
GOM Player [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\GOM Player]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Earth [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}]
Google Talk Plugin [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{41101F0C-DBD9-321C-A6B1-E0689B495A4E}]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
James Bond 007(TM) - Blood Stone [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A56A332-F833-45CF-9A20-6F3524054843}]
Java 7 Update 25 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217025FF}]
Java Auto Updater [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}]
Java(TM) 6 Update 37 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216033FF}]
JavaFX 2.1.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1111706F-666A-4037-7777-211328764D10}]
K-Lite Mega Codec Pack 8.0.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\KLiteCodecPack_is1]
Mad Riders [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mad Riders_is1]
Malwarebytes Anti-Malware verzija 1.75.0.1300 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1]
MCShield ::Anti-Malware Tool:: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MCShield]
Medal of Honor (TM) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}]
Medal of Honor [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5A274D69-F9BB-4AA9-85C9-440FA947DF04}_is1]
Metro Last Light [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Metro Last Light_is1]
Microsoft Games for Windows - LIVE Redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{832D9DE0-8AFC-4689-9819-

4DBBDEBD3E4F}]
Microsoft Office Enterprise 2007 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE]
Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-

AA3DD01FD0B8}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FF66E9F6-83E7-3A3E-AF14-

8DE9A809A6A4}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-

BD6F-21E6EC160475}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-

BCB8-725134ADF989}]
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167

-68EF0DE699A5}]
Mozilla Firefox 17.0 (x86 en-US) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 17.0 (x86 en-US)]
Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService]
Mozilla Thunderbird (3.1.6) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird (3.1.6)]
MPEG2 Codec(libmpeg2/mad) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MPEG2 Codec(libmpeg2/mad)]
MSVCRT [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}]
Nokia Connectivity Cable Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}]
NVIDIA 3D Vision Controller Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA StereoUSB Driver]
NVIDIA 3D Vision Controller Driver 266.77 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

_Display.NVIRUSB]
NVIDIA 3D Vision Driver 266.77 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

_Display.3DVision]
NVIDIA Control Panel 266.77 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}

_Display.ControlPanel]
NVIDIA Drivers [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers]
NVIDIA Graphics Driver 266.77 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver]
NVIDIA HD Audio Driver 1.1.13.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

_HDAudio.Driver]
NVIDIA Install Application [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer]
NVIDIA PhysX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}]
NVIDIA PhysX System Software 9.10.0514 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

_Display.PhysX]
NVIDIA Stereoscopic 3D Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIAStereo]
Qtracker [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Qtracker]
Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}]
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{406FB8A4-F539-48A9-809C-F94706F9C9F6}

_is1]
Skype Click to Call [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B6CF2967-C81E-40C0-9815-C05774FEF120}]
SkypeT 6.11 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}]
SolveigMM AVI Trimmer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SolveigMM AVI Trimmer 2.0.1210.11]
SpeedFan (remove only) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedFan]
Spybot - Search & Destroy [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1]
Steam [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{048298C9-A4D3-490B-9FF9-AB023A9238F3}]
StreamTransport version: 1.0.2.2171 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1]
SUPERAntiSpyware [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}]
swMSM [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}]
The KMPlayer (remove only) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\The KMPlayer]
The Saboteur [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Saboteur_R.G. Mechanics_is1]
The SaboteurT [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}]
Total Commander (Remove or Repair) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Totalcmd]
VuaaudIx [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{681002C6-5019-81A2-7871-A43754F71E56}]
webasavee [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}]
Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite]
Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{61AD15B2-50DB-4686-A739-14FE180D4429}]
Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0B0F231F-CE6A-483D-AA23-77B364F75917}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{80956555-A512-4190-9CAD-B000C36D6B6B}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EB4DF488-AAEF-406F-A341-CB2AAA315B90}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{19BA08F7-C728-469C-8A35-BFBD3633BE08}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92EA4134-10D1-418A-91E1-5A0453131A38}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D436F577-1695-4D2F-8B44-AC76C99E0002}]
Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3336F667-9049-4D46-98B6-4C743EEBC5B1}]
Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{34F4D9A4-42C2-4348-BEF4-E553C84549E7}]
Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}]
Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}]
Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}]
Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}]
Windows Media Encoder 9 Series [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}]
Windows Media Encoder 9 Series [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Encoder 9]
Windows Media Player Firefox Plugin [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}]
Windows Movie Maker 2.6 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}]
Windows XP Mode [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}]
WinRAR archiver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]
World of Tanks v.0.6.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1]
WS-Sustainer 1.80 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{927d4ead}]
YoutubeAdblocker [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}]
YoutubeAdblocker [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF830981-8F31-C561-C7A0-FE2CE1878B40}]
YoutubeMovieMaker [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E084C471-FA8F-4468-93F1-25B3A13ED942}]
Zero Gear Demo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 18800]

==== HijackThis Entries ======================

O2 - BHO: SNT - {0F46BAB1-9407-CD8D-0D7D-F5046023DF34} - (no file)
O2 - BHO: VuaaudIx - {4A5D9FC0-AA0B-871C-281D-C30F27577B10} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: webasavee - {5482A6DC-10A1-FED7-2DBB-A1C8B0EF6012} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: YoutubeAdblocker - {F238104A-66D0-9EE3-B3D5-E304E0382661} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Baidu Antivirus] "C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [MCShield Monitor] C:\Program Files\MCShield\mcshieldrtm.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy

\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash

\FlashPlayerUpdateService.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Tue 02/18/2014 at 15:46:23.15 ======================

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Ponovo pokreni zoek ;


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;


U beli okvir prozora iskopiraj sledeći tekst:

emptyfolderscheck;delete
gpt.ini;z
C:\Windows\System32\GroupPolicy;v
C:\Program Files\webasavee;fs
C:\Program Files\SNT;fs
C:\Program Files\YoutubeAdblocker;fs
C:\ProgramData\webasavee;fs
C:\ProgramData\SNT;fs
C:\ProgramData\YoutubeAdblocker;fs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
"Search Protection"=-;r
C:\ProgramData\Search Protection;fs
Zoomex;ff
webasavee;ff
SNT;ff
YoutubeAdblocker;ff
Undetermined;ff
joifgdlkhokekeaenpkaehbnjhncglbh;chr
C:\ProgramData\TheBflix;fs
gnpnjimeojejhhpfnmiiakafipfnbhej;chr
hhfbaefaccjoefabcglpbmjjaiamodni;chr
igapgnpnmadafimalefljcfplikonjpp;chr
jehicmdojangjbnkjlofokgjpdmmjolh;chr
poglacnclelafehlokdcffihgljekapl;chr
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF830981-8F31-C561-C7A0-FE2CE1878B40}];r
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}];r
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}];r
autoclean;
emptyalltemp;




Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 9490
  • Gde živiš: ovalni kabinet

Odrađeno sve kako si rekao - koliko vidim na prvi momenat, nema više onih problema zbog kojih sam tražio pomoć

U svakom slučaju, ako je to to, zahvaljujem na pomoći Ziveli - evo i log file

PS - možeš li mi objasniti šta je tačno bio problem tj. šta je u ovom log file-u ono na šta treba da obratim pažnju i da li ga je Zoek eliminisao ?

************************************************************************

Zoek.exe v5.0.0.0 Updated 17-February-2014
Tool run by User on Tue 02/18/2014 at 16:35:31.16.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Desktop\zoek.scr [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-02-18-144623.log 72439 bytes

==== Empty Folders Check ======================

C:\Program Files\1C Company deleted successfully
C:\Program Files\Lavasoft deleted successfully
C:\Program Files\SoundSpectrum deleted successfully
C:\Program Files\TorrentSearch deleted successfully
C:\Program Files\WS-Booster deleted successfully
C:\PROGRA~2\4Sync deleted successfully
C:\Users\User\AppData\Roaming\Media Player Classic deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Roaming\Xfire deleted successfully
C:\Users\User\AppData\Local\adawarebp deleted successfully
C:\Users\User\AppData\Local\GameSpy deleted successfully
C:\Users\User\AppData\Local\VirtualStore deleted successfully
C:\Users\User\AppData\Local\WMTools Downloaded Files deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20140218_0449_.backup

ProfilePath: C:\Users\User\AppData\Roaming\Thunderbird\Profiles\n3h9i4ig.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20140218_0449_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"=-
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF830981-8F31-C561-C7A0-FE2CE1878B40}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}]

==== Deleting Files \ Folders ======================

C:\ProgramData\Search Protection not found
C:\ProgramData\TheBflix not found
C:\Program Files\webasavee deleted
C:\Program Files\SNT deleted
C:\Program Files\YoutubeAdblocker deleted
C:\ProgramData\webasavee deleted
C:\ProgramData\SNT deleted
C:\ProgramData\YoutubeAdblocker deleted
C:\Users\User\AppData\LocalLow\{4A5D9FC0-AA0B-871C-281D-C30F27577B10} deleted
C:\Users\User\AppData\LocalLow\{5482A6DC-10A1-FED7-2DBB-A1C8B0EF6012} deleted
C:\Users\User\AppData\LocalLow\{F238104A-66D0-9EE3-B3D5-E304E0382661} deleted
C:\Users\User\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\PROGRA~2\Baidu deleted
C:\PROGRA~2\Cloud Software LTD deleted
C:\PROGRA~2\InstallMate deleted
C:\PROGRA~2\GreatSoft deleted
C:\Windows\wininit.ini deleted
C:\Windows\system32\tasks\ZoomExUpdaterTask{6A34AEEC-7877-4C0D-81DC-2955B7C49CFE} deleted
C:\Windows\tasks\ZoomExUpdaterTask{6A34AEEC-7877-4C0D-81DC-2955B7C49CFE}.job deleted
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\jetpack deleted
D:\DOWNLOAD\Download.exe deleted
D:\DOWNLOAD\DownloadSetup.exe deleted
D:\DOWNLOAD\DownloadSetup(1).exe deleted
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\50ef17c153b4d@50ef17c153b87.com deleted
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\9a0uiei5yb@tbzkkaoo.edu deleted
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\o98.xagm@lryrtkukaieiyoa.com deleted
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\ook5yuio@em-rx.edu deleted
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\zp0rcpwl@xtsm.org deleted
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}-TRASH deleted
"C:\PROGRA~2\341c809bbba4f394\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}" deleted
"C:\PROGRA~2\341c809bbba4f394\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\PROGRA~2\341c809bbba4f394\{681002C6-5019-81A2-7871-A43754F71E56}" deleted
"C:\PROGRA~2\341c809bbba4f394\{681002C6-5019-81A2-7871-A43754F71E56}.old" deleted
"C:\PROGRA~2\341c809bbba4f394\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted
"C:\PROGRA~2\341c809bbba4f394\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" deleted
"C:\PROGRA~2\341c809bbba4f394\{CF830981-8F31-C561-C7A0-FE2CE1878B40}" deleted
"C:\PROGRA~2\341c809bbba4f394\{CF830981-8F31-C561-C7A0-FE2CE1878B40}.old" deleted
"C:\PROGRA~2\341c809bbba4f394\{E32743D3-5789-6E4F-3998-06FB87C9214B}" deleted
"C:\PROGRA~2\341c809bbba4f394" deleted

==== Folders Found ======================


==== Files Found ======================


--- C:\Windows\System32\GroupPolicy\gpt.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 165
Created time: 2014-02-14 20:26:54
Modified time: 2014-02-14 20:32:44
MD5: 5DF4B6C576BDE444CE0A6B980D4B8D18
SHA1: 7E67FD867B73A1A9AE0C45E3D8254528552F5867


==== Folders Found In C:\Windows\System32\GroupPolicy ======================

2014-02-14 20:26:54 d-----w- C:\Windows\System32\GroupPolicy\Machine
2014-02-14 20:26:54 d-----w- C:\Windows\System32\GroupPolicy\User

==== Files Found In C:\Windows\System32\GroupPolicy ======================

2014-02-14 20:32:44 165 ----a-w- 5DF4B6C576BDE444CE0A6B980D4B8D18 C:\Windows\System32\GroupPolicy\gpt.ini

==== Firefox Extensions ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Flash Video Downloader - %ProfilePath%\extensions\artur.dubovoy@gmail.com
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com
- Battlefield Play4Free - %ProfilePath%\extensions\battlefieldplay4free@ea.com
- YouTube mp3 - %ProfilePath%\extensions\info@youtube-mp3.org
- VideoFileDownload - Download YouTube Videos - %ProfilePath%\extensions\plugin@videofiledownload.com
- Keep Tube Downloader - %ProfilePath%\extensions\webmaster@keep-tube.com
- EZ to MP3 Converter - %ProfilePath%\extensions\youtube-mp3@eztomp3.com
- YouTube to MP3 - %ProfilePath%\extensions\youtube2mp3@mondayx.de
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Gmail Watcher - %ProfilePath%\extensions\gmailwatcher@sonthakit.xpi
- PageTweak - %ProfilePath%\extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi
- AniWeather - %ProfilePath%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
- Updated Ad Blocker for Firefox 11 - %ProfilePath%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Download Statusbar - %ProfilePath%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
- Redirect Remover - %ProfilePath%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

==== Firefox Plugins ======================

Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default
FD6ACD9D85177259D442A0C4AC15F7B8 - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash
FE5EBC41BC74FEB22D64FCB715F067F5 - C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
4CD25DDA1221224BB92591756ED12602 - C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
A0D63D14016C75D718F5432B13FC6576 - C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
C36444D7301A8C881FC7296B092609C7 - C:\Users\User\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update
C36444D7301A8C881FC7296B092609C7 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update
F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
BE501CBC29B2025A263D80D399F1797A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17
045DCEC5BBF3C9F4A0788FDF90B1DEDE - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll - Battlefield Play4Free Updater
E6728F685FA215AF79869CB1B5D4A56C - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION
FC5807B1A2BCEE041A4159431ADD111B - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision
CF46E0E1398B382CE0CE738C67A38DD1 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin
9A6101F29E2E9D41B99CBCC8F106E8FE - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL - 2007 Microsoft Office system
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
B27CCB1168B1960AEC6E9D3E0E0F0D2A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight


==== Deleted Firefox Extensions ======================

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\plugin@videofiledownload.com deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dpcomnokkgidfbnbfhfpofbgieghedec - C:\Program Files\EzToMP3\eztomp3.crx[09/17/2012 07:13 PM]
joifgdlkhokekeaenpkaehbnjhncglbh - C:\ProgramData\TheBflix\joifgdlkhokekeaenpkaehbnjhncglbh.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[10/09/2013 09:59 AM]
oejkcgajlodefenbbjdnaiahmbnnoole - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx[]

Vaudixu - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - Administrator\AppData\Local\Torch\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - Administrator\AppData\Local\Torch\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - Administrator\AppData\Local\Torch\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - Administrator\AppData\Local\Torch\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - Administrator\AppData\Local\Torch\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - Administrator\AppData\Local\Torch\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - Guest\AppData\Local\Torch\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - Guest\AppData\Local\Torch\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - Guest\AppData\Local\Torch\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - Guest\AppData\Local\Torch\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - Guest\AppData\Local\Torch\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - Guest\AppData\Local\Torch\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Google Docs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Vaudixu - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
Google Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
EZ to MP3 Converter - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpcomnokkgidfbnbfhfpofbgieghedec
YTBookMaarK - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
Skype for Chromium - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
YoutubeAdblocker - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl
Vaudixu - User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl
YTBookMaarK - User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej
webasavee - User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni
Help Save - User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
SNT - User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh
YoutubeAdblocker - User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl

==== Chrome Fix ======================

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej deleted successfully
C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej deleted successfully
C:\Users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gnpnjimeojejhhpfnmiiakafipfnbhej deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni deleted successfully
C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni deleted successfully
C:\Users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhfbaefaccjoefabcglpbmjjaiamodni deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp deleted successfully
C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp deleted successfully
C:\Users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh deleted successfully
C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh deleted successfully
C:\Users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jehicmdojangjbnkjlofokgjpdmmjolh deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl deleted successfully
C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl deleted successfully
C:\Users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\poglacnclelafehlokdcffihgljekapl deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl deleted successfully
C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl deleted successfully
C:\Users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cigddnildmlchiodndbnfppgehdpfkgl deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.rs/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.rs/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\4b596e01-2d68-49b7-86e1-fb009da52b36 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{47032135-3BCB-49C4-C6C2-1A3DB417BFB3} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{750993A1-6E71-D63B-3FA7-B7E012541CF6} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{766FC967-A63B-8B39-6F0E-53E49641DA47} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92A6A147-2AD6-F738-9C81-8D690F88D989} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9556DDBD-3D31-B652-6C17-64BDD0ADACE0} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AD69ABCC-A8E1-051D-E276-A873995332DA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCA612C6-085E-0363-E45C-B4E1E9D94C43} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\joifgdlkhokekeaenpkaehbnjhncglbh deleted successfully
HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{681002C6-5019-81A2-7871-A43754F71E56} deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\zqpgwt7a.default\Cache emptied successfully
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\yasearch-xb\packages\{0433ad9d-a247-4892-bfaf-58b408d5ed2a}\modules\common\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=547 folders=201 22233446 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\User\AppData\Local\temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on Tue 02/18/2014 at 16:59:39.84 ======================

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Problem je bio adware i silne ekstenzije koje si imao instalirane. Nakon sto smo ih uklonili, problem je naravno nestao Smile

Jos jedna skripta sa Zoek-om, pa zavrsavamo:

Ponovo pokreni zoek ;


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;


U beli okvir prozora iskopiraj sledeći tekst:

C:\Windows\System32\GroupPolicy\gpt.ini;f
C:\Windows\System32\GroupPolicy\Machine;fs
C:\Windows\System32\GroupPolicy\User;fs




Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.




Zatim





Preuzmi aswMBR i sacuvaj ga na Desktop.

Dvoklikom pokreni aswMBR.

Ukoliko dobijes sledecu poruku:
Would you like to download latest Avast! virus definitions?
Klikni na dugme Yes i pricekaj da se proces preuzimanja definicija zavrsi.


Proveri da je pod AV Scan: izabrana opcija QuickScan

Klikni na Scan.

Kada zavrsi skeniranje ( Scan finished successfully ) klikni Save log.
Sacuvaj aswMBR log na Desktop.
Sadrzaj tog loga iskopiraj u temi.

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 9490
  • Gde živiš: ovalni kabinet

Zoek izveštaj:

Zoek.exe v5.0.0.0 Updated 15-February-2014
Tool run by User on Tue 02/18/2014 at 17:11:24.87.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\User\Desktop\zoek.scr [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-02-18-144623.log 72439 bytes
C:\zoek-results2014-02-18-155939.log 34440 bytes

==== Deleting Files \ Folders ======================

C:\Windows\System32\GroupPolicy\Machine deleted
C:\Windows\System32\GroupPolicy\User deleted

==== C:\zoek_backup content ======================

C:\zoek_backup (files=548 folders=203 22234522 bytes)

==== EOF on Tue 02/18/2014 at 17:12:27.25 ======================


AVAST izveštaj:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-18 17:26:53
-----------------------------
17:26:53.852 OS Version: Windows 6.1.7600
17:26:53.852 Number of processors: 2 586 0x603
17:26:53.852 ComputerName: USER-PC UserName: User
17:26:54.524 Initialize success
17:32:18.547 AVAST engine defs: 14021801
17:32:36.999 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:32:37.009 Disk 0 Vendor: MAXTOR_6L040J2 A93.0500 Size: 38172MB BusType: 3
17:32:37.009 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000006a
17:32:37.019 Disk 1 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 3
17:32:37.149 Disk 1 MBR read successfully
17:32:37.159 Disk 1 MBR scan
17:32:37.179 Disk 1 Windows 7 default MBR code
17:32:37.229 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:32:37.259 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 99899 MB offset 206848
17:32:37.289 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 376939 MB offset 204800000
17:32:37.309 Disk 1 scanning sectors +976771072
17:32:37.399 Disk 1 scanning C:\Windows\system32\drivers
17:32:45.839 Service scanning
17:33:02.701 Modules scanning
17:33:08.221 Disk 1 trace - called modules:
17:33:08.241 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys
17:33:08.241 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86a3f030]
17:33:08.241 3 CLASSPNP.SYS[8c58d59e] -> nt!IofCallDriver -> [0x85b075f8]
17:33:08.261 5 ACPI.sys[8c0283b2] -> nt!IofCallDriver -> \Device\0000006a[0x8686cc78]
17:33:09.141 AVAST engine scan C:\Windows
17:33:11.483 AVAST engine scan C:\Windows\system32
17:35:04.011 AVAST engine scan C:\Windows\system32\drivers
17:35:17.103 AVAST engine scan C:\Users\User
17:39:19.201 AVAST engine scan C:\ProgramData
17:40:28.381 Scan finished successfully
19:24:51.305 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
19:24:51.305 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

U redu, to bi bilo to Smile

Racunar je sada cist od napasti Mr. Green


Obrisi ovaj fajl rucno, posto ga nisi uneo u skriptu

C:\Windows\System32\GroupPolicy\gpt.ini



Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Alat ce ukloniti sve koriscene alate u ovoj temi...
Kada alat završi, otvoriće izvestaj u notepadu.
Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Nije potrebno dostavljati izvestaj.



Pozdrav, vrlo dobro vojnice!!! LOL Ziveli

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 9490
  • Gde živiš: ovalni kabinet

Staraću se gosn... Ziveli

Ko je trenutno na forumu
 

Ukupno su 1053 korisnika na forumu :: 41 registrovanih, 5 sakrivenih i 1007 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, A.R.Chafee.Jr., AleksSE, Andrija357, Arahne, Asparagus, Battlehammer, bokisha253, Boris BM, Brana01, Cassius Clay, comi_pfc, dijica, Dimitrije Paunovic, draganca, Duh sa sekirom, FOX, Georgius, hologram, Ivica1102, JOntra, Kriglord, Kubovac, Leonov, lord sir giga, Luka Blažević, Magistar78, MikeHammer, Milos ZA, Milos82, Misirac, nebkv, opt1, Outis, procesor, raptorsi, stegonosa, VJ, Vlada78, wolf431, Zerajic