Ne radi mi Opera i Firefox browser-i

1

Ne radi mi Opera i Firefox browser-i

offline
  • Pridružio: 10 Okt 2013
  • Poruke: 25

Imam veliki problem i nikako ne znam sta vise da radim i kako da ga resim, pa sam se odlucio da moj problem podelim sa vama, u nadi da cemo ga zajedno resiti i da cete mi pomoci. Naime, kad zelim da udjem u Opera, ili Firefox browser, jednostavno nece ni jednu web stranicu da mi otvori, ne mogu nista da radim, ali bukvalno nista. Molim za vas savet, bilo koga da mi pomogne i kaze sta da radim, ako neko zna, pomozite mi molim vas!!! Embarassed Sad Confused

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Pozdrav,
Isprati ovu temu i postavi nam dva izvestaja formiranih od strane DDS alata.
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 10 Okt 2013
  • Poruke: 25

Napisano: 18 Okt 2013 21:19

Ok, hvala vam puno, ali ne znam sta dalje da radim... Evo tih izvestaja :

mycity.rs/must-login.png
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476
Run by Kosta at 21:09:02 on 2013-10-18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4060.2640 [GMT 2:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.yahoo.com/?.home=yds
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned>
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - LocalServer32 - <no file>
BHO: {377e5d4d-77e5-476a-8716-7e70a9272da0} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
EB: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - <orphaned>
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
uRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
uRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{6058BB49-502A-406F-BD14-07674A046BE2} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: livecall - <Clsid value has no data>
Handler: msnim - <Clsid value has no data>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
x64-Handler: livecall - <Clsid value has no data>
x64-Handler: msnim - <Clsid value has no data>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: WB - <no file>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kosta\AppData\Roaming\Mozilla\Firefox\Profiles\szndmk3t.default\
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-10-18 727592]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-10-18 150256]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-10-12 17720]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-12-29 21104]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2013-10-18 93600]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-10-18 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2013-10-18 76944]
R1 Bfilter;Baidu Antivirus Minifilter Driver;C:\Windows\System32\drivers\Bfilter.sys [2013-9-23 46912]
R1 Bfmon;Baidu FS Monitor Driver;C:\Windows\System32\drivers\Bfmon.sys [2013-9-23 32064]
R1 Bprotect;Baidu Protect;C:\Windows\System32\drivers\Bprotect.sys [2013-9-23 100960]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-10-18 574272]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-10-16 239616]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-10-9 2104968]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-3-13 9216]
R2 hmip;hmip;C:\Windows\System32\drivers\hmip64.sys [2013-10-13 30056]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-12-29 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-10 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-10 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2013-10-18 94624]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-12-29 363800]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [2013-10-18 67320]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-8-24 96768]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-10-18 261056]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-10-18 601360]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-10 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-10-16 883928]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ekrn;ESET Service;"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" --> C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [?]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 bdfwfpf_pc;bdfwfpf_pc;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2013-10-18 121928]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2013-10-18 82824]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-4-9 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-4-9 9800]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-2-21 1432400]
S3 WatAdminSvc;Usluga tehnologije aktivacije operativnog sistema Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-15 1255736]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [2013-10-18 77120]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2013-10-18 17:49:40 757552 ----a-w- C:\ProgramData\1382117756.bdinstall.bin
2013-10-18 17:48:10 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2013-10-18 17:48:03 -------- d-----w- C:\ProgramData\BDLogging
2013-10-18 17:47:50 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys
2013-10-18 17:47:39 93600 ----a-w- C:\Windows\System32\drivers\BdfNdisf6.sys
2013-10-18 17:47:39 82824 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2013-10-18 17:47:39 511328 ----a-w- C:\Windows\capicom.dll
2013-10-18 17:47:32 727592 ----a-w- C:\Windows\System32\drivers\avc3.sys
2013-10-18 17:47:32 601360 ----a-w- C:\Windows\System32\drivers\avckf.sys
2013-10-18 17:47:32 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
2013-10-18 17:40:13 -------- d-----w- C:\Users\Kosta\AppData\Roaming\Bitdefender
2013-10-18 17:39:39 3271472 ---ha-w- C:\bdr-bz01
2013-10-18 17:36:22 150256 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2013-10-18 17:36:21 389240 ----a-w- C:\Windows\System32\drivers\trufos.sys
2013-10-18 17:23:27 -------- d-----w- C:\Users\Kosta\AppData\Local\ElevatedDiagnostics
2013-10-18 16:54:10 268275 ----a-w- C:\ProgramData\1382115169.bdinstall.bin
2013-10-18 16:54:09 -------- d-----w- C:\Program Files\Bitdefender
2013-10-18 16:49:27 59987 ----a-w- C:\ProgramData\1382114954.bdinstall.bin
2013-10-18 16:49:04 270444 ----a-w- C:\ProgramData\1382114862.bdinstall.bin
2013-10-18 16:48:16 -------- d-----w- C:\ProgramData\Bitdefender
2013-10-18 13:50:36 -------- d-----w- C:\Program Files (x86)\RAMRush
2013-10-18 09:16:18 -------- d-----w- C:\ProgramData\Baidu Security
2013-10-18 09:05:44 -------- d-----w- C:\Program Files (x86)\jv16 PowerTools 2014
2013-10-18 08:57:56 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2013-10-16 18:40:24 -------- d-----w- C:\Users\Kosta\AppData\Local\K-Meleon
2013-10-16 17:42:48 108760 ----a-w- C:\Windows\System32\RTNUninst64.dll
2013-10-16 17:42:14 883928 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2013-10-16 17:42:14 74456 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-10-16 17:41:13 1233080 ----a-w- C:\Windows\System32\aticfx64.dll
2013-10-16 17:40:49 9464840 ----a-w- C:\Windows\System32\atidxx64.dll
2013-10-16 17:40:47 142792 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-10-16 17:40:42 571904 ----a-w- C:\Windows\System32\atieclxx.exe
2013-10-16 17:40:41 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-10-16 17:40:39 784384 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-10-14 08:21:38 -------- d-----w- C:\Users\Kosta\AppData\Local\Comodo
2013-10-14 08:21:33 57096 ----a-w- C:\Windows\System32\certsentry.dll
2013-10-14 08:21:33 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
2013-10-14 08:21:26 -------- d-----w- C:\Program Files (x86)\Comodo
2013-10-14 06:56:01 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2013-10-13 20:41:41 30056 ----a-w- C:\Windows\System32\drivers\hmip64.sys
2013-10-13 20:05:45 -------- d-----w- C:\ProgramData\Stardock
2013-10-13 07:51:21 -------- d-----w- C:\ProgramData\LHService
2013-10-13 07:50:12 -------- d-----w- C:\ProgramData\LockHunter
2013-10-12 23:05:23 91114 ----a-w- C:\ProgramData\1381619117.bdinstall.bin
2013-10-12 23:01:37 90883 ----a-w- C:\ProgramData\1381618874.bdinstall.bin
2013-10-12 23:01:14 -------- d-----w- C:\Users\Kosta\AppData\Roaming\QuickScan
2013-10-12 23:00:33 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2013-10-12 23:00:29 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2013-10-12 19:01:38 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2013-10-12 19:01:21 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2013-10-11 21:00:53 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{85D27EA8-49E9-490A-B600-921007BEC9D3}\offreg.dll
2013-10-11 18:51:33 -------- d-----w- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-10-11 18:51:29 -------- d-----w- C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-10-11 08:02:49 26432 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2013-10-11 07:57:09 -------- d-----w- C:\ProgramData\IObit
2013-10-11 07:47:51 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-10-11 07:47:19 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{85D27EA8-49E9-490A-B600-921007BEC9D3}\mpengine.dll
2013-10-10 22:56:53 -------- d-----w- C:\Users\Kosta\AppData\Local\VS Revo Group
2013-10-10 22:56:46 -------- d-----w- C:\ProgramData\VS Revo Group
2013-10-10 22:08:23 40960 ----a-w- C:\Windows\SysWow64\nwsftUninstall.exe
2013-10-10 17:14:41 -------- d-----w- C:\Users\Kosta\AppData\Roaming\SUPERAntiSpyware.com
2013-10-10 17:13:59 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-10-10 17:13:59 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-10-10 09:11:22 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-10 09:11:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-09 13:06:44 -------- d-----w- C:\ProgramData\Readon
2013-10-09 12:35:15 -------- d-----w- C:\Users\Kosta\AppData\Local\HTML Executable
2013-10-09 09:33:12 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-10-09 09:01:40 -------- d-----w- C:\Users\Kosta\AppData\Local\Macromedia
2013-10-09 08:57:53 -------- d-----w- C:\Users\Kosta\AppData\Local\Mozilla
2013-10-09 08:39:46 -------- d-----w- C:\ProgramData\Licenses
2013-10-09 08:12:35 -------- d-----w- C:\Users\Kosta\AppData\Local\Apple Computer
2013-10-09 08:11:51 -------- d-----w- C:\Users\Kosta\AppData\Local\Apple
2013-10-09 07:52:25 -------- d-----w- C:\Users\Kosta\AppData\Roaming\fltk.org
2013-10-09 07:52:25 -------- d-----w- C:\ProgramData\fltk.org
2013-10-09 07:52:18 -------- d-----w- C:\Users\Kosta\AppData\Roaming\flightgear.org
2013-10-08 06:39:46 20 --sha-w- C:\Users\Kosta\AppData\Roaming\App4870.ConfCollection.bin
2013-10-08 05:51:28 24 --sha-w- C:\Users\Kosta\AppData\Roaming\1D959CA221C7573.sys
2013-10-07 06:30:10 -------- d-----w- C:\Program Files\HitmanPro
2013-10-07 06:29:43 -------- d-----w- C:\ProgramData\HitmanPro
2013-10-06 18:59:19 -------- d-----w- C:\Users\Kosta\AppData\Roaming\Malwarebytes
2013-10-06 18:59:08 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-03 12:05:32 -------- d-----w- C:\ProgramData\Steam
2013-10-03 11:20:58 -------- d-----w- C:\Users\Kosta\AppData\Local\Programs
2013-10-03 11:18:41 -------- d-----w- C:\Users\Kosta\AppData\Roaming\DAEMON Tools Lite
2013-10-01 15:54:45 -------- d-----w- C:\ProgramData\AVAST Software
2013-10-01 15:35:53 -------- d-----w- C:\Windows\System32\ljkb
2013-10-01 09:36:34 -------- d-----w- C:\Users\Kosta\AppData\Roaming\GmailNotifierPro
2013-10-01 09:36:34 -------- d-----w- C:\Users\Kosta\AppData\Local\GmailNotifierPro
2013-09-29 19:57:01 -------- d-----w- C:\Users\Kosta\AppData\Local\Opera Software
2013-09-29 19:55:37 -------- d-----w- C:\Users\Kosta\AppData\Roaming\ESET
2013-09-29 19:55:15 -------- d-----w- C:\ProgramData\RealNetworks
2013-09-29 17:49:08 -------- d-----w- C:\Program Files\CCleaner
2013-09-29 12:40:58 -------- d-----w- C:\ProgramData\GlarySoft
2013-09-29 12:03:09 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2013-09-26 20:58:26 -------- d-----w- C:\Users\Kosta\AppData\Roaming\Ashampoo
2013-09-26 20:58:17 -------- d-----w- C:\Users\Kosta\AppData\Local\ashampoo
2013-09-26 20:57:53 -------- d-----w- C:\ProgramData\Ashampoo
2013-09-26 20:57:52 -------- d-----w- C:\Program Files (x86)\Ashampoo
2013-09-23 08:07:23 100960 ----a-w- C:\Windows\System32\drivers\Bprotect.sys
2013-09-23 08:07:22 32064 ----a-w- C:\Windows\System32\drivers\Bfmon.sys
2013-09-23 08:07:21 46912 ----a-w- C:\Windows\System32\drivers\Bfilter.sys
2013-09-23 07:58:27 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-23 07:57:05 -------- d-----w- C:\ProgramData\Nero
2013-09-23 07:13:05 -------- d-----w- C:\Users\Kosta\AppData\Roaming\Baidu Security
2013-09-23 06:11:25 -------- d-sha-r- C:\Winmend~Folder~Hidden
.
==================== Find3M ====================
.
2013-10-18 09:24:25 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-18 09:24:25 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-17 13:17:38 44120 ----a-w- C:\Windows\System32\drivers\EpfwLWF.sys
2013-08-24 15:26:11 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-08-24 15:26:11 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-08-24 14:29:59 57376 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2013-08-24 14:21:12 96768 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2013-08-24 14:21:12 110080 ----a-w- C:\Windows\System32\DelayAPO.dll
2013-08-24 14:03:20 76800 ----a-w- C:\Windows\System32\coinst_12.104.dll
2013-08-24 14:03:19 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-08-24 14:03:19 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2013-08-24 14:03:19 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2013-08-24 14:03:19 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-08-24 14:03:19 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-08-24 14:03:18 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-08-07 02:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-05 09:11:08 24352 ----a-w- C:\Windows\System32\RegBootDefrag.exe
.
============= FINISH: 21:10:53,56 ===============




mycity.rs/must-login.png

Dopuna: 18 Okt 2013 21:27

mycity.rs/must-login.png

Dopuna: 18 Okt 2013 21:36

Ne znam sta da radim i dalje nece da mi otvori ni jednu stranicu na Opera i Firefox browsery, pomagajte molim vas! Sad

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Preuzmite program GMER sa donjeg linka na Desktop:


GMER download
Kliknite dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.



Dvoklikom pokrenite GMER.
Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No;

kliknite Scan i sačekajte da skeniranje bude završeno;

kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1);

kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan;

po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2);

kliknite taster >>> i odaberite Autostart karticu;

po završetku kratkotrajnog skeniranja, kliknite Copy;

otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.




Ivance95 (AMF Tim)

offline
  • Pridružio: 10 Okt 2013
  • Poruke: 25

Napisano: 18 Okt 2013 23:08

Upravo sam zavrsio skeniranje racunara Gmer-om, kako ste upravo i naveli.
Evo sledecih izvestaja :

Dopuna: 18 Okt 2013 23:10

mycity.rs/must-login.png

Dopuna: 18 Okt 2013 23:10

mycity.rs/must-login.png

Dopuna: 18 Okt 2013 23:11

mycity.rs/must-login.png

Dopuna: 18 Okt 2013 23:16

Pozdrav Ivance vama i vasem AMF timu. Molim za vasu pomoc i misljenje, ako mozete da mi pomognete da mogu ponovo da pristupim Operi i Firefox-u, jer ne mogu nikako da ucitam ni jednu jedinu stranicu na tim internet pretrazivacima, zaista ne znam sta vise da radim i koji je uzrok tome da ne mogu pristupiti vise ovim browserima.

Dopuna: 19 Okt 2013 0:12

Ljudi zna li neko zbog cega ne mogu da pristupim Operi i Firefox-u? Nemoguce da niko ne zna, pomozite ako neko zna. Hvala u napred!

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Arrow Ne brini se, biće ti odgovoreno, ali ne dežuramo mi u ambulanti 24/7h.



Arrow Isprati uputstvo sa sledećeg linka i deinstaliraj ostatke ESET antivirusa:
http://kb.eset.com/esetkb/index?page=content&id=soln2289



Arrow Preporučujem ti da deinstaliraš IObit Advanced SystemCare 6, pošto programi tog tipa često naprave više štete, nego koristi.




Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

{02478D38-C3F9-4EFB-9B51-7695ECA05670};c
{3049C3E9-B461-4BC5-8870-4C09146192CA};c
{377e5d4d-77e5-476a-8716-7e70a9272da0};c
{FE69C007-C452-4d3e-86D2-1730DF8BC871};c
{F9E4A054-E9B1-4BC3-83A3-76A1AE736170};c
{EE932B49-D5C0-4D19-A3DA-CE0849258DE6};c
filesrcm;
startupall;
shortcutfix;
resetIEproxy;
netsh int ip reset >> %temp%\log.txt;b
ipconfig /flushdns >> %temp%\log.txt;b
netsh winsock reset >> %temp%\log.txt;b
ping www.google.com >> %temp%\log.txt;b
resethosts;
shortcutfix;
emptyclsid;
autoclean;
emptyalltemp;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • Pridružio: 10 Okt 2013
  • Poruke: 25

Upravo sam ispratio sve ove korake sto ste mi naveli ovde, deinstalirao sam ostatke Eset-a, izbrisao sam kako ste mi i rekli program IObit Advanced SystemCare 6 pro i skenirao sam racunar sa programom zoek.zip .
Na osnovu rezultata koje mi zoek program dostavio, ja vama dostavljam sledeci njegov izvestaj, odnosno rezultate koje mi zoek skenirao :
mycity.rs/must-login.png

Sta dalje treba da radim, da li postoji mogucnost da mi ponovo proradi Opera i Firefox pretrazivaci? Pozdrav, Kosta.






Zoek.exe Version 4.0.0.5 Updated 17-October-2013
Tool run by Kosta on pon 21.10.2013 at 16:43:56,63.
Microsoft Windows 7 Ultimate 6.1.7600 x64
Running in: Normal Mode Internet Access Detected

==== System Restore Info ======================

21.10.2013 16:45:08 System Restore is disabled.
enable_system_restore_reboot;Launched: C:\Users\Kosta\Desktop\zoek.exe [Script inserted] [Checkboxes used]

==== Running Processes ======================

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe

==== System Restore Info ======================

21.10.2013 16:46:05 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758} deleted successfully

==== Installed Programs ======================

æTorrent
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
AIMP3
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Software Update
Ashampoo Burning Studio 2013 v.11.0.5
Bitdefender Total Security
Bonjour
BS.Player FREE
Cabelas Dangerous Hunts 2013
Catalyst Control Center
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Comodo Dragon
Eraser 6.0.10.2620
Euro Truck Simulator 2
Facebook Video Calling 1.2.0.287
Free MP3 Cutter and Editor 2.6
Freemake Video Downloader
Funny Photo Maker 2.2.4
GIMP 2.8.6
GOM Player
Google Chrome
Google Talk Plugin
Google Update Helper
HitmanPro 3.7
Instalirati u My Documents
Intel(R) Management Engine Components
Intelr Trusted Connect Service Client
Java 7 Update 25 (64-bit)
JavaFX 2.2.7 (64-bit)
Junk Mail filter update
K-Lite Codec Pack 9.6.5 (64-bit)
LockHunter 3.0 beta 1, 32/64 bit
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86_x64
Mozilla Firefox 24.0 (x86 sr)
Mozilla Maintenance Service
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
neroxml
Nimbuzz 2.6.0
NirSoft Wireless Network Watcher
Notepad++
Opera Stable 17.0.1241.45
Paint.NET v3.5.10
PDF Settings CC
Photo Common
Photo Editor 1.1
Photoshine 4.0
Picasa 3
Picture Collage Maker Pro 3.2.0
Prerequisite installer
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.95
Safari
SCANIA Truck Driving Simulator 1.0.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Smart Defrag 2
Software Informer 1.1
SpywareBlaster 5.0
SUPERAntiSpyware
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
USB Video Device
VirtualDJ Home FREE
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.8
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wise Folder Hider 1.38
Yahoo Messenger

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Kosta\AppData\Roaming\Mozilla\Firefox\Profiles\d1vnwbpk.default-1382303665618\prefs.js:

Added to C:\Users\Kosta\AppData\Roaming\Mozilla\Firefox\Profiles\d1vnwbpk.default-1382303665618\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Batch Command(s) Run By Tool======================

Reseting Interface, OK!
Restart the computer to complete this action.


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


Pinging google.com [193.105.163.249] with 32 bytes of data:
Reply from 193.105.163.249: bytes=32 time=12ms TTL=60
Reply from 193.105.163.249: bytes=32 time=13ms TTL=60
Reply from 193.105.163.249: bytes=32 time=12ms TTL=60
Reply from 193.105.163.249: bytes=32 time=12ms TTL=60

Ping statistics for 193.105.163.249:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 13ms, Average = 12ms

==== Deleting Files \ Folders ======================


==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) (Build 7600)
Memory (RAM): 4060 MB
CPU Info: Intel(R) Pentium(R) CPU G630T @ 2.30GHz
CPU Speed: 2360,8 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: ATI Radeon HD 5400 Series | ATI Radeon HD 5400 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller #2 | Realtek PCIe GBE Family Controller
CD / DVD Drives: 3x (D: | F: | H: | ) D: TSSTcorpCDDVDW SH-222BB | F: EVSH UBS9I3ODE | H: NYBKHG 16VWLMJKL2JC
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 61,4GB | E: 404,2GB
Hard Disks - Free: C: 26,1GB | E: 95,5GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 07/30/12 | ACRSYS - 1072009
Time Zone: Standard. vreme u Centr. Evropi
Motherboard *: Gigabyte Technology Co., Ltd. H61M-S1
Country: Srbija
Language: SRM

==== System Specs (Software) ======================

Anti-Virus: Bitdefender Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Bitdefender Antispyware disabled (Outdated)
Firewall: Bitdefender Firewall disabled
Default Browser: Firefox 24.0
Internet Explorer Version: 9.0.8112.16421
Mozilla Firefox version: 24.0 (x86 sr)
Opera Browser version: 17.0.1241.45
Google Chrome version: 30.0.1599.101
Adobe Reader version: 11.0.03.37
Sun Java version: 1.7.0_25 (64-bit)
Flash Player version: 11.9.900.117

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2013-10-18 17:47:39 9130CCE19B5DB3D2E31F9F789263FC4A 511328 ----a-w- C:\Windows\capicom.dll
2013-10-16 17:39:38 3BF741BDEAF1E0824A4E3C79936091B4 47164 ----a-w- C:\Windows\atiogl.xml
2013-10-14 06:56:01 815372073DA85B2098A37DED84083C8A 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2013-10-08 06:39:46 1844D91454F91ECB6D5F8183E49ECC29 20 --sha-w- C:\Windows\Win7745.Settings Collection
====== C:\Users\Kosta\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2013-10-16 17:39:39 C4F725A8F87D006AFFA16CA272A6FC83 73216 ----a-w- C:\Windows\SysWOW64\OVDecode.dll
2013-10-16 17:39:38 DCB8DB130A8615615F8B7C96D9036299 97984 ----a-w- C:\Windows\SysWOW64\atiu9pag.dll
2013-10-16 17:39:38 AC53FEAB67DA3F8993A8829C76F412B9 3422720 ----a-w- C:\Windows\SysWOW64\atiumdva.cap
2013-10-16 17:39:38 9A2D6A3407CEADB9D89564FE42556ACA 21400064 ----a-w- C:\Windows\SysWOW64\atioglxx.dll
2013-10-16 17:39:38 8715C9B180C80063A0482759CE7ABD8C 83456 ----a-w- C:\Windows\SysWOW64\OpenVideo.dll
2013-10-16 17:39:38 66AE9848EEBBAAB25CF0814C8986EAB4 96768 ----a-w- C:\Windows\SysWOW64\atigktxx.dll
2013-10-16 17:39:38 4F52A26A76AACE1A90490DAD22D7CE82 69632 ----a-w- C:\Windows\SysWOW64\atiglpxx.dll
2013-10-16 17:39:38 4A966231BE1DB8D34883F85332F125CA 125824 ----a-w- C:\Windows\SysWOW64\atiuxpag.dll
2013-10-16 17:39:38 42A7B6118C4BE98C62C42E630F7B0533 6176008 ----a-w- C:\Windows\SysWOW64\atiumdva.dll
2013-10-16 17:39:38 41115772B900A226A738BDE0E52898D6 6189416 ----a-w- C:\Windows\SysWOW64\atiumdag.dll
2013-10-16 17:39:38 25F8985DA2C3E4D5843A21BD1A175FC0 71704 ----a-w- C:\Windows\SysWOW64\atimpc32.dll
2013-10-16 17:39:38 25F8985DA2C3E4D5843A21BD1A175FC0 71704 ----a-w- C:\Windows\SysWOW64\amdpcom32.dll
2013-10-16 17:39:37 CA096A5A1ABDE44D5089014FD6BF6022 530824 ----a-w- C:\Windows\SysWOW64\atiapfxx.blb
2013-10-16 17:39:37 C9AFBA8B2B96A9EF3BDE2C3753079121 57344 ----a-w- C:\Windows\SysWOW64\OpenCL.dll
2013-10-16 17:39:37 B43C8E3FA2E574BD82E6293289E68C77 1027544 ----a-w- C:\Windows\SysWOW64\aticfx32.dll
2013-10-16 17:39:37 AFD2606A2DF47E00F808627A3A72933D 14302208 ----a-w- C:\Windows\SysWOW64\aticaldd.dll
2013-10-16 17:39:37 AE380BAF844BC288F2F51068450DC867 8215992 ----a-w- C:\Windows\SysWOW64\atidxx32.dll
2013-10-16 17:39:37 7ADEA3BB75F1DBDCFBB088EBC3F2CE1F 52224 ----a-w- C:\Windows\SysWOW64\aticalrt.dll
2013-10-16 17:39:37 035FEAE626149B8ABEA890DC6AF3178B 49152 ----a-w- C:\Windows\SysWOW64\aticalcl.dll
2013-10-16 17:39:37 022819ED1BCBE859CF1F8797C58D0E8B 594944 ----a-w- C:\Windows\SysWOW64\atiadlxy.dll
2013-10-16 17:39:32 5ADF82F503A307C9599D97BD0DD90A2F 23760896 ----a-w- C:\Windows\SysWOW64\amdocl.dll
2013-10-14 08:21:33 E6BB9F8C97B2CCF676227226700800AF 48392 ----a-w- C:\Windows\SysWOW64\certsentry.dll
2013-10-13 20:41:41 FF80A2E10B608ABCC74E1194D58A6231 8952 ----a-w- C:\Windows\SysWOW64\HideMyIpSRV.ini
2013-10-13 20:41:41 6D866A6A34AFBFF642E1E9723BF662C3 4808 ----a-w- C:\Windows\SysWOW64\HideMyIpSRVOff.ini
2013-10-10 22:08:23 591E81D5E8CF862D6F12C2E2E53D87C1 40960 ----a-w- C:\Windows\SysWOW64\nwsftUninstall.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-10-21 14:06:36 DDF2745BC48C2B08F15173B7FEA2D571 5000288 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT
2013-10-18 17:49:25 4E8F2BB3A5A87E75C35533723B50E685 385 ----a-w- C:\Windows\Sysnative\user_gensett.xml
2013-10-18 17:48:10 4DA5DA193E0E4F86F6F8FD43EF25329A 1721576 ----a-w- C:\Windows\Sysnative\WdfCoInstaller01009.dll
2013-10-16 17:42:48 98C7EE3DF39A9EFC8B5D16B0BE5062D6 108760 ----a-w- C:\Windows\Sysnative\RTNUninst64.dll
2013-10-16 17:42:14 C2DFEB39F6D77BFCB7002D89B8EE1E8E 74456 ----a-w- C:\Windows\Sysnative\RtNicProp64.dll
2013-10-16 17:41:13 30C86E3B4705F9D1F5DE75E547C4EF63 1233080 ----a-w- C:\Windows\Sysnative\aticfx64.dll
2013-10-16 17:40:49 867A0C8BD6F65F9C8F75DD4E657E241E 9464840 ----a-w- C:\Windows\Sysnative\atidxx64.dll
2013-10-16 17:40:47 AF52B7F706D0497CD7DCC79EC8C411AA 142792 ----a-w- C:\Windows\Sysnative\atiuxp64.dll
2013-10-16 17:40:42 98B8BFEDF76B64EC9F229005BBE79B02 571904 ----a-w- C:\Windows\Sysnative\atieclxx.exe
2013-10-16 17:40:41 13AE8D986A8D61FBAFAF5CD3F8B3B89C 239616 ----a-w- C:\Windows\Sysnative\atiesrxx.exe
2013-10-16 17:40:39 AE69DD33ABBDE287E90957968C837CCB 784384 ----a-w- C:\Windows\Sysnative\atiadlxx.dll
2013-10-16 17:39:39 CB57E1B39F6A2C1F3E93DDDFB6643985 86528 ----a-w- C:\Windows\Sysnative\OVDecode64.dll
2013-10-16 17:39:39 1DDEDDD2654979D2F3A5EDD0AA51D0CB 98816 ----a-w- C:\Windows\Sysnative\OpenVideo64.dll
2013-10-16 17:39:38 FA7F72BE6897F22ACB8A6E4537AEFFE2 127488 ----a-w- C:\Windows\Sysnative\coinst_13.152.dll
2013-10-16 17:39:38 EB433CBDB66F0450A893931A38E72C94 233652 ----a-w- C:\Windows\Sysnative\ativvaxy_cik.dat
2013-10-16 17:39:38 CEC5BA8613D61BB07B67D3E286FE4651 716208 ----a-w- C:\Windows\Sysnative\atiicdxx.dat
2013-10-16 17:39:38 C9253FBA18CBD93A90F65C2B634D2F3A 3388672 ----a-w- C:\Windows\Sysnative\atiumd6a.cap
2013-10-16 17:39:38 B4F25C6AC80F44673E0B4F16E4410BDD 78432 ----a-w- C:\Windows\Sysnative\atimpc64.dll
2013-10-16 17:39:38 B4F25C6AC80F44673E0B4F16E4410BDD 78432 ----a-w- C:\Windows\Sysnative\amdpcom64.dll
2013-10-16 17:39:38 B1D7014A8872BEBD76ACC2A4F402835B 75264 ----a-w- C:\Windows\Sysnative\atig6pxx.dll
2013-10-16 17:39:38 9F6B4FD65588AE28C3899349092877C2 25387520 ----a-w- C:\Windows\Sysnative\atio6axx.dll
2013-10-16 17:39:38 9EA9233B455742A000E30C0E6FD23232 114488 ----a-w- C:\Windows\Sysnative\atiu9p64.dll
2013-10-16 17:39:38 9957DDA0E211838FE2C0D15DAA751C83 26112 ----a-w- C:\Windows\Sysnative\atimuixx.dll
2013-10-16 17:39:38 9428EE4A10C4AA4B83882EECBDDBDA47 190976 ----a-w- C:\Windows\Sysnative\atitmm64.dll
2013-10-16 17:39:38 93011745847F15FA98E455D3B387B527 6767240 ----a-w- C:\Windows\Sysnative\atiumd6a.dll
2013-10-16 17:39:38 763607790F19656D72299CF826459F44 82336 ----a-w- C:\Windows\Sysnative\ativce02.dat
2013-10-16 17:39:38 6E6A1404D4477D06A0D2ECDDA0E210F3 229376 ----a-w- C:\Windows\Sysnative\clinfo.exe
2013-10-16 17:39:38 69116539A3D5B1A98D5CD471BBA59EED 100352 ----a-w- C:\Windows\Sysnative\atig6txx.dll
2013-10-16 17:39:38 4F52A26A76AACE1A90490DAD22D7CE82 69632 ----a-w- C:\Windows\Sysnative\atiglpxx.dll
2013-10-16 17:39:38 3FD0C93D18DF9E2B86F3AC14DF36DE08 7256496 ----a-w- C:\Windows\Sysnative\atiumd64.dll
2013-10-16 17:39:38 1F2ED09A47CC035A2C05CB5FCA7A4B24 231984 ----a-w- C:\Windows\Sysnative\ativvaxy_cik_nd.dat
2013-10-16 17:39:37 F13C8F29873ACA553436603ED8037358 63488 ----a-w- C:\Windows\Sysnative\OpenCL.dll
2013-10-16 17:39:37 ED08F25A429D9555EE765BED5BADFA4E 442368 ----a-w- C:\Windows\Sysnative\atidemgy.dll
2013-10-16 17:39:37 D53DF6AA7E2207DD95199B561285EA36 62464 ----a-w- C:\Windows\Sysnative\aticalrt64.dll
2013-10-16 17:39:37 CA096A5A1ABDE44D5089014FD6BF6022 530824 ----a-w- C:\Windows\Sysnative\atiapfxx.blb
2013-10-16 17:39:37 B91BBCE6562A46B635A45CCBCAE14B8E 15716352 ----a-w- C:\Windows\Sysnative\aticaldd64.dll
2013-10-16 17:39:37 85E6E1790BF3252D6AB316F466CD1AB0 368640 ----a-w- C:\Windows\Sysnative\atiapfxx.exe
2013-10-16 17:39:37 75DFFF73115644553CF8760CC39F80DD 55808 ----a-w- C:\Windows\Sysnative\aticalcl64.dll
2013-10-16 17:39:34 BC866D0BAA0381F9B02B25E705DE351B 28192256 ----a-w- C:\Windows\Sysnative\amdocl64.dll
2013-10-14 08:21:33 9CDB22EAB44FC064EAE9B30D1AF1ABB2 57096 ----a-w- C:\Windows\Sysnative\certsentry.dll
2013-10-13 20:41:41 6D866A6A34AFBFF642E1E9723BF662C3 4808 ----a-w- C:\Windows\Sysnative\HideMyIpSRVOff.ini
2013-10-12 19:01:38 D4311A326B9C4C7F6AA671273475D9E5 32600 ----a-w- C:\Windows\Sysnative\SmartDefragBootTime.exe
2013-10-11 08:02:49 C76841C1828DEFD238DC4477FE206736 26432 ----a-w- C:\Windows\Sysnative\RegistryDefragBootTime.exe
====== C:\Windows\Sysnative\drivers =====
2013-10-18 17:48:17 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_avchv_01009.Wdf
2013-10-18 17:47:50 50F796CB1E8C80F3D19435CB50C3DAB5 76944 ----a-w- C:\Windows\Sysnative\drivers\bdvedisk.sys
2013-10-18 17:47:39 5B9DECBB17E58AB7C3A41EEF6B216768 82824 ----a-w- C:\Windows\Sysnative\drivers\bdsandbox.sys
2013-10-18 17:47:39 3FAFE12C5D1D4D5F3567E7A0A2F15A7C 93600 ----a-w- C:\Windows\Sysnative\drivers\BdfNdisf6.sys
2013-10-18 17:47:32 E058520EEE9DAC4613D846596FF82D92 727592 ----a-w- C:\Windows\Sysnative\drivers\avc3.sys
2013-10-18 17:47:32 62C4DB41DAEA0FC1F5CB103B023D1068 601360 ----a-w- C:\Windows\Sysnative\drivers\avckf.sys
2013-10-18 17:47:32 3B9549FEF98AB1768A1D6A919F355B70 261056 ----a-w- C:\Windows\Sysnative\drivers\avchv.sys
2013-10-18 17:36:22 0A9D58AABD01DA97B1D101473EFA7659 150256 ----a-w- C:\Windows\Sysnative\drivers\gzflt.sys
2013-10-18 17:36:21 325A512F98BEB97B1FFBE88927B8090D 389240 ----a-w- C:\Windows\Sysnative\drivers\trufos.sys
2013-10-16 17:42:14 EF91E0806C01806C3CF62AF006901127 883928 ----a-w- C:\Windows\Sysnative\drivers\Rt64win7.sys
2013-10-16 17:39:38 4DD3339D3818356145A4945C1B4CB4C5 618496 ----a-w- C:\Windows\Sysnative\drivers\atikmpag.sys
2013-10-16 17:39:38 1BF58E56CA271FEF678DC3A9996FAB0A 12528640 ----a-w- C:\Windows\Sysnative\drivers\atikmdag.sys
2013-10-16 17:39:37 0C9F21247AED87C2944ECD96307DD1A1 43520 ----a-w- C:\Windows\Sysnative\drivers\ati2erec.dll
2013-10-13 20:41:41 D32A664F2F0F396511D0403142C4C80B 30056 ----a-w- C:\Windows\Sysnative\drivers\hmip64.sys
2013-10-12 19:01:21 DD0443BC6CC78A19FD399817F8C51401 17720 ----a-w- C:\Windows\Sysnative\drivers\SmartDefragDriver.sys
2013-10-10 09:11:22 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2013-09-23 08:07:23 74BCFC58870CD29DBF038C9BB87E2160 100960 ----a-w- C:\Windows\Sysnative\drivers\Bprotect.sys
2013-09-23 08:07:22 45F5D8BBAEF6AFAB8EA99AA8209DFBB4 32064 ----a-w- C:\Windows\Sysnative\drivers\Bfmon.sys
2013-09-23 08:07:21 ABFE13AC1B3F603B2ED1DAF8ECB227B2 46912 ----a-w- C:\Windows\Sysnative\drivers\Bfilter.sys
====== C:\Windows\Tasks ======
2013-10-19 07:32:54 -------- d-----w- C:\Windows\Sysnative\Tasks\Apple
2013-10-12 19:06:42 56740B13A99BC182FC4BF2A3F9EA5A34 3496 ----a-w- C:\Windows\Sysnative\Tasks\SmartDefrag_Schedule
2013-10-12 19:01:38 A7470A9522F4FD334146CB3530AF727D 3164 ----a-w- C:\Windows\Sysnative\Tasks\SmartDefragUpdate
2013-10-11 20:56:17 9D0E398571112BA1319753890B2A21B4 3160 ----a-w- C:\Windows\Sysnative\Tasks\Game_Booster_AutoUpdate
2013-10-11 19:33:37 !HASH: COULD NOT OPEN FILE !!!!! 284 ----a-w- C:\Windows\Tasks\Driver Booster Update.job
2013-10-10 17:17:45 03F90E751CF83E5C81CD566758EFD434 3584 ----a-w- C:\Windows\Sysnative\Tasks\SUPERAntiSpyware Scheduled Task becf1ce1-1c34-41a8-a22d-6343f361de9b
2013-10-10 17:17:45 !HASH: COULD NOT OPEN FILE !!!!! 510 ----a-w- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task becf1ce1-1c34-41a8-a22d-6343f361de9b.job
2013-10-10 17:17:44 4F50B9F91F6CE5662684B992EF926167 3510 ----a-w- C:\Windows\Sysnative\Tasks\SUPERAntiSpyware Scheduled Task 41209bf2-f984-4b6e-9c39-0c574cf94e41
2013-10-10 17:17:44 !HASH: COULD NOT OPEN FILE !!!!! 510 ----a-w- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 41209bf2-f984-4b6e-9c39-0c574cf94e41.job
2013-10-09 16:53:53 EA6A7177D37CA27600B4FA340ED5C980 3894 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA1cec51022de3734
2013-10-09 16:53:53 !HASH: COULD NOT OPEN FILE !!!!! 898 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec51022de3734.job
2013-10-09 09:33:13 -------- d-----w- C:\Windows\Sysnative\Tasks\Safer-Networking
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-10-19 07:32:59 -------- d-----w- C:\Program Files\Bonjour
2013-10-18 16:54:09 -------- d-----w- C:\Program Files\Bitdefender
2013-10-12 23:00:33 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2013-10-10 17:13:59 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-10-07 06:30:10 -------- d-----w- C:\Program Files\HitmanPro
======= C:\PROGRA~2 =====
2013-10-19 07:34:34 -------- d-----w- C:\PROGRA~2\Safari
2013-10-19 07:32:59 -------- d-----w- C:\PROGRA~2\Bonjour
2013-10-19 07:32:49 -------- d-----w- C:\PROGRA~2\Apple Software Update
2013-10-18 17:11:57 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service
2013-10-18 17:10:25 -------- d-----w- C:\PROGRA~2\Opera
2013-10-18 13:50:36 -------- d-----w- C:\PROGRA~2\RAMRush
2013-10-18 08:57:56 -------- d-----w- C:\PROGRA~2\SpywareBlaster
2013-10-14 08:21:26 -------- d-----w- C:\PROGRA~2\Comodo
2013-10-12 23:00:29 -------- d-----w- C:\PROGRA~2\COMMON~1\Bitdefender
2013-09-26 20:57:52 -------- d-----w- C:\PROGRA~2\Ashampoo
======= C: =====
2013-10-18 17:48:45 5C99FF7B1152F662AFCE7AA8D4E96B51 684 ---ha-w- C:\bdr-cf01
2013-10-18 17:39:39 C7FD70F69C7792256EED17FBDD83484F 3271472 ---ha-w- C:\bdr-bz01
2013-10-18 17:39:39 0F6AA65A6E1037C915DD38A8109ACAFE 9216 ---ha-w- C:\bdr-ld01.mbr
2013-10-18 17:39:38 8E83A0EAB3AD8599EA4CC21F18564B2D 253404 ---ha-w- C:\bdr-ld01
2013-10-18 17:39:38 730AC2A2406262038A06DC6AAB295A46 46879860 ---ha-w- C:\bdr-im01.gz
====== C:\Users\Kosta\AppData\Roaming ======
2013-10-21 14:18:02 6A4F90D7B10489631913E0DF0E9464EE 69880 ----a-w- C:\Users\Kosta\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-19 10:37:07 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Locallow\COMODO
2013-10-18 17:49:44 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Bitdefender
2013-10-18 17:49:14 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\QuickScan
2013-10-18 17:40:13 -------- d-----w- C:\Users\Kosta\AppData\Roaming\Bitdefender
2013-10-16 18:40:24 -------- d-----w- C:\Users\Kosta\AppData\Local\K-Meleon
2013-10-14 16:29:29 -------- d-----w- C:\Users\Kosta\AppData\Locallow\COMODO
2013-10-14 08:29:16 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Comodo
2013-10-14 08:29:10 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Locallow\COMODO
2013-10-14 08:21:38 -------- d-----w- C:\Users\Kosta\AppData\Local\Comodo
2013-10-12 23:01:14 -------- d-----w- C:\Users\Kosta\AppData\Roaming\QuickScan
2013-10-11 16:23:00 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\IObit
2013-10-11 07:57:10 -------- d-----w- C:\Users\Kosta\AppData\Locallow\IObit
2013-10-10 22:56:53 -------- d-----w- C:\Users\Kosta\AppData\Local\VS Revo Group
2013-10-10 20:27:39 868DD004FBA0D11D12BF9CAC5A79B639 700 --sha-w- C:\Users\Kosta\AppData\Local\systemFL7.dat
2013-10-10 17:14:41 -------- d-----w- C:\Users\Kosta\AppData\Roaming\SUPERAntiSpyware.com
2013-10-09 12:35:15 -------- d-----w- C:\Users\Kosta\AppData\Local\HTML Executable
2013-10-09 08:57:53 -------- d-----w- C:\Users\Kosta\AppData\Local\Mozilla
2013-10-09 08:12:35 -------- d-----w- C:\Users\Kosta\AppData\Roaming\Apple Computer
2013-10-09 08:12:35 -------- d-----w- C:\Users\Kosta\AppData\Local\Apple Computer
2013-10-09 08:11:51 -------- d-----w- C:\Users\Kosta\AppData\Local\Apple
2013-10-09 07:52:25 -------- d-----w- C:\Users\Kosta\AppData\Roaming\fltk.org
2013-10-09 07:52:18 -------- d-----w- C:\Users\Kosta\AppData\Roaming\flightgear.org
2013-10-08 06:39:46 1844D91454F91ECB6D5F8183E49ECC29 20 --sha-w- C:\Users\Kosta\AppData\Roaming\App4870.ConfCollection.bin
2013-10-08 05:51:28 9394C52D35F51B96EE731A92399BB42E 24 --sha-w- C:\Users\Kosta\AppData\Roaming\System5908ConfigCollection.dat
2013-10-08 05:51:28 9394C52D35F51B96EE731A92399BB42E 24 --sha-w- C:\Users\Kosta\AppData\Roaming\1D959CA221C7573.sys
2013-10-03 12:02:29 -------- d-----w- C:\Users\TEMP.Kosta-PC\AppData\Roaming\Identities
2013-10-03 12:02:25 -------- d-----w- C:\Users\TEMP.Kosta-PC\AppData\Local\VirtualStore
2013-10-03 12:02:18 -------- d-s---w- C:\Users\TEMP.Kosta-PC\AppData\Roaming\Microsoft
2013-10-03 12:02:18 -------- d-----w- C:\Users\TEMP.Kosta-PC\AppData\Local\Temp
2013-10-03 12:02:18 -------- d-----w- C:\Users\TEMP.Kosta-PC\AppData\Local\Microsoft
2013-10-03 12:02:18 -------- d-----r- C:\Users\TEMP.Kosta-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-03 12:02:18 -------- d-----r- C:\Users\TEMP.Kosta-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-03 11:20:58 -------- d-----w- C:\Users\Kosta\AppData\Local\Programs
2013-10-03 11:18:41 -------- d-----w- C:\Users\Kosta\AppData\Roaming\DAEMON Tools Lite
2013-10-01 15:35:54 CD7ADF45DD4E48BCC594C867985E8CF4 8220 ----a-w- C:\Users\Kosta\AppData\Locallow\SkwConfig.bin
2013-10-01 14:20:10 -------- d-----w- C:\Users\TEMP\AppData\Local\VirtualStore
2013-10-01 14:20:08 -------- d-----w- C:\Users\TEMP\AppData\Local\Temp
2013-10-01 14:20:07 -------- d-----w- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-01 14:20:07 -------- d-----w- C:\Users\TEMP\AppData\Roaming\Microsoft
2013-10-01 14:20:07 -------- d-----w- C:\Users\TEMP\AppData\Local\Microsoft
2013-10-01 12:11:17 -------- d-----w- C:\Users\Kosta\AppData\Roaming\ATI
2013-10-01 09:36:34 -------- d-----w- C:\Users\Kosta\AppData\Roaming\GmailNotifierPro
2013-10-01 09:36:34 -------- d-----w- C:\Users\Kosta\AppData\Local\GmailNotifierPro
2013-09-29 19:57:01 -------- d-----w- C:\Users\Kosta\AppData\Local\Opera Software
2013-09-29 19:55:37 -------- d-----w- C:\Users\Kosta\AppData\Roaming\ESET
2013-09-29 13:11:49 -------- d-----w- C:\Users\Kosta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike
2013-09-26 20:58:26 -------- d-----w- C:\Users\Kosta\AppData\Roaming\Ashampoo
2013-09-26 20:58:17 -------- d-----w- C:\Users\Kosta\AppData\Local\ashampoo
====== C:\Users\Kosta ======
2013-10-21 14:00:40 428DF8FDB9BFDCCFAC86311C00E04A75 663552 ----a-w- C:\Users\Kosta\Desktop\ESETUninstaller.exe
2013-10-19 07:51:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-10-18 19:09:02 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-18 17:49:40 51E55DCB4BF7808B9B23144D9FFFB759 757552 ----a-w- C:\ProgramData\1382117756.bdinstall.bin
2013-10-18 17:48:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender
2013-10-18 16:54:10 17F865127D61E7E51335E6BC42F2CE7A 268275 ----a-w- C:\ProgramData\1382115169.bdinstall.bin
2013-10-18 16:49:27 679BFBFA8F768200523020F5DFA984FE 59987 ----a-w- C:\ProgramData\1382114954.bdinstall.bin
2013-10-18 16:49:04 7443B928732295851BA58684527C05D0 270444 ----a-w- C:\ProgramData\1382114862.bdinstall.bin
2013-10-18 16:48:16 -------- d-----w- C:\ProgramData\Bitdefender
2013-10-18 13:50:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAMRush
2013-10-18 10:07:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
2013-10-18 08:57:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2013-10-16 18:51:10 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-14 08:21:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2013-10-13 20:05:45 -------- d-----w- C:\ProgramData\Stardock
2013-10-13 07:51:21 -------- d-----w- C:\ProgramData\LHService
2013-10-13 07:50:12 -------- d-----w- C:\ProgramData\LockHunter
2013-10-12 23:05:23 7D47AB1A89C8EE6C67059F30B34B9772 91114 ----a-w- C:\ProgramData\1381619117.bdinstall.bin
2013-10-12 23:01:37 DB1C0F7050EAAE113746394F948B2F27 90883 ----a-w- C:\ProgramData\1381618874.bdinstall.bin
2013-10-12 17:11:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
2013-10-11 18:51:33 -------- d-----w- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-10-11 18:51:29 -------- d-----w- C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-10-11 18:05:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2013-10-11 07:57:09 -------- d-----w- C:\ProgramData\IObit
2013-10-10 22:56:46 -------- d-----w- C:\ProgramData\VS Revo Group
2013-10-10 17:13:59 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-10-09 13:06:44 -------- d-----w- C:\ProgramData\Readon
2013-10-09 10:12:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2013-10-09 08:57:01 -------- d-----w- C:\ProgramData\Mozilla
2013-10-09 08:39:46 -------- d---a-w- C:\ProgramData\TEMP
2013-10-09 08:39:46 -------- d-----w- C:\ProgramData\Licenses
2013-10-09 08:12:10 -------- d-----w- C:\ProgramData\Apple Computer
2013-10-09 08:11:49 -------- d-----w- C:\ProgramData\Apple
2013-10-09 07:52:25 -------- d-----w- C:\ProgramData\fltk.org
2013-10-07 06:42:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2013-10-07 06:29:43 -------- d-----w- C:\ProgramData\HitmanPro
2013-10-03 12:05:32 -------- d-----w- C:\ProgramData\Steam
2013-10-03 12:02:27 -------- d-----r- C:\Users\TEMP.Kosta-PC\Contacts
2013-10-03 12:02:23 -------- d-----r- C:\Users\TEMP.Kosta-PC\Favorites
2013-10-03 12:02:22 -------- d-----r- C:\Users\TEMP.Kosta-PC\Desktop
2013-10-03 12:02:18 6FC234AD3752E1267B34FB12BCD6718B 20 --sha-w- C:\Users\TEMP.Kosta-PC\ntuser.ini
2013-10-03 12:02:17 -------- d--h--w- C:\Users\TEMP.Kosta-PC\AppData
2013-10-01 14:20:09 -------- d-----r- C:\Users\TEMP\Desktop
2013-10-01 14:20:07 -------- d--h--w- C:\Users\TEMP\AppData
2013-09-29 19:55:15 -------- d-----w- C:\ProgramData\RealNetworks
2013-09-29 13:50:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
2013-09-29 12:40:58 -------- d-----w- C:\ProgramData\GlarySoft
2013-09-29 12:03:09 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2013-09-27 10:50:46 -------- d-----w- C:\ProgramData\ATI
2013-09-26 20:58:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2013-09-26 20:57:53 -------- d-----w- C:\ProgramData\Ashampoo
2013-09-23 08:00:00 -------- d-----w- C:\ProgramData\Adobe
2013-09-23 07:58:02 -------- d-----w- C:\ProgramData\Real
2013-09-23 07:57:05 -------- d-----w- C:\ProgramData\Nero

====== C: exe-files ==
2013-10-21 14:00:40 428DF8FDB9BFDCCFAC86311C00E04A75 663552 ----a-w- C:\Users\Kosta\Desktop\ESETUninstaller.exe
2013-10-19 23:23:03 83222011A8E012545AF7DCC1E9D1ADB0 106368 ----a-w- C:\Users\Kosta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_1\MSIExecWatcher.exe
2013-10-19 07:52:24 83222011A8E012545AF7DCC1E9D1ADB0 106368 ----a-w- C:\Users\Kosta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\MSIExecWatcher.exe
2013-10-18 17:52:48 61C66909F352D006FC4858CADABB0291 1041176 ----a-w- C:\Program Files\Bitdefender\Bitdefender\bdtpwiz.exe
2013-10-18 17:52:47 EF6A374406EB599143431304B843794C 305256 ----a-w- C:\Program Files\Bitdefender\Bitdefender\wscfix.exe
2013-10-18 17:52:44 2BC6709227FE0F82CF7A8E74D912E7E2 799120 ----a-w- C:\Program Files\Bitdefender\Bitdefender\odsw.exe
2013-10-18 17:52:42 A6CC7575A4ADD6B55367DD5C1652D5D0 1506736 ----a-w- C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
2013-10-18 17:52:40 721C804BE44C4D0005B57ABBCEFB85DF 570472 ----a-w- C:\Program Files\Bitdefender\Bitdefender\bdwizreg.exe
2013-10-18 17:52:39 077541A539C9454FA2077D0EBE1FD93D 621448 ----a-w- C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
2013-10-18 17:52:34 422638DB3C933C872714A6276ED6759D 1004608 ----a-w- C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe
2013-10-18 17:52:33 33FC9E8AAAE3F5B72B99DE76FEFCDCA2 277416 ----a-w- C:\Program Files\Bitdefender\Bitdefender\savesettings.exe
2013-10-18 17:52:31 48956EAF371D7B4C1952B6A63BC54411 2547024 ----a-w- C:\Program Files\Bitdefender\Bitdefender\antispam32\obk.exe
2013-10-18 17:52:28 6394612D49ED3F4468CC18947814DAC0 230048 ----a-w- C:\Program Files\Bitdefender\Bitdefender\antispam32\obkagent.exe
2013-10-18 17:52:27 52D4764C8A901646B309DD1B24C45E14 359840 ----a-w- C:\Program Files\Bitdefender\Bitdefender\bdreinit.exe
2013-10-18 17:52:24 E64D3B5EA0F4CE44E73BDA3647315A6B 649776 ----a-w- C:\Program Files\Bitdefender\Bitdefender\integratedsupport.exe
2013-10-18 17:52:23 6A5CD00B248AF6722D9251FAD27AA881 798072 ----a-w- C:\Program Files\Bitdefender\Bitdefender\bdsubwiz.exe
2013-10-18 17:52:22 6C5A8E7D08B6C3080F0DA094B9CFF514 110568 ----a-w- C:\Program Files\Bitdefender\Bitdefender\bdparentalsystray.exe
2013-10-18 17:52:18 A7995C058F32F3D298CACE3C2B51EA18 1738968 ----a-w- C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
2013-10-18 17:52:15 CC05A5105FCF534EAA2915F176A7A57B 20992 ----a-w- C:\Program Files\Bitdefender\Bitdefender\mitm_install_tool.exe
2013-10-18 17:52:14 612AACDDFF7EF81375927C2D7E4E810C 67320 ----a-w- C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
2013-10-18 17:52:11 6F9685A5159C189738FBBFF4F71B7602 294384 ----a-w- C:\Program Files\Bitdefender\Bitdefender\antispam32\bdreinit.exe
2013-10-18 17:52:11 137FDC5871175D774DA8F006DFF5BFDE 1362512 ----a-w- C:\Program Files\Bitdefender\Bitdefender\seccenter.exe
2013-10-18 17:52:08 EDEAACCD2E6DD6B48ACFFCDBE2FD53C8 693536 ----a-w- C:\Program Files\Bitdefender\Bitdefender\pwdmanwiz.exe
2013-10-18 17:52:07 4AD735D835601AEF3A8AC7196765D0B5 211496 ----a-w- C:\Program Files\Bitdefender\Bitdefender\bdparentalregui.exe
2013-10-18 17:47:59 4B5CEB05EF8D39EB006FD7251E8E7FF4 262536 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\localization_safebox.exe
2013-10-18 17:47:59 285D8E7CAAF9A421DEF33B0E710714B2 1532328 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\bdts_localization.exe
2013-10-18 17:47:56 FF25539D559E3085DE25D520EB2AF63C 1006600 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\bdis_localization.exe
2013-10-18 17:47:54 F581EFC2C9BACC27C83D815E3647CAF9 3955304 ----a-w- C:\Program Files\Bitdefender\Bitdefender\support.exe
2013-10-18 17:47:54 E228C336F195FA629D00B02F9FFC5667 94624 ----a-w- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
2013-10-18 17:47:54 2B5F21A6F60CF2F8E14FF6B482E74AA3 2012016 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\bdts_winxp_winvista_win7_safebox.exe
2013-10-18 17:47:50 E704D3B61601848AC179CCBA68F79C1D 2340264 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\bdts_winxp_winvista_win7_programfilesfolder.exe
2013-10-18 17:47:50 B07B182ABA1DC4C6123101690E1337E1 21504 ----a-w- C:\Program Files\Bitdefender\Bitdefender\atkblayout.exe
2013-10-18 17:47:50 7583D93E6449096FEB573F6B97BF41C4 783664 ----a-w- C:\Program Files\Bitdefender\Bitdefender\antispam32\bdfvcl.exe
2013-10-18 17:47:50 6854B5B366DBCC7175D41C3D906ED57C 757384 ----a-w- C:\Program Files\Bitdefender\Bitdefender\bdfvcl.exe
2013-10-18 17:47:50 32D2620CC7A133D5A25CDF6AABAFA74F 43136 ----a-w- C:\Program Files\Bitdefender\Bitdefender\nativeauth.exe
2013-10-18 17:47:46 F06F367672FC33ED66BB674B4F1D34CD 77120 ----a-w- C:\Program Files\Bitdefender\Bitdefender\lspregistration.exe
2013-10-18 17:47:46 582ABF267A00A066D08DAD72DB0B3283 24608 ----a-w- C:\Program Files\Bitdefender\Bitdefender\mitm_install_tool_pc.exe
2013-10-18 17:47:46 51BA0A715C96561DA37E42C2AAD9C65B 77120 ----a-w- C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe
2013-10-18 17:47:45 B19AC56DD9263B6DE9039DA1B9593FF5 7306976 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\bdis_winxp_winvista_win7_programfilesfolder.exe
2013-10-18 17:47:39 D4CA12AB615F99BC1A934E4CAA5B05A9 26704 ----a-w- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\snetcfg.exe
2013-10-18 17:47:39 914C0436D373C4D1CB64B342F7FA0BF4 146864 ----a-w- C:\Program Files\Bitdefender\Bitdefender\support\tools\sysdump.exe
2013-10-18 17:47:39 7CB97D0037B2C732D7B82DAD719DB19B 510208 ----a-w- C:\Program Files\Bitdefender\Bitdefender\supporttool.exe
2013-10-18 17:47:39 57747F80FF29E1C9FB2D244C7A4A1DE2 23552 ----a-w- C:\Program Files\Bitdefender\Bitdefender\st_launcher.exe
2013-10-18 17:47:36 A2C1A0D3272491CB1BAFEA6F5DEB1200 564256 ----a-w- C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
2013-10-18 17:47:36 36AFC08FC79337C92B87930BC1EC1F94 52304 ----a-w- C:\Program Files\Bitdefender\Bitdefender\signcheck.exe
2013-10-18 17:47:35 7E78EDA033B4B53146AC22CA326CD81B 545728 ----a-w- C:\Program Files\Bitdefender\Bitdefender\odslv.exe
2013-10-18 17:47:35 7DFF29576F0F53076BC5F6669B60C5B5 911408 ----a-w- C:\Program Files\Bitdefender\Bitdefender\odscanui.exe
2013-10-18 17:47:34 B99590A98A6940D15D1912AFEBCC3159 312008 ----a-w- C:\Program Files\Bitdefender\Bitdefender\installer\installer.exe
2013-10-18 17:47:34 81AD0FBBFD30D9A4EE837D87699733C4 1140056 ----a-w- C:\Program Files\Bitdefender\Bitdefender\installer\genptch.exe
2013-10-18 17:47:33 CCB47AE36F9575EDEA3CA61D958F4A14 71976 ----a-w- C:\Program Files\Bitdefender\Bitdefender\bdsandbox_svchost.exe
2013-10-18 17:47:33 AFBA62AC00E882C127A76ED696A6EC00 412960 ----a-w- C:\Program Files\Bitdefender\Bitdefender\downloader.exe
2013-10-18 17:47:33 AE379A884558C2099BF8735ED3877277 205816 ----a-w- C:\Program Files\Bitdefender\Bitdefender\bdsurvey.exe
2013-10-18 17:47:33 A669BC098B98A53B5B75607880EC8B13 26112 ----a-w- C:\Program Files\Bitdefender\Bitdefender\cleanielow.exe
2013-10-18 17:47:33 46BE16E2A0D11915970D4202C409ED88 132192 ----a-w- C:\Program Files\Bitdefender\Bitdefender\certutil.exe
2013-10-18 17:47:33 27A1A4EF30E06CBF2B197781BD44453A 168760 ----a-w- C:\Program Files\Bitdefender\Bitdefender\ejectcdtray.exe
2013-10-18 17:47:33 08AD51F5CCC9D76ABEFAC040405EAF51 24576 ----a-w- C:\Program Files\Bitdefender\Bitdefender\bdtkexec.exe
2013-10-18 17:47:32 DDBEB5A63069A133BCDD5E148BBAD3CF 78144 ----a-w- C:\Program Files\Bitdefender\Bitdefender\avchvinst.exe
2013-10-18 17:47:32 67B641B0141C3ED01FC5CA12D41FD35A 24064 ----a-w- C:\Program Files\Bitdefender\Bitdefender\avinfo.exe
2013-10-18 17:47:32 4E8CE4476B26C253DC52D0CE60402B7B 1063336 ----a-w- C:\Program Files\Bitdefender\Bitdefender\bdfvwiz.exe
2013-10-18 17:47:32 37C1A2839A630D41596AD74299646322 476736 ----a-w- C:\Program Files\Bitdefender\Bitdefender\antispam32\obkch.exe
2013-10-18 17:47:31 C790289195FFE356D34F1300E91DC054 343272 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\bdis_winxp_winvista_win7_commonfilesfolder.exe
2013-10-18 17:47:30 DB86A9A856E5FE747EA336ED333140FA 25120 ----a-w- C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe
2013-10-18 17:47:30 BA9072B0FDAB8E98473F869A1D3C32E0 138456 ----a-w- C:\Program Files\Bitdefender\Bitdefender\bdaddmtask.exe
2013-10-18 17:47:30 B8AF9F0424F32BF856547FE1432E2C56 71248 ----a-w- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\setloadorder.exe
2013-10-18 17:47:30 8E09D77D29D5EAD14B2C030D2CFC52D6 797560 ----a-w- C:\Program Files\Bitdefender\Bitdefender\antispam32\bdsubwiz.exe
2013-10-18 17:47:30 8D96FE9EB7C90FABD12104D93B74AFA4 317376 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\bdis_winvista_win7_commonfilesfolder.exe
2013-10-18 17:47:30 87B59F553363516B5BC59A21D1EE535F 539560 ----a-w- C:\Program Files\Bitdefender\Bitdefender\about.exe
2013-10-18 17:47:30 40AE67FF0E16D4AF1E58449938131F2B 50768 ----a-w- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\deloeminfs.exe
2013-10-18 17:47:30 115DE7C191E0DEBA0CB8543FDD975BAD 73296 ----a-w- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\driverctrl.exe
2013-10-18 17:47:29 71937A01231B9F19D19BBE23D54D81B4 33876712 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\parental.exe
2013-10-18 17:46:27 1F7C3080B54B9801EED4E9F4DEBCF169 262272 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\localization_appdata.exe
2013-10-18 17:46:26 968EF1B93407732121D1142DEF9228EE 5946584 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\bdav_localization.exe
2013-10-18 17:46:15 92F7C3F9AA6499BE32A20F7E3B38B403 416272 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\bdav_winxp_winvista_win7_systemfolder.exe
2013-10-18 17:46:14 CB506813ADAAB56E4293233394783AF7 302472 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\bdav_winxp_winvista_win7_system32.exe
2013-10-18 17:46:13 1A0E5322DC1C8696462C604AFE368D87 58582736 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\bdav_winxp_winvista_win7_programfilesfolder.exe
2013-10-18 17:44:23 55393C5BFD61316035F24CCF5D017C6D 519376 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\bdav_winxp_winvista_win7_commonfilesfolder.exe
2013-10-18 17:44:22 5DECF2CDF775F4B1F3DDC8629AAF4772 394800 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\bdav_winvista_win7_programfilesfolder.exe
2013-10-18 17:44:21 047454FC0E4AA4B4C31B8A4E7EE4F34A 5022056 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\bdav_win7_commonfilesfolder.exe
2013-10-18 17:44:11 2F585A4648F28E61BAC638C5BEBF985E 596760 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\antiphishing.exe
2013-10-18 17:44:09 A3360AA6F99C4E5AFA5A94FF0B301AA8 175356048 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\pluginsx64.exe
2013-10-18 17:39:38 4F7582F70205CE911E526DF2FD174533 70440 ----a-w- C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\bdrescue\bdrinstall.exe
2013-10-18 17:38:45 B2653578BFC38E4275A06047A3BE5812 56635776 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\bdrescue.exe
2013-10-18 17:36:59 5F7856850140293766FC53A15246B9AD 50328 ----a-w- C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\gc.exe
2013-10-18 17:36:59 214DF44AC40F112B9FE4B3050B0DC09B 16893424 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\threatscanner.exe
2013-10-18 17:35:54 E8AF847D8FEFC5721C80AD52E2935D19 676568 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe
2013-10-18 17:35:53 CD94E7DDC8D52E4DC453CE97076E3881 568400 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\installer.exe
2013-10-18 17:12:01 AEFBD718AF1AABE7820053650C2E2F08 106212 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
2013-10-18 17:11:57 0329A45C849C9D77901094B8FFE8BBB9 118680 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
2013-10-18 17:10:25 F7818D063FBC3890843083F5BA908B27 1598304 ----a-w- C:\Program Files (x86)\Opera\launcher.exe
2013-10-18 17:10:25 CC71B7F948CB429C0A831405D8CAF8CE 73568 ----a-w- C:\Program Files (x86)\Opera\17.0.1241.45\wow_helper.exe
2013-10-18 17:10:25 3FBD83086F3769B13DAD5302CDD53021 42239840 ----a-w- C:\Program Files (x86)\Opera\17.0.1241.45\opera.exe
2013-10-18 17:10:25 31B8E19430BBC188E56FD23AAF4DA42A 1384288 ----a-w- C:\Program Files (x86)\Opera\17.0.1241.45\opera_crashreporter.exe
2013-10-18 17:10:25 0902C622D1A5126513C49DA97B6E7D2D 2423648 ----a-w- C:\Program Files (x86)\Opera\17.0.1241.45\opera_autoupdate.exe
2013-10-18 16:46:57 E8AF847D8FEFC5721C80AD52E2935D19 676568 ----a-w- C:\Program Files (x86)\Common Files\Bitdefender\setupinformation\setuplauncher.exe
2013-10-18 16:46:57 51D6B456D7F4D1AC4CBAA39B9FCAC908 751704 ----a-w- C:\Program Files (x86)\Common Files\Bitdefender\setupinformation\setupdownloader.exe
2013-10-18 13:50:36 9ACE6026E72C923331B0FE6095EE6450 670720 ----a-w- C:\Program Files (x86)\RAMRush\RAMRush.exe
2013-10-18 13:50:36 45BE0ECA502AFD29F741CCD6B502F634 678682 ----a-w- C:\Program Files (x86)\RAMRush\unins000.exe
2013-10-18 08:57:57 BE2EE9C219B016AEC95F604FBFFEE171 2115192 ----a-w- C:\Program Files (x86)\SpywareBlaster\sbautoupdate.exe
2013-10-18 08:57:57 0EED9CD892F88435BFD1AE41EF6ED60D 119976 ----a-w- C:\Program Files (x86)\SpywareBlaster\sburlhelper.exe
2013-10-18 08:57:56 AE13FB6BD8086465217F6A063EC3FCC3 715038 ----a-w- C:\Program Files (x86)\SpywareBlaster\unins000.exe
2013-10-18 08:57:56 1BE8001D5C4EEE56A97980CD6987EB40 2557544 ----a-w- C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe
2013-10-16 17:10:17 1DB5B92E54BA5E4976995B6BE4B0BB81 34615136 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\30.0.1599.101\30.0.1599.101_chrome_installer.exe
=== C: other files ==
2013-10-19 21:30:17 0F96106BC1A6E4C4F0B10800216FBD68 651610 ----a-w- C:\Users\Kosta\AppData\Roaming\Opera Software\Opera Stable\dictionaries\sr.zip
2013-10-18 17:47:50 50F796CB1E8C80F3D19435CB50C3DAB5 76944 ----a-w- C:\Program Files\Bitdefender\Bitdefender\bdvedisk.sys
2013-10-18 17:47:39 C0247341C1BCD7FF2742821D0AD7AFBC 121928 ----a-w- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys
2013-10-18 17:47:39 3FAFE12C5D1D4D5F3567E7A0A2F15A7C 93600 ----a-w- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys
2013-10-18 17:47:34 0A9D58AABD01DA97B1D101473EFA7659 150256 ----a-w- C:\Program Files\Bitdefender\Bitdefender\gzflt.sys
2013-10-18 17:47:32 E058520EEE9DAC4613D846596FF82D92 727592 ----a-w- C:\Program Files\Bitdefender\Bitdefender\avc3.sys
2013-10-18 17:47:32 B239DBA094046EF44303497CF8DC133A 39041 ----a-w- C:\Program Files\Bitdefender\Bitdefender\antispam32\pmbxcr.crx
2013-10-18 17:47:32 62C4DB41DAEA0FC1F5CB103B023D1068 601360 ----a-w- C:\Program Files\Bitdefender\Bitdefender\avckf.sys
2013-10-18 17:47:32 3B9549FEF98AB1768A1D6A919F355B70 261056 ----a-w- C:\Program Files\Bitdefender\Bitdefender\avchv.sys
2013-10-18 17:47:30 4CE4B0098FC315C237FA8867F07886C4 103504 ----a-w- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
2013-10-18 17:35:54 325A512F98BEB97B1FFBE88927B8090D 389240 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\trufos.sys
2013-10-18 17:35:53 0A9D58AABD01DA97B1D101473EFA7659 150256 ----a-w- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\gzflt.sys

======== System Restore Points ========

RP568: 21.10.2013 16:45:25 - zoek.exe restore point

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
"Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard"
"Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
"Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard"
"Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"snp2uvc"="C:\Windows\vsnp2uvc.exe"
"Eraser"="C:\PROGRA~1\Eraser\Eraser.exe --atRestart"
"Bdagent"="C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\Windows\tasks\Driver Booster Update.job --a------ [Undetermined Task]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1632320590-4188346621-2955904884-1000Core.job --a------ [Undetermined Task]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1632320590-4188346621-2955904884-1000UA.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cec51022de3734.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1632320590-4188346621-2955904884-1000Core.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1632320590-4188346621-2955904884-1000UA.job --a------ [Undetermined Task]
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 41209bf2-f984-4b6e-9c39-0c574cf94e41.job --a------ [Undetermined Task]
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task becf1ce1-1c34-41a8-a22d-6343f361de9b.job --a------ [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe online update program" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Kosta-PC-Kosta" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe]
"C:\Windows\SysNative\tasks\Driver Booster Update" [C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1632320590-4188346621-2955904884-1000Core" [C:\Users\Kosta\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1632320590-4188346621-2955904884-1000UA" [C:\Users\Kosta\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\Game_Booster_AutoUpdate" [C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\Kosta\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1cec51022de3734" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1632320590-4188346621-2955904884-1000Core" [C:\Users\Kosta\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1632320590-4188346621-2955904884-1000UA" [C:\Users\Kosta\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]
"C:\Windows\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1632320590-4188346621-2955904884-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1632320590-4188346621-2955904884-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1632320590-4188346621-2955904884-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1632320590-4188346621-2955904884-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1632320590-4188346621-2955904884-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\SmartDefragUpdate" [C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\SmartDefrag_Schedule" [C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe]
"C:\Windows\SysNative\tasks\SUPERAntiSpyware Scheduled Task 41209bf2-f984-4b6e-9c39-0c574cf94e41" [C:\Program Files\SUPERAntiSpyware\SASTask.exe]
"C:\Windows\SysNative\tasks\SUPERAntiSpyware Scheduled Task becf1ce1-1c34-41a8-a22d-6343f361de9b" [C:\Program Files\SUPERAntiSpyware\SASTask.exe]
"C:\Windows\SysNative\tasks\{6AA3FE0C-6C3C-4329-A5A6-925ECFF7E392}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]
"C:\Windows\SysNative\tasks\{AAF3BCF2-54B8-4949-A2FB-138A5AFC2F2D}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]
"C:\Windows\SysNative\tasks\{BCB78E9A-7ED8-4D79-9019-4CCF3FFBC50D}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]
"C:\Windows\SysNative\tasks\{D91F1552-31AF-4E98-85C5-182C2C17944A}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]
"C:\Windows\SysNative\tasks\{DAFF373C-71BD-4597-8E8E-8A464CB81939}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\{DDBE8060-3AA4-4C6B-B2F2-D3977AEB00D0}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]
"C:\Windows\SysNative\tasks\{E897EDED-4878-4F1F-B6E3-CCA6492BBA0C}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="" []

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Kosta\AppData\Roaming\Mozilla\Firefox\Profiles\d1vnwbpk.default-1382303665618
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
9C9CBF2993A5FF37607F562028B510F6 - C:\Users\Kosta\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
04ABD13AB3893DE73AFD48DE075AB8E6 - C:\Users\Kosta\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
BA6B92B8D1493C958C6CCE0A8DEC57CD - C:\Users\Kosta\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
101700E93EB905992B518256CB441829 - C:\Users\Kosta\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
D4BD9F86123C87ECA570418B69326F99 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Kosta\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
BAD62EC082FBC9BF6D54FAB91E53A35A - C:\Program Files\Bitdefender\Bitdefender\Antispam32\npcomm.dll - BitDefender 16


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ccahoghmggldkcdjiebjkidpfongdfbl - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx[25.09.2013 16:05]
dlnembnfbcpjnepmfjmngjenhhajpdfd - No path found[]
eoccbpoodnckjdnackiffhjfkogfhnhh - No path found[]
hbcennhacfaagdopikcegfcobcadeocj - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx[]
icdlfehblmklkikfigmjhbmmpmkmpooj - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx[]
idhngdhcfkoamngbedgpaokgjbnpdiji - No path found[]
iibmmjhgclhlahmjniokmhleigemjpbh - No path found[]
jbpkiefagocgkmemidfngdkamloieekf - No path found[]
jifflliplgeajjdhmkcfnngfpgbjonjg - No path found[]
kiplfnciaokpcennlkldkdaeaaomamof - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09.10.2013 10:59]
mbcjjdjanpccmehilicphhmeobiljcpk - No path found[]
mhkaekfpcppmmioggniknbnbdbcigpkk - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.3.crx[]
nbmafkdmkkckhggblphicnnhlgljnoje - No path found[]
niogeckbkdcabhnapjbkeiklablhjoca - No path found[]
ogccgbmabaphcakpiclgcnmcnimhokcj - No path found[]
pfndaklgolladniicklehhancnlgocpp - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
iibmmjhgclhlahmjniokmhleigemjpbh - No path found[]

Docs - Kosta - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Bitdefender Wallet - Kosta - Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl
Skype for Chromium - Kosta - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Advanced SystemCare Surfing Protection - Kosta - Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Kosta\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Kosta\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1632320590-4188346621-2955904884-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Kosta\Desktop\Counter-Strike WaRzOnE.lnk - E:\Instalacija igrica i programa\Counter strike\Counter Strike 1.6 Full v44 WarZone - Online\hl.exe -steam -game cstrike -noipx -nojoy -noforcemparms -noforcemaccel
C:\Users\Kosta\Desktop\DaemonTools.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Kosta\Desktop\Funny Photo Maker.lnk - C:\Program Files (x86)\AnvSoft\Funny Photo Maker\FunnyPhoto.exe
C:\Users\Kosta\Desktop\gimp-2.8 - pre?ica.lnk -
C:\Users\Kosta\Desktop\LFS.lnk - E:\Instalacija igrica i programa\Live for speed\LFS.exe
C:\Users\Kosta\Desktop\LockHunter - pre?ica.lnk -
C:\Users\Kosta\Desktop\My Documents - Shortcut.lnk - C:\Users\Kosta\Documents
C:\Users\Kosta\Desktop\NeroExpress 12.lnk - C:\Program Files (x86)\Nero\Nero 12\Nero Express\NeroExpress.exe
C:\Users\Kosta\Desktop\PaintDotNet - pre?ica.lnk -
C:\Users\Kosta\Desktop\Photo Editor.lnk -
C:\Users\Kosta\Desktop\Photoshine.lnk - C:\Program Files (x86)\Photoshine\photoshine.exe
C:\Users\Kosta\Desktop\Photoshop - pre?ica.lnk -
C:\Users\Kosta\Desktop\RAMRush.lnk - C:\Program Files (x86)\RAMRush\RAMRush.exe
C:\Users\Kosta\Desktop\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Kosta\Desktop\VirtualDJ Home FREE.lnk - E:\Instalacija igrica i programa\VirtualDJ\virtualdj_home.exe
C:\Users\Kosta\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Kosta\Desktop\Windows Live Mail.lnk - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Users\Kosta\Desktop\WNetWatcher - pre?ica.lnk -
C:\Users\Kosta\Desktop\µTorrent.lnk -
C:\Users\Kosta\Desktop\Plejeri\BS.Player.lnk - C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe
C:\Users\Kosta\Desktop\Plejeri\GOM Player.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
C:\Users\Kosta\Desktop\Plejeri\RealPlayer.lnk - C:\Program Files (x86)\Real\RealPlayer\realplay.exe /launch:desktop
C:\Users\Kosta\Desktop\Plejeri\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\AIMP3.lnk - C:\Program Files (x86)\AIMP3\AIMP3.exe
C:\Users\Public\Desktop\Alcohol 120%.lnk - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Alcohol.exe
C:\Users\Public\Desktop\AMCap.lnk - C:\Program Files (x86)\Common Files\SNP2UVC\amcap.exe
C:\Users\Public\Desktop\Ashampoo Burning Studio 2013.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2013\burningstudio2013.exe
C:\Users\Public\Desktop\Bitdefender Total Security.lnk - C:\Program Files (x86)\Bitdefender\Bitdefender\seccenter.exe
C:\Users\Public\Desktop\Cabelas Dangerous Hunts 2013.lnk - E:\Instalacija igrica i programa\Cabelas Dangerous Hunts 2013\Cabelas Dangerous Hunts 2013\dh_2013.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Comodo Dragon.lnk - C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Users\Public\Desktop\CS 1.6 CS-RELOAD Edition v2.0.lnk - E:\Instalacija igrica i programa\Counter strike\Counter Strike online 1.6 - Reload edition\hl.exe -nomaster -game cstrike -noforcemparms -noforcemaccel
C:\Users\Public\Desktop\EaseUS Partition Master 9.2.1 Home Edition.lnk - C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EPMStartLoader.exe
C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk - E:\Instalacija igrica i programa\Euro truck simulator 2\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
C:\Users\Public\Desktop\Free MP3 Cutter and Editor.lnk - C:\Program Files (x86)\MuseTips\Free MP3 Cutter and Editor\MP3Cutter.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --process-per-tab --enable-sync
C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Nimbuzz.lnk - C:\Program Files (x86)\Nimbuzz\Nimbuzz.exe
C:\Users\Public\Desktop\Open Office.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Users\Public\Desktop\Opera 17.lnk - C:\Program Files (x86)\Opera\launcher.exe
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Public\Desktop\Picture Collage Maker Pro.lnk - C:\Program Files (x86)\Picture Collage Maker Pro\PictureCollageMakerPro.exe
C:\Users\Public\Desktop\Safari.lnk - C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
C:\Users\Public\Desktop\SCANIA Truck Driving Simulator.lnk - E:\Instalacija igrica i programa\Scania drive simulator\SCANIA Truck Driving Simulator\bin\win_x86\scania_truck_driving_simulator.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\Smart Defrag 2.lnk - C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Users\Public\Desktop\Software Informer.lnk - C:\Program Files (x86)\Software Informer\softinfo.exe
C:\Users\Public\Desktop\SpywareBlaster.lnk - C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe
C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Public\Desktop\Wise Folder Hider.lnk - C:\Program Files (x86)\Wise\Wise Folder Hider\WiseFolderHider.exe
C:\Users\Public\Desktop\Yahoo Messenger.lnk -

==== shortcuts in Users Start Menu ======================

C:\Users\Kosta\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
C:\Users\Kosta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Kosta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike\Counter-Strike WaRzOnE.lnk - E:\Instalacija igrica i programa\Counter strike\Counter Strike 1.6 Full v44 WarZone - Online\hl.exe -steam -game cstrike -noipx -nojoy -noforcemparms -noforcemaccel
C:\Users\Kosta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike\CS Dedicated Server CLI.lnk - E:\Instalacija igrica i programa\Counter strike\Counter Strike 1.6 Full v44 WarZone - Online\hlds.exe -game cstrike -console -noipx +maxplayers 24 +map de_dust2
C:\Users\Kosta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike\CS Dedicated Server GUI.lnk - E:\Instalacija igrica i programa\Counter strike\Counter Strike 1.6 Full v44 WarZone - Online\hlds.exe -game cstrike -noipx
C:\Users\Kosta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike\Half-Life WaRzOnE.lnk - E:\Instalacija igrica i programa\Counter strike\Counter Strike 1.6 Full v44 WarZone - Online\hl.exe -steam -noipx -nojoy -noforcemparms -noforcemaccel
C:\Users\Kosta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher\Uninstall.lnk - C:\Program Files (x86)\NirSoft\Wireless Network Watcher\uninst.exe
C:\Users\Kosta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher\Wireless Network Watcher Help.lnk - C:\Program Files (x86)\NirSoft\Wireless Network Watcher\WNetWatcher.chm
C:\Users\Kosta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher\Wireless Network Watcher.lnk - C:\Program Files (x86)\NirSoft\Wireless Network Watcher\WNetWatcher.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 15.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 16.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 17.lnk - C:\Program Files (x86)\Opera\launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk - C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 2013\Ashampoo Burning Studio 2013 .lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2013\burningstudio2013.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 2013\Help.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2013\lang\BurningStudio-en-us.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 2013\Readme.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2013\readme_en_us.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 2013\Uninstall Ashampoo Burning Studio 2013.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2013\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender\Bitdefender Safepay.lnk - C:\Program Files (x86)\Bitdefender\Bitdefender\antispam32\obk.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender\Bitdefender Total Security.lnk - C:\Program Files (x86)\Bitdefender\Bitdefender\seccenter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender\Help.lnk - C:\Program Files (x86)\Bitdefender\Bitdefender\support\offlinemanual\html\index.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender\Readme.lnk - C:\Program Files (x86)\Bitdefender\Bitdefender\_enHTML\readme.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender\Repair or Uninstall.lnk - C:\Program Files (x86)\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\installer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\Dragon\Comodo Dragon.lnk - C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\Dragon\Uninstall Comodo Dragon.lnk - C:\Program Files (x86)\Comodo\Dragon\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2\Euro Truck Simulator 2 Manual.lnk - E:\Instalacija igrica i programa\Euro truck simulator 2\Euro Truck Simulator 2\manual.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2\Play Euro Truck Simulator 2.lnk - E:\Instalacija igrica i programa\Euro truck simulator 2\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2\Troubleshooting\Troubleshooting - DirectX.lnk - E:\Instalacija igrica i programa\Euro truck simulator 2\Euro Truck Simulator 2\bin\win_x86\troubleshoot_dx9.cmd
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2\Troubleshooting\Troubleshooting - OpenGL.lnk - E:\Instalacija igrica i programa\Euro truck simulator 2\Euro Truck Simulator 2\bin\win_x86\troubleshoot_gl.cmd
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2\Troubleshooting\Troubleshooting - Safe mode.lnk - E:\Instalacija igrica i programa\Euro truck simulator 2\Euro Truck Simulator 2\bin\win_x86\troubleshoot_safe.cmd
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --process-per-tab --enable-sync
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Ukloni HitmanPro 3.7.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe /uninstall
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAMRush\RAMRush on the Web.lnk - C:\Program Files (x86)\RAMRush\RAMRush.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAMRush\RAMRush.lnk - C:\Program Files (x86)\RAMRush\RAMRush.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAMRush\Uninstall RAMRush.lnk - C:\Program Files (x86)\RAMRush\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2\Smart Defrag 2.lnk - C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2\Uninstall Smart Defrag 2.lnk - C:\Program Files (x86)\IObit\Smart Defrag 2\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster\SpywareBlaster Help.lnk - C:\Program Files (x86)\SpywareBlaster\sbhelp.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster\SpywareBlaster.lnk - C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk - C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Professional.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe /register

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk - C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk - C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --process-per-tab --enable-sync
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Photoshine.lnk - C:\Program Files (x86)\Photoshine\photoshine.exe
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picture Collage Maker Pro.lnk - C:\Program Files (x86)\Picture Collage Maker Pro\PictureCollageMakerPro.exe
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo Messenger.lnk -
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --process-per-tab --enable-sync
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera (2).lnk -
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera 15.lnk -
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera 16.lnk -
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera 17.lnk - C:\Program Files (x86)\Opera\launcher.exe
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -
C:\Users\Kosta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Wireless Network Watcher.lnk - C:\Program Files (x86)\NirSoft\Wireless Network Watcher\WNetWatcher.exe
C:\Users\TEMP.Kosta-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\TEMP.Kosta-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local;<local>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\eoccbpoodnckjdnackiffhjfkogfhnhh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mbcjjdjanpccmehilicphhmeobiljcpk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - Unknown owner - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Windows Event Log (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (vsserv) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Windows Update (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]
snp2uvc = C:\Windows\vsnp2uvc.exe [Sonix]
Eraser = "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart [null data]
Bdagent = "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe" [Bitdefender]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}\(Default) = Bitdefender Wallet
-> {HKLM...CLSID} = Bitdefender Wallet
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [Bitdefender]
-> {HKLM...Wow...CLSID} = Bitdefender Wallet
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll [Bitdefender]

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO
-> {HKLM...CLSID} = Skype add-on for Internet Explorer
\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [Skype Technologies S.A.]
-> {HKLM...Wow...CLSID} = Skype Browser Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]
-> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper
\InProcServer32\(Default) = [file not found]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}\(Default) = Bitdefender Wallet
-> {HKLM...CLSID} = Bitdefender Wallet
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [Bitdefender]
-> {HKLM...Wow...CLSID} = Bitdefender Wallet
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll [Bitdefender]

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO
-> {HKLM...CLSID} = Skype add-on for Internet Explorer
\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [Skype Technologies S.A.]
-> {HKLM...Wow...CLSID} = Skype Browser Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

__SafeBox1\(Default) = {152C96EB-288E-4EDC-B7C6-D21F8250ADF3}
-> {HKLM...CLSID} = ExtGreen Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender]

__SafeBox2\(Default) = {342DAA0B-D796-460D-8566-901E08A1CCAD}
-> {HKLM...CLSID} = ExtRed Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender]

__SafeBox3\(Default) = {57595DAE-1AE1-4D97-A49E-67CBB53B52DF}
-> {HKLM...CLSID} = ExtYellow
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender]

__SafeBox4\(Default) = {33816773-98AE-4723-ADE0-EBE54C8B5A67}
-> {HKLM...CLSID} = ExtRootFolder Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{0244E652-07EF-43C2-8AAD-ABA3CF40DF16} = Bitdefender SafeBox
-> {HKLM...CLSID} = ExtContext Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender]

{57595DAE-1AE1-4D97-A49E-67CBB53B52DF} = (no title provided)
-> {HKLM...CLSID} = ExtYellow
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender]

{342DAA0B-D796-460D-8566-901E08A1CCAD} = (no title provided)
-> {HKLM...CLSID} = ExtRed Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender]

{2F46275A-B9C5-4C8F-94C0-71BD2B28220C} = (no title provided)
-> {HKLM...CLSID} = ExtPropertySheet Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender]

{33816773-98AE-4723-ADE0-EBE54C8B5A67} = (no title provided)
-> {HKLM...CLSID} = ExtRootFolder Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender]

{152C96EB-288E-4EDC-B7C6-D21F8250ADF3} = (no title provided)
-> {HKLM...CLSID} = ExtGreen Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender]

{9E96C1F5-0EFA-4348-9460-15D6802C70AA} = BDFVCtxMenuExt
-> {HKLM...CLSID} = BDFVCtxMenuExt
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdfvsctx.dll [Bitdefender]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8}
-> {HKLM...CLSID} = Skype IE add-on Pluggable Protocol
\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [Skype Technologies S.A.]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

AIMP\(Default) = {1F77B17B-F531-44DB-ACA4-76ABB5010A28}
-> {HKLM...CLSID} = AIMP ShellExt Unit
\InProcServer32\(Default) = C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll [AIMP DevTeam]
-> {HKLM...Wow...CLSID} = AIMP ShellExt Unit
\InProcServer32\(Default) = C:\Program Files (x86)\AIMP3\Modules\aimp_menu32.dll [AIMP DevTeam]

ANotepad++64\(Default) = {B298D29A-A6ED-11DE-BA8C-A68E55D89593}
-> {HKLM...CLSID} = ANotepad++64
\InProcServer32\(Default) = C:\Program Files (x86)\Notepad++\NppShell_05.dll [null data]

BDFVCtxMenuExt\(Default) = {9E96C1F5-0EFA-4348-9460-15D6802C70AA}
-> {HKLM...CLSID} = BDFVCtxMenuExt
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdfvsctx.dll [Bitdefender]

Eraser\(Default) = {BC9B776A-90D7-4476-A791-79D835F30650}
-> {HKLM...CLSID} = Eraser Shell Extension
\InProcServer32\(Default) = "C:\PROGRA~1\Eraser\ERASER~3.DLL" [The Eraser Project]

LockHunterShellExt\(Default) = {0BB27CDA-7029-4C0E-9C56-D922B229F0EB}
-> {HKLM...CLSID} = LockHunterShellExtensionHandler Class
\InProcServer32\(Default) = C:\Program Files\LockHunter\LHShellExt64.dll [Crystal Rich Ltd]
-> {HKLM...Wow...CLSID} = LockHunterShellExtensionHandler Class
\InProcServer32\(Default) = C:\Program Files\LockHunter\LHShellExt32.dll [Crystal Rich Ltd]

SafeBoxContext\(Default) = {0244E652-07EF-43C2-8AAD-ABA3CF40DF16}
-> {HKLM...CLSID} = ExtContext Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender]

{4CE485DD-C395-46C4-A929-7B771D8A5655}\(Default) = (no title provided)
-> {HKLM...CLSID} = FileShredderCtxMenu Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\fshredctx.dll [Bitdefender]

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu
-> {HKLM...CLSID} = SASContextMenu Class
\InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL [SUPERAntiSpyware.com]

{D653647D-D607-4df6-A5B8-48D2BA195F7B}\(Default) = (no title provided)
-> {HKLM...CLSID} = BDMenu Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdshellext.dll [Bitdefender]

{F764812A-132C-4013-9960-5CBBEB408A0E}\(Default) = (no title provided)
-> {HKLM...CLSID} = NeroShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\x64\NeroShellExt.dll [Nero AG]
-> {HKLM...Wow...CLSID} = NeroShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll [Nero AG]

HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

NBShellHook.6.0\(Default) = {0A920327-8189-4514-86FF-48D5F9C75FD4}
-> {HKLM...Wow...CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBShell.dll [Nero AG]

HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\

SafeBoxSheet\(Default) = {2F46275A-B9C5-4C8F-94C0-71BD2B28220C}
-> {HKLM...CLSID} = ExtPropertySheet Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

IVBShlExt\(Default) = {5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF}
-> {HKLM...Wow...CLSID} = IIVBShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Photo!\Photo! Editor\IvBar\ivbshlext.dll [null data]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

AIMP\(Default) = {1F77B17B-F531-44DB-ACA4-76ABB5010A28}
-> {HKLM...CLSID} = AIMP ShellExt Unit
\InProcServer32\(Default) = C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll [AIMP DevTeam]
-> {HKLM...Wow...CLSID} = AIMP ShellExt Unit
\InProcServer32\(Default) = C:\Program Files (x86)\AIMP3\Modules\aimp_menu32.dll [AIMP DevTeam]

BDFVCtxMenuExt\(Default) = {9E96C1F5-0EFA-4348-9460-15D6802C70AA}
-> {HKLM...CLSID} = BDFVCtxMenuExt
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdfvsctx.dll [Bitdefender]

Eraser\(Default) = {BC9B776A-90D7-4476-A791-79D835F30650}
-> {HKLM...CLSID} = Eraser Shell Extension
\InProcServer32\(Default) = "C:\PROGRA~1\Eraser\ERASER~3.DLL" [The Eraser Project]

LockHunterShellExt\(Default) = {0BB27CDA-7029-4C0E-9C56-D922B229F0EB}
-> {HKLM...CLSID} = LockHunterShellExtensionHandler Class
\InProcServer32\(Default) = C:\Program Files\LockHunter\LHShellExt64.dll [Crystal Rich Ltd]
-> {HKLM...Wow...CLSID} = LockHunterShellExtensionHandler Class
\InProcServer32\(Default) = C:\Program Files\LockHunter\LHShellExt32.dll [Crystal Rich Ltd]

{4CE485DD-C395-46C4-A929-7B771D8A5655}\(Default) = (no title provided)
-> {HKLM...CLSID} = FileShredderCtxMenu Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\fshredctx.dll [Bitdefender]

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu
-> {HKLM...CLSID} = SASContextMenu Class
\InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL [SUPERAntiSpyware.com]

{D653647D-D607-4df6-A5B8-48D2BA195F7B}\(Default) = (no title provided)
-> {HKLM...CLSID} = BDMenu Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdshellext.dll [Bitdefender]

{F764812A-132C-4013-9960-5CBBEB408A0E}\(Default) = (no title provided)
-> {HKLM...CLSID} = NeroShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\x64\NeroShellExt.dll [Nero AG]
-> {HKLM...Wow...CLSID} = NeroShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll [Nero AG]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

Eraser\(Default) = {BC9B776A-90D7-4476-A791-79D835F30650}
-> {HKLM...CLSID} = Eraser Shell Extension
\InProcServer32\(Default) = "C:\PROGRA~1\Eraser\ERASER~3.DLL" [The Eraser Project]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
-> {HKLM...CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

BDFVCtxMenuExt\(Default) = {9E96C1F5-0EFA-4348-9460-15D6802C70AA}
-> {HKLM...CLSID} = BDFVCtxMenuExt
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdfvsctx.dll [Bitdefender]

SafeBoxContext\(Default) = {0244E652-07EF-43C2-8AAD-ABA3CF40DF16}
-> {HKLM...CLSID} = ExtContext Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

BDFVCtxMenuExt\(Default) = {9E96C1F5-0EFA-4348-9460-15D6802C70AA}
-> {HKLM...CLSID} = BDFVCtxMenuExt
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdfvsctx.dll [Bitdefender]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice.org Column Handler
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...Wow...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

BDFVCtxMenuExt\(Default) = {9E96C1F5-0EFA-4348-9460-15D6802C70AA}
-> {HKLM...CLSID} = BDFVCtxMenuExt
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdfvsctx.dll [Bitdefender]

Eraser\(Default) = {BC9B776A-90D7-4476-A791-79D835F30650}
-> {HKLM...CLSID} = Eraser Shell Extension
\InProcServer32\(Default) = "C:\PROGRA~1\Eraser\ERASER~3.DLL" [The Eraser Project]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

SafeBoxContext\(Default) = {0244E652-07EF-43C2-8AAD-ABA3CF40DF16}
-> {HKLM...CLSID} = ExtContext Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender]

{0A920327-8189-4514-86FF-48D5F9C75FD4}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBShell.dll [Nero AG]

{4CE485DD-C395-46C4-A929-7B771D8A5655}\(Default) = (no title provided)
-> {HKLM...CLSID} = FileShredderCtxMenu Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\fshredctx.dll [Bitdefender]

{D653647D-D607-4df6-A5B8-48D2BA195F7B}\(Default) = (no title provided)
-> {HKLM...CLSID} = BDMenu Class
\InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdshellext.dll [Bitdefender]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

Eraser\(Default) = {BC9B776A-90D7-4476-A791-79D835F30650}
-> {HKLM...CLSID} = Eraser Shell Extension
\InProcServer32\(Default) = "C:\PROGRA~1\Eraser\ERASER~3.DLL" [The Eraser Project]

NBShellHook.6.0\(Default) = {0A920327-8189-4514-86FF-48D5F9C75FD4}
-> {HKLM...Wow...CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBShell.dll [Nero AG]


Default executables:
--------------------

.scr
HKCU\Software\Classes\.scr\(Default) = AutoCADScriptFile
HKCU\Software\Classes\AutoCADScriptFile\(Default) = AutoCAD Script
HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = C:\Windows\system32\notepad.exe "%1" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\

NoChangingWallpaper = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Disable changing wallpaper}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoLowDiskSpaceChecks = (REG_DWORD) dword:0x00000001
{unrecognized setting}

NoRun = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Run menu from Start Menu}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoRun = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

DisableTaskMgr = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\

Homepage = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Windows Components|Internet Explorer|
Disable changing home page settings}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

EnableLinkedConnections = (REG_DWORD) dword:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AIMP.EventCDA\
Provider = AIMP3
InvokeProgID = AIMP.EventCDA
InvokeVerb = open
HKCU\Software\Classes\AIMP.EventCDA\shell\open\command\(Default) = C:\Program Files (x86)\AIMP3\AIMP3.exe /CDA %1 [AIMP DevTeam]

AIMP.EventMusic\
Provider = AIMP3
InvokeProgID = AIMP.EventMusic
InvokeVerb = open
HKCU\Software\Classes\AIMP.EventMusic\shell\open\command\(Default) = C:\Program Files (x86)\AIMP3\AIMP3.exe /DIR %1 [AIMP DevTeam]

AlcoholAutoPlayV2.BurnDisc\
Provider = Alcohol 120%
InvokeProgID = AlcoholAutoPlayV2
InvokeVerb = BurnDisc
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Alcohol.exe" %1 [Alcohol Soft Development Team]

AlcoholAutoPlayV2.ReadDisc\
Provider = Alcohol 120%
InvokeProgID = AlcoholAutoPlayV2
InvokeVerb = ReadDisc
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Alcohol.exe" %1 [Alcohol Soft Development Team]

ASHAshampoo_Burning_Studio_2013BURNONARRIVAL\
Provider = Ashampoo Burning Studio 2013
InvokeProgID = Ashampoo.BurningStudio2013
InvokeVerb = autoplay-burn
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2013\shell\autoplay-burn\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2013\burningstudio2013.exe" -autoplay -selectdrive "%l" [Ashampoo]

ASHAshampoo_Burning_Studio_2013COPYONARRIVAL\
Provider = Ashampoo Burning Studio 2013
InvokeProgID = Ashampoo.BurningStudio2013
InvokeVerb = autoplay-copy
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2013\shell\autoplay-copy\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2013\burningstudio2013.exe" -autoplay -selectdrive "%l" -copy [Ashampoo]

ASHAshampoo_Burning_Studio_2013RIPONARRIVAL\
Provider = Ashampoo Burning Studio 2013
InvokeProgID = Ashampoo.BurningStudio2013
InvokeVerb = autoplay-rip
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2013\shell\autoplay-rip\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2013\burningstudio2013.exe" -autoplay -selectdrive "%l" -rip [Ashampoo]

BSplayerCDDA\
Provider = BS.Player multimedia player
InvokeProgID = BSP.plist
InvokeVerb = play
HKCU\Software\Classes\BSP.plist\shell\play\command\(Default) = C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe "%L" [AB Team]

BSplayerMusic\
Provider = BS.Player multimedia player
InvokeProgID = BSP.plist
InvokeVerb = play
HKCU\Software\Classes\BSP.plist\shell\play\command\(Default) = C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe "%L" [AB Team]

BSplayerVideo\
Provider = BS.Player multimedia player
InvokeProgID = BSP.plist
InvokeVerb = play
HKCU\Software\Classes\BSP.plist\shell\play\command\(Default) = C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe "%L" [AB Team]

GOMPlayDVDOnArrival\
Provider = GOM Player
InvokeProgID = GomPlayer.DVD
InvokeVerb = open
HKLM\SOFTWARE\Classes\GomPlayer.DVD\shell\open\command\(Default) = "C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE" /open "%1" [empty string]

GOMPlayMediaOnArrival\
Provider = GOM Player
InvokeProgID = GomPlayer.MediaFile
InvokeVerb = open
HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\command\(Default) = "C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE" /open "%1" [empty string]

KwikMedia11CDAudioOnArrival\
Provider = Nero Kwik Media
InvokeProgID = OpenWithNeroKwikMedia11
InvokeVerb = open
HKLM\SOFTWARE\Classes\OpenWithNeroKwikMedia11\shell\open\command\(Default) = "C:\Program Files (x86)\Nero\KM\KwikMedia.exe" %L\ [Nero AG]

KwikMedia11DVDMovieOnArrival\
Provider = Nero Kwik Media
InvokeProgID = OpenWithNeroKwikMedia11
InvokeVerb = open
HKLM\SOFTWARE\Classes\OpenWithNeroKwikMedia11\shell\open\command\(Default) = "C:\Program Files (x86)\Nero\KM\KwikMedia.exe" %L\ [Nero AG]

KwikMedia11MediaFilesOnArrival\
Provider = Nero Kwik Media
InvokeProgID = ImportWithNeroKwikMedia11
InvokeVerb = open
HKLM\SOFTWARE\Classes\ImportWithNeroKwikMedia11\shell\open\command\(Default) = "C:\Program Files (x86)\Nero\KM\KwikMedia.exe" /Import=%L\ [Nero AG]

KwikMedia11SVCDMovieOnArrival\
Provider = Nero Kwik Media
InvokeProgID = OpenWithNeroKwikMedia11
InvokeVerb = open
HKLM\SOFTWARE\Classes\OpenWithNeroKwikMedia11\shell\open\command\(Default) = "C:\Program Files (x86)\Nero\KM\KwikMedia.exe" %L\ [Nero AG]

KwikMedia11VCDMovieOnArrival\
Provider = Nero Kwik Media
InvokeProgID = OpenWithNeroKwikMedia11
InvokeVerb = open
HKLM\SOFTWARE\Classes\OpenWithNeroKwikMedia11\shell\open\command\(Default) = "C:\Program Files (x86)\Nero\KM\KwikMedia.exe" %L\ [Nero AG]

KwikMedia11WPDOnArrival\
Provider = Nero Kwik Media
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;"C:\Program Files (x86)\Nero\KM\KwikMedia.exe" -Import %1 %2;
-> {HKLM...CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

NeroBluRayPlayerOnArrival\
Provider = Nero Blu-ray Player
InvokeProgID = OpenWithNeroBluRayPlayer
InvokeVerb = open
HKLM\SOFTWARE\Classes\OpenWithNeroBluRayPlayer\shell\open\command\(Default) = "C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe" %L\ [Nero AG]

NeroBurningROM12CopyCD\
Provider = Nero Burning ROM
InvokeProgID = Nero.BurningROM.12.AutoPlay
InvokeVerb = CopyCD
HKLM\SOFTWARE\Classes\Nero.BurningROM.12.AutoPlay\shell\CopyCD\command\(Default) = C:\Program Files (x86)\Nero\Nero 12\Nero Burning ROM\nero.exe -w /Dialog:DiscCopy /SourceDrive:%1 [Nero AG]

NeroBurningROM12LaunchNBR\
Provider = Nero Burning ROM
InvokeProgID = Nero.BurningROM.12.AutoPlay
InvokeVerb = LanchNE
HKLM\SOFTWARE\Classes\Nero.BurningROM.12.AutoPlay\shell\LanchNE\command\(Default) = C:\Program Files (x86)\Nero\Nero 12\Nero Burning ROM\nero.exe /Media:AUTO /Drive:%L [Nero AG]

NeroExpress12CopyCD\
Provider = Nero Express
InvokeProgID = Nero.Express.12.AutoPlay
InvokeVerb = CopyCD
HKLM\SOFTWARE\Classes\Nero.Express.12.AutoPlay\shell\CopyCD\command\(Default) = C:\Program Files (x86)\Nero\Nero 12\Nero Express\NeroExpress.exe -w /Dialog:DiscCopy /SourceDrive:%1 [Nero AG]

NeroExpress12LaunchNE\
Provider = Nero Express
InvokeProgID = Nero.Express.12.AutoPlay
InvokeVerb = LanchNE
HKLM\SOFTWARE\Classes\Nero.Express.12.AutoPlay\shell\LanchNE\command\(Default) = C:\Program Files (x86)\Nero\Nero 12\Nero Express\NeroExpress.exe /Media:AUTO /Drive:%L [Nero AG]

NeroVision12VideoCapture\
Provider = Nero Video
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files (x86)\Nero\Nero 12\Nero Vision\NeroVision.exe" /New:VideoCapture
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM...CLSID} = Shell Execute Hardware Event Handler
\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

Picasa2ImportPicturesOnArrival\
Provider = Picasa3
InvokeProgID = picasa2.autoplay
InvokeVerb = import
HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "%1" [Google Inc.]

RPCDBurningOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.CDBurn.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /burn "%1" [RealNetworks, Inc.]

RPDVDBurningOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.DVDBurn.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /burndvd "%1" [RealNetworks, Inc.]

RPPlayCDAudioOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.AudioCD.6
InvokeVerb = play
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /play %1 [RealNetworks, Inc.]

RPPlayDVDMovieOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.DVD.6
InvokeVerb = play
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /dvd %1 [RealNetworks, Inc.]

RPPlayMediaOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.AutoPlay.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /autoplay "%1" [RealNetworks, Inc.]

VLCPlayCDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.CDAudio
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN]

VLCPlayDVDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlayDVDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.DVDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN]

VLCPlayMusicFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlaySVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.SVCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.VCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVideoFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

WinampMTPHandler\
Provider = Winamp
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = C:\Program Files (x86)\Winamp\winamp.exe
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM...CLSID} = Shell Execute Hardware Event Handler
\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]


Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
Adobe online update program -> launches: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated]
AdobeAAMUpdater-1.0-Kosta-PC-Kosta -> launches: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled [Adobe Systems Incorporated]
CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd]
Driver Booster Scan -> launches: C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe /scan [file not found]
Driver Booster Update -> launches: C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe /auto [file not found]
FacebookUpdateTaskUserS-1-5-21-1632320590-4188346621-2955904884-1000Core -> launches: C:\Users\Kosta\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver [Facebook Inc.]
FacebookUpdateTaskUserS-1-5-21-1632320590-4188346621-2955904884-1000UA -> launches: C:\Users\Kosta\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler [Facebook Inc.]
Game_Booster_AutoUpdate -> launches: C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe /AUTORUN [file not found]
Google Updater and Installer -> launches: C:\Users\Kosta\AppData\Local\Google\Update\GoogleUpdate.exe /c [file not found]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA1cec51022de3734 -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-1632320590-4188346621-2955904884-1000Core -> launches: C:\Users\Kosta\AppData\Local\Google\Update\GoogleUpdate.exe /c [file not found]
GoogleUpdateTaskUserS-1-5-21-1632320590-4188346621-2955904884-1000UA -> launches: C:\Users\Kosta\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [file not found]
Java Update Scheduler -> launches: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [file not found]
RealDownloaderDownloaderScheduledTaskS-1-5-21-1632320590-4188346621-2955904884-1000 -> launches: C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe /bgrecordaliveevent [RealNetworks, Inc.]
RealDownloaderRealUpgradeLogonTaskS-1-5-21-1632320590-4188346621-2955904884-1000 -> launches: C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe /logoncheck [RealNetworks, Inc.]
RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1632320590-4188346621-2955904884-1000 -> launches: C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe /scheduledcheck [RealNetworks, Inc.]
RealPlayerRealUpgradeLogonTaskS-1-5-21-1632320590-4188346621-2955904884-1000 -> launches: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck [RealNetworks, Inc.]
RealPlayerRealUpgradeScheduledTaskS-1-5-21-1632320590-4188346621-2955904884-1000 -> launches: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck [RealNetworks, Inc.]
SidebarExecute -> launches: C:\Program Files\Windows Sidebar\sidebar.exe [MS]
SmartDefragUpdate -> launches: C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe /autorun [IObit]
SmartDefrag_Schedule -> launches: C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe /SCHEDULE [IObit]
SUPERAntiSpyware Scheduled Task 41209bf2-f984-4b6e-9c39-0c574cf94e41 -> launches: C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:41209bf2-f984-4b6e-9c39-0c574cf94e41 [SUPERAdBlocker.com]
SUPERAntiSpyware Scheduled Task becf1ce1-1c34-41a8-a22d-6343f361de9b -> launches: C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:becf1ce1-1c34-41a8-a22d-6343f361de9b [SUPERAdBlocker.com]
{05DDE586-F469-4BB9-8A8D-7EA249A1B8ED} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Delta\delta\1.8.8.8\GUninstaller.exe" -c -uprtc -key "delta" [MS]
{3567968A-74E9-4E8A-8AEE-046CB03B3FE5} -> launches: C:\Windows\system32\pcalua.exe -a C:\Windows\IsUninst.exe -c -f"e:\instalacija igrica i programa\counter strice\Uninst.isu" -c"e:\instalacija igrica i programa\counter strice\HLUNINST.DLL" [MS]
{37EBAE84-4BB4-480A-92B2-737269AC4310} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Kosta\Desktop\InstallPlay89.exe -d C:\Users\Kosta\Desktop [MS]
{539A1500-55F7-4F02-B3E7-5A6BC86CB52B} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Optimizer Pro\OptProUninstaller.exe" -d "C:\Program Files (x86)\Optimizer Pro" [MS]
{689E5A5C-8E9C-4F15-AB6E-5CA9AB287E2D} -> launches: C:\Windows\system32\pcalua.exe -a "E:\Bluetooth Peripheral Driver\bthenum{00005557-0000-1000-8000-0002ee000001}.exe" -d "E:\Bluetooth Peripheral Driver" [MS]
{6AA3FE0C-6C3C-4329-A5A6-925ECFF7E392} -> launches: "c:\program files (x86)\mozilla firefox\firefox.exe" ui.skype.com/ui/0/6.2.0.106/sr/abandoninsta.....age=tsMain [Mozilla Corporation]
{75D6DAB5-0D7F-4011-9368-8563FEBCB1AB} -> launches: C:\Windows\system32\pcalua.exe -a "E:\Igrice\Call of duty\Call.of.Duty.Modern.Warfare.3-RELOADED\Setup.EXE" -d "E:\Igrice\Call of duty\Call.of.Duty.Modern.Warfare.3-RELOADED" [MS]
{7D95B966-88ED-4523-8499-B662C13BBD0C} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\EAUninstall.exe" [MS]
{8798D009-CD3C-4BAE-94C3-50E2EAD4955D} -> launches: C:\Windows\system32\pcalua.exe -a "E:\Programi\Nero 7\Nero.exe" -d "E:\Programi\Nero 7" [MS]
{8E8B30F4-F3F9-440A-BC50-526C9CDCCE17} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\EAUninstall.exe" [MS]
{A2BFC085-43A9-4ED3-9D91-C477CACAABCF} -> launches: C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\ [MS]
{A307FB9B-46F8-46EE-8697-141D534A7DC3} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Kosta\Desktop\WDM_R270.exe -d C:\Users\Kosta\Desktop [MS]
{AAF3BCF2-54B8-4949-A2FB-138A5AFC2F2D} -> launches: "c:\program files (x86)\mozilla firefox\firefox.exe" ui.skype.com/ui/0/6.1.0.129.272/sr/abandoni.....age=tsMain [Mozilla Corporation]
{BCB78E9A-7ED8-4D79-9019-4CCF3FFBC50D} -> launches: "c:\program files (x86)\mozilla firefox\firefox.exe" ui.skype.com/ui/0/6.2.0.106/sr/abandoninstall?page=tsMain [Mozilla Corporation]
{CEEAE3D9-69B4-468E-9C69-367A6A17A58D} -> launches: C:\Windows\system32\pcalua.exe -a "E:\BlueSoleil 1.6\Setup.exe" -d "E:\BlueSoleil 1.6" [MS]
{D91F1552-31AF-4E98-85C5-182C2C17944A} -> launches: "c:\program files (x86)\mozilla firefox\firefox.exe" ui.skype.com/ui/0/6.1.0.129.272/sr/abandoni.....age=tsMain [Mozilla Corporation]
{DAFF373C-71BD-4597-8E8E-8A464CB81939} -> launches: "c:\program files (x86)\google\chrome\application\chrome.exe" ui.skype.com/ui/0/6.3.73.105.457/sr/abandoninstall?page=tsWLM [Google Inc.]
{DC40E9C5-7398-40DC-B317-9DEA5DCE7270} -> launches: C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\ -c /CD [MS]
{DDBE8060-3AA4-4C6B-B2F2-D3977AEB00D0} -> launches: "c:\program files (x86)\mozilla firefox\firefox.exe" ui.skype.com/ui/0/6.1.0.129.272/sr/abandoni.....age=tsMain [Mozilla Corporation]
{E897EDED-4878-4F1F-B6E3-CCA6492BBA0C} -> launches: "c:\program files (x86)\mozilla firefox\firefox.exe" ui.skype.com/ui/0/5.11.0.102/sr/abandoninstall?page=tsMain [Mozilla Corporation]
{EC435D48-BC90-4279-BE16-D0C9CB9A0010} -> launches: C:\Windows\system32\pcalua.exe -a "E:\Instalacija igrica i programa\Infernal\Uninstall.exe" -d "E:\Instalacija igrica i programa\Infernal" [MS]

C:\Windows\System32\Tasks\Apple
AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM...CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
-> {HKLM...Wow...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS]
ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM...CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
-> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM...CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM...CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM...CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
-> {HKLM...Wow...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
-> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]

C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-1632320590-4188346621-2955904884-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000003\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000006\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000010\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000003\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000006\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000010\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\
ButtonText = Skype Click to Call
CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
-> {HKLM...CLSID} = Skype add-on for Internet Explorer (toolbar button)
\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [Skype Technologies S.A.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\
ButtonText = Skype Click to Call
CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
-> {HKLM...Wow...CLSID} = Skype Browser Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD]
Bitdefender Desktop Update Service, UPDATESRV, "C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe" /service [Bitdefender]
Bitdefender Virus Shield, vsserv, "C:\Program Files\Bitdefender\Bitdefender\vsserv.exe" /service [Bitdefender]
Bonjour Service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
COMODO Dragon Update Service, DragonUpdater, C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [null data]
FreemakeVideoCapture, FreemakeVideoCapture, "C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe" [null data]
Intel(R) Capability Licensing Service Interface, Intel(R) Capability Licensing Service Interface, "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [Intel(R) Corporation]
Intel(R) Dynamic Application Loader Host Interface Service, jhi_service, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [Intel Corporation]
Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel(R) Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation]
MBAMScheduler, MBAMScheduler, "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation]
RealNetworks Downloader Resolver Service, RealNetworks Downloader Resolver Service, "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe" [null data]
SafeBox, SafeBox, C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [Bitdefender]
SAS Core Service, !SASCORE, "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [SUPERAntiSpyware.com]
Skype C2C Service, Skype C2C Service, "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [Skype Technologies S.A.]
StarWind AE Service, StarWindServiceAE, C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [StarWind Software]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> !SASCORE,
<<!>> hitmanpro37,
<<!>> hitmanpro37.sys,
<<!>> HitmanPro37Crusader,
<<!>> HitmanPro37CrusaderBoot,
<<!>> IMFservice, Service
<<!>> PEVSystemStart, Service

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> !SASCORE,
<<!>> HideMyIpSRV, service
<<!>> hitmanpro37,
<<!>> hitmanpro37.sys,
<<!>> HitmanPro37Crusader,
<<!>> HitmanPro37CrusaderBoot,
<<!>> PEVSystemStart, Service




==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Kosta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Kosta\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== System Restore Info ======================

21.10.2013 18:22:07 Zoek.exe System Restore Point Created Succesfully.

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Kosta\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Kosta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on pon 21.10.2013 at 18:22:09,76 ======================

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Citat:enable_system_restore_reboot;Launched: C:\Users\Kosta\Desktop\zoek.exe [Script inserted] [Checkboxes used]
Kada ti dam uputstvo, pratiš ga onako kako piše, ako nešto nije napisano, to ne koristiš. Ukoliko misliš da znaš bolje kako treba postupiti sa rešavanjem problema, izvoli, uštedi moje vreme.
Kliknuo si na opcije: SilentRunners, HijackThis, Chrome Reset, SystemSpec, SystemRestore Info, Installed Programs...
Da sam mislio da su potrebne, napisao bih tako, i zamolio bih te da se pridržavaš uputstva ubuduće.





Arrow Preuzmi AppRemover (~ 6MB) na Desktop.
Pokreni ga dvoklikom.

Štikliraj I Agree, i klikni Start, sacekaj da se zavrsi skeniranje, izaberi Baidu i ukloni ga, klikom na Remove Selected Aplications;
Kada završi klikni na Reboot Now.






Arrow Ponovo pokreni zoek ;


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;


U beli okvir prozora iskopiraj sledeći tekst:

C:\PROGRA~2\Ashampoo;fs
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\IObit;fs
C:\Users\Kosta\AppData\Locallow\IObit;fs
C:\Users\Kosta\AppData\Roaming\App4870.ConfCollection.bin;f
C:\Users\Kosta\AppData\Roaming\System5908ConfigCollection.dat;f
C:\Users\Kosta\AppData\Roaming\1D959CA221C7573.sys;f
C:\Users\Kosta\AppData\Roaming\ESET;fs
C:\Users\Kosta\AppData\Roaming\Ashampoo;fs
C:\Users\Kosta\AppData\Local\ashampoo;fs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6;fs
C:\ProgramData\IObit;fs
C:\ProgramData\Ashampoo;fs
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions];r
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=-;r
C:\Program Files (x86)\Common Files\Spigot;fs
C:\Program Files (x86)\Delta;fs
autoclean;




Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.






Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.




Ivance95 (AMF Tim)

offline
  • Pridružio: 10 Okt 2013
  • Poruke: 25

Napisano: 22 Okt 2013 13:23

Ok, izvinjavam se zbog toga sto nisam pratio vase uputstvo kako ste mi rekli, vec sam isao na svoju ruku. Ubuduce cu raditi iskljucivo kako mi vi kazete ovde, jer da znam bolje od vas, ne bih ni trazio vasu pomoc i misljenje ovde, a i nije mi bila namera da uvredim ovde nekog, ili uskracujem nekome tudji rad i vreme, prema tome izvinjavam se jos jednom, ako sam nekome ovde uskratio vreme i ulozeni rad. No, da predjemo konkretno na problem.


Kao sto ste mi i rekli preuzeo sam aplikaciju AppRemover, prebacio sam ga na desktop racunara, stiklirao sam I Agree i isao na start, medjutim prilikom skeniranja, aplikacija I Agree nije mi pronasla nikakve tragove, odnosno ostatke Baidu programa kojeg sam ranije uklonio sa racunara, pa samim tim racunar mi nije trazio Reebot racunara.

Posle toga sam skinuo ponovo Zoek fajl i po uputstvu kako ste mi i rekli, tako sam skenirao racunar njime.
Nakon zavrsetka skeniranja, zoek mi je dostavio sledece rezultate :



mycity.rs/must-login.png



Zoek.exe Version 4.0.0.5 Updated 22-October-2013
Tool run by Kosta on uto 22.10.2013 at 11:04:59,16.
Microsoft Windows 7 Ultimate 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Kosta\Desktop\zoek.exe [Script inserted]

==== System Restore Info ======================

22.10.2013 11:06:36 Zoek.exe System Restore Point Created Succesfully.

==== Creating Sample_22.10.2013_1118.zip ======================

Copied folder C:\ProgramData\DAEMON Tools Lite to sample\DAEMON Tools Lite
Copied folder C:\ProgramData\GlarySoft to sample\GlarySoft
sample\DAEMON Tools Lite\license.dat renamed to E852A39837DEE90F9A056FCA52EB2DE5

C:\Users\Public\Desktop\sample_22.10.2013_1118.zip created successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=-

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Ashampoo deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\IObit deleted
C:\Users\Kosta\AppData\Locallow\IObit deleted
C:\Users\Kosta\AppData\Roaming\ESET deleted
C:\Users\Kosta\AppData\Roaming\Ashampoo deleted
C:\Users\Kosta\AppData\Local\ashampoo deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6 deleted
C:\ProgramData\IObit deleted
C:\ProgramData\Ashampoo deleted
C:\ProgramData\DAEMON Tools Lite deleted
C:\ProgramData\GlarySoft deleted
"C:\Users\Kosta\AppData\Roaming\App4870.ConfCollection.bin" deleted
"C:\Users\Kosta\AppData\Roaming\System5908ConfigCollection.dat" deleted
"C:\Users\Kosta\AppData\Roaming\1D959CA221C7573.sys" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="" []

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Kosta\AppData\Roaming\Mozilla\Firefox\Profiles\d1vnwbpk.default-1382303665618
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
9C9CBF2993A5FF37607F562028B510F6 - C:\Users\Kosta\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
04ABD13AB3893DE73AFD48DE075AB8E6 - C:\Users\Kosta\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
BA6B92B8D1493C958C6CCE0A8DEC57CD - C:\Users\Kosta\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
101700E93EB905992B518256CB441829 - C:\Users\Kosta\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
D4BD9F86123C87ECA570418B69326F99 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Kosta\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
BAD62EC082FBC9BF6D54FAB91E53A35A - C:\Program Files\Bitdefender\Bitdefender\Antispam32\npcomm.dll - BitDefender 16


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ccahoghmggldkcdjiebjkidpfongdfbl - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx[25.09.2013 16:05]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09.10.2013 10:59]

Docs - Kosta - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Bitdefender Wallet - Kosta - Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl
Skype for Chromium - Kosta - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Advanced SystemCare Surfing Protection - Kosta - Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Kosta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Kosta\AppData\Local\Mozilla\Firefox\Profiles\d1vnwbpk.default-1382303665618\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Kosta\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Kosta\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on uto 22.10.2013 at 11:34:35,92 ======================



Kad sam to uradio skinuo sam ComboFix i prebacio ga na desktop racunara, i isao sam po uputstvu kako ste mi vi naveli ovde. Na kraju, kada je ComboFix zavrsio sa skeniranjem, izbacio mi je sledece rezultate:


mycity.rs/must-login.png


ComboFix 13-10-21.01 - Kosta 22.10.2013 12:35:52.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4060.3092 [GMT 2:00]
Running from: c:\users\Kosta\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Antispyware *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1381619117.bdinstall.bin
c:\programdata\1382114862.bdinstall.bin
c:\programdata\1382114954.bdinstall.bin
c:\programdata\1382115169.bdinstall.bin
c:\programdata\1382117756.bdinstall.bin
c:\users\Kosta\AppData\Roaming\Microsoft\Windows\User.dat
c:\users\Kosta\AppData\Roaming\Roaming
c:\users\Kosta\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NEWDRIVER
-------\Legacy_NPF
-------\Service_NEWDRIVER
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2013-09-22 to 2013-10-22 )))))))))))))))))))))))))))))))
.
.
2013-10-22 09:26 . 2013-10-22 10:51 -------- d-----w- c:\users\Kosta\AppData\Local\Temp
2013-10-22 09:26 . 2013-10-22 09:04 24064 ----a-w- c:\windows\zoek-delete.exe
2013-10-19 07:34 . 2013-10-19 07:34 -------- d-----w- c:\program files (x86)\Safari
2013-10-19 07:32 . 2013-10-19 07:33 -------- d-----w- c:\program files\Bonjour
2013-10-19 07:32 . 2013-10-19 07:33 -------- d-----w- c:\program files (x86)\Bonjour
2013-10-19 07:32 . 2013-10-19 07:32 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-10-18 17:48 . 2009-07-14 23:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-10-18 17:48 . 2013-10-18 17:49 -------- d-----w- c:\programdata\BDLogging
2013-10-18 17:47 . 2012-04-17 12:34 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-10-18 17:47 . 2013-07-23 14:50 82824 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-10-18 17:47 . 2013-02-22 17:46 93600 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2013-10-18 17:47 . 2007-04-11 09:11 511328 ----a-w- c:\windows\capicom.dll
2013-10-18 17:47 . 2013-07-19 16:08 601360 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-10-18 17:47 . 2013-07-19 16:04 727592 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-10-18 17:47 . 2012-11-02 12:17 261056 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-10-18 17:40 . 2013-10-18 17:49 -------- d-----w- c:\users\Kosta\AppData\Roaming\Bitdefender
2013-10-18 17:39 . 2013-08-13 11:38 3271472 ---ha-w- C:\bdr-bz01
2013-10-18 17:36 . 2013-08-23 11:48 150256 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-10-18 17:36 . 2013-08-07 11:46 389240 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-10-18 17:11 . 2013-10-18 17:12 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-10-18 17:10 . 2013-10-18 17:10 -------- d-----w- c:\program files (x86)\Opera
2013-10-18 16:54 . 2013-10-18 17:39 -------- d-----w- c:\program files\Bitdefender
2013-10-18 16:48 . 2013-10-18 17:54 -------- d-----w- c:\programdata\Bitdefender
2013-10-18 13:50 . 2013-10-18 13:50 -------- d-----w- c:\program files (x86)\RAMRush
2013-10-18 09:16 . 2013-10-18 09:16 -------- d-----w- c:\programdata\Baidu Security
2013-10-18 08:57 . 2013-10-20 20:29 -------- d-----w- c:\program files (x86)\SpywareBlaster
2013-10-16 18:40 . 2013-10-16 18:52 -------- d-----w- c:\users\Kosta\AppData\Local\K-Meleon
2013-10-16 17:42 . 2013-10-16 17:42 108760 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-10-16 17:42 . 2013-10-16 17:42 883928 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-10-16 17:42 . 2013-10-16 17:42 74456 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-10-16 17:41 . 2013-10-16 17:39 1233080 ----a-w- c:\windows\system32\aticfx64.dll
2013-10-16 17:40 . 2013-10-16 17:39 9464840 ----a-w- c:\windows\system32\atidxx64.dll
2013-10-16 17:40 . 2013-10-16 17:39 142792 ----a-w- c:\windows\system32\atiuxp64.dll
2013-10-16 17:40 . 2013-10-16 17:39 571904 ----a-w- c:\windows\system32\atieclxx.exe
2013-10-16 17:40 . 2013-10-16 17:39 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-10-16 17:40 . 2013-10-16 17:39 784384 ----a-w- c:\windows\system32\atiadlxx.dll
2013-10-14 08:21 . 2013-10-14 08:21 -------- d-----w- c:\users\Kosta\AppData\Local\Comodo
2013-10-14 08:21 . 2013-10-14 08:29 57096 ----a-w- c:\windows\system32\certsentry.dll
2013-10-14 08:21 . 2013-10-14 08:29 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
2013-10-14 08:21 . 2013-10-14 08:29 -------- d-----w- c:\program files (x86)\Comodo
2013-10-14 06:56 . 2013-10-14 06:56 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-10-13 20:41 . 2013-06-19 15:26 30056 ----a-w- c:\windows\system32\drivers\hmip64.sys
2013-10-13 20:05 . 2013-10-13 20:05 -------- d-----w- c:\programdata\Stardock
2013-10-13 07:51 . 2013-10-13 07:51 -------- d-----w- c:\programdata\LHService
2013-10-13 07:50 . 2013-10-16 19:01 -------- d-----w- c:\programdata\LockHunter
2013-10-12 23:01 . 2013-10-12 23:01 90883 ----a-w- c:\programdata\1381618874.bdinstall.bin
2013-10-12 23:01 . 2013-10-12 23:01 -------- d-----w- c:\users\Kosta\AppData\Roaming\QuickScan
2013-10-12 23:00 . 2013-10-18 17:36 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-10-12 23:00 . 2013-10-12 23:00 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2013-10-12 19:01 . 2013-05-22 16:49 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-10-12 19:01 . 2013-05-22 16:49 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-10-11 21:00 . 2013-10-11 21:00 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85D27EA8-49E9-490A-B600-921007BEC9D3}\offreg.dll
2013-10-11 18:51 . 2013-10-11 18:51 -------- d-----w- c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-10-11 18:51 . 2013-10-11 18:51 -------- d-----w- c:\programdata\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-10-11 08:02 . 2013-04-17 18:20 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-10-11 07:47 . 2013-09-15 22:50 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85D27EA8-49E9-490A-B600-921007BEC9D3}\mpengine.dll
2013-10-10 22:56 . 2013-10-10 22:56 -------- d-----w- c:\users\Kosta\AppData\Local\VS Revo Group
2013-10-10 22:56 . 2013-10-10 22:56 -------- d-----w- c:\programdata\VS Revo Group
2013-10-10 22:08 . 2013-10-10 22:08 40960 ----a-w- c:\windows\SysWow64\nwsftUninstall.exe
2013-10-10 17:14 . 2013-10-13 10:32 -------- d-----w- c:\users\Kosta\AppData\Roaming\SUPERAntiSpyware.com
2013-10-10 17:13 . 2013-10-10 17:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-10-10 17:13 . 2013-10-10 17:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-10-10 09:11 . 2013-10-10 09:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-10 09:11 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-09 13:06 . 2013-10-09 13:06 -------- d-----w- c:\programdata\Readon
2013-10-09 12:35 . 2013-10-09 12:35 -------- d-----w- c:\users\Kosta\AppData\Local\HTML Executable
2013-10-09 09:33 . 2013-10-09 10:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-10-09 09:01 . 2013-10-09 09:01 -------- d-----w- c:\users\Kosta\AppData\Local\Macromedia
2013-10-09 08:57 . 2013-10-18 01:20 -------- d-----w- c:\users\Kosta\AppData\Local\Mozilla
2013-10-09 08:39 . 2013-10-13 10:33 -------- d-----w- c:\programdata\Licenses
2013-10-09 08:12 . 2013-10-09 08:47 -------- d-----w- c:\users\Kosta\AppData\Roaming\Apple Computer
2013-10-09 08:12 . 2013-10-09 08:15 -------- d-----w- c:\users\Kosta\AppData\Local\Apple Computer
2013-10-09 08:12 . 2013-10-09 08:12 -------- d-----w- c:\programdata\Apple Computer
2013-10-09 08:11 . 2013-10-09 08:11 -------- d-----w- c:\users\Kosta\AppData\Local\Apple
2013-10-09 08:11 . 2013-10-09 08:11 -------- d-----w- c:\programdata\Apple
2013-10-09 07:52 . 2013-10-09 07:52 -------- d-----w- c:\users\Kosta\AppData\Roaming\fltk.org
2013-10-09 07:52 . 2013-10-09 07:52 -------- d-----w- c:\programdata\fltk.org
2013-10-09 07:52 . 2013-10-09 07:52 -------- d-----w- c:\users\Kosta\AppData\Roaming\flightgear.org
2013-10-07 06:30 . 2013-10-09 11:12 -------- d-----w- c:\program files\HitmanPro
2013-10-07 06:29 . 2013-10-21 17:15 -------- d-----w- c:\programdata\HitmanPro
2013-10-06 18:59 . 2013-10-06 18:59 -------- d-----w- c:\users\Kosta\AppData\Roaming\Malwarebytes
2013-10-06 18:59 . 2013-10-06 18:59 -------- d-----w- c:\programdata\Malwarebytes
2013-10-03 12:05 . 2013-10-03 12:05 -------- d-----w- c:\programdata\Steam
2013-10-03 11:20 . 2013-10-03 11:20 -------- d-----w- c:\users\Kosta\AppData\Local\Programs
2013-10-03 11:18 . 2013-10-18 17:02 -------- d-----w- c:\users\Kosta\AppData\Roaming\DAEMON Tools Lite
2013-10-01 15:54 . 2013-10-13 10:33 -------- d-----w- c:\programdata\AVAST Software
2013-10-01 14:20 . 2013-10-02 06:22 -------- d-----w- c:\users\TEMP
2013-10-01 12:11 . 2013-10-01 12:11 -------- d-----w- c:\users\Kosta\AppData\Roaming\ATI
2013-10-01 09:36 . 2013-10-14 07:17 -------- d-----w- c:\users\Kosta\AppData\Local\GmailNotifierPro
2013-10-01 09:36 . 2013-10-06 07:10 -------- d-----w- c:\users\Kosta\AppData\Roaming\GmailNotifierPro
2013-09-29 19:57 . 2013-10-18 17:10 -------- d-----w- c:\users\Kosta\AppData\Local\Opera Software
2013-09-29 17:49 . 2013-10-10 07:58 -------- d-----w- c:\program files\CCleaner
2013-09-27 10:50 . 2013-09-27 10:50 -------- d-----w- c:\programdata\ATI
2013-09-23 08:07 . 2013-08-16 08:43 100960 ----a-w- c:\windows\system32\drivers\Bprotect.sys
2013-09-23 08:07 . 2013-07-15 03:47 32064 ----a-w- c:\windows\system32\drivers\Bfmon.sys
2013-09-23 08:07 . 2013-07-15 03:47 46912 ----a-w- c:\windows\system32\drivers\Bfilter.sys
2013-09-23 07:58 . 2013-09-23 07:58 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-23 07:57 . 2013-10-12 17:02 -------- d-----w- c:\programdata\Nero
2013-09-23 07:13 . 2013-10-18 09:17 -------- d-----w- c:\users\Kosta\AppData\Roaming\Baidu Security
2013-09-23 06:11 . 2013-10-13 10:33 -------- d---a-r- C:\Winmend~Folder~Hidden
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-18 09:24 . 2012-12-29 04:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-18 09:24 . 2012-12-29 04:22 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-08 21:39 . 2012-12-28 23:26 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-27 05:04 . 2013-09-27 05:04 22 ----a-w- c:\windows\SysWow64\.zip
2013-08-24 15:26 . 2013-04-02 11:31 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-08-24 15:26 . 2013-04-02 11:31 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-08-24 14:29 . 2013-08-24 14:29 57376 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2013-08-24 14:27 . 2013-08-24 14:27 2103040 ----a-w- c:\windows\system32\WavesGUILib64.dll
2013-08-24 14:27 . 2013-08-24 14:27 2794056 ----a-w- c:\windows\system32\RtPgEx64.dll
2013-08-24 14:27 . 2013-08-24 14:27 1662024 ----a-w- c:\windows\system32\RTSnMg64.cpl
2013-08-24 14:27 . 2013-08-24 14:27 3425608 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2013-08-24 14:27 . 2013-08-24 14:27 613448 ----a-w- c:\windows\system32\RtDataProc64.dll
2013-08-24 14:27 . 2013-08-24 14:27 3693640 ----a-w- c:\windows\system32\RtkAPO64.dll
2013-08-24 14:27 . 2013-08-24 14:27 1284680 ----a-w- c:\windows\system32\RTCOM64.dll
2013-08-24 14:27 . 2013-08-24 14:27 1003592 ----a-w- c:\windows\system32\RtkApi64.dll
2013-08-24 14:27 . 2013-08-24 14:27 142408 ----a-w- c:\windows\system32\RCoInstII64.dll
2013-08-24 14:27 . 2013-08-24 14:27 897152 ----a-w- c:\windows\system32\MBAPO64.dll
2013-08-24 14:27 . 2013-08-24 14:27 83072 ----a-w- c:\windows\system32\MBWrp64.dll
2013-08-24 14:27 . 2013-08-24 14:27 753280 ----a-w- c:\windows\SysWow64\MBAPO32.dll
2013-08-24 14:27 . 2013-08-24 14:27 920320 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2013-08-24 14:27 . 2013-08-24 14:27 2032896 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
2013-08-24 14:27 . 2013-08-24 14:27 2735648 ----a-w- c:\windows\system32\FMAPO64.dll
2013-08-24 14:27 . 2013-08-24 14:27 110592 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2013-08-24 14:27 . 2013-08-24 14:27 108640 ----a-w- c:\windows\system32\AERTAR64.dll
2013-08-24 14:27 . 2013-08-24 14:27 208072 ----a-w- c:\windows\system32\AERTAC64.dll
2013-08-24 14:21 . 2013-08-24 14:21 96768 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2013-08-24 14:21 . 2013-08-24 14:21 110080 ----a-w- c:\windows\system32\DelayAPO.dll
2013-08-24 14:03 . 2013-08-24 14:03 76800 ----a-w- c:\windows\system32\coinst_12.104.dll
2013-08-24 14:03 . 2013-08-24 14:03 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-08-24 14:03 . 2013-08-24 14:03 59392 ----a-w- c:\windows\system32\atiedu64.dll
2013-08-24 14:03 . 2013-08-24 14:03 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2013-08-24 14:03 . 2013-08-24 14:03 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-08-24 14:03 . 2013-08-24 14:03 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-08-24 14:03 . 2013-08-24 14:03 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-08-07 02:22 . 2012-12-29 04:34 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-05 09:11 . 2013-08-20 10:44 24352 ----a-w- c:\windows\system32\RegBootDefrag.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-10-18 564256]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-10-18 1004608]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2013-10-18 621448]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2013-09-19 5470488]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-10-18 564256]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-10-18 1004608]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2013-10-18 621448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
3;2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 WatAdminSvc;Usluga tehnologije aktivacije operativnog sistema Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]
S1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\System32\drivers\Bfilter.sys;c:\windows\SYSNATIVE\drivers\Bfilter.sys [x]
S1 Bfmon;Baidu FS Monitor Driver;c:\windows\System32\drivers\Bfmon.sys;c:\windows\SYSNATIVE\drivers\Bfmon.sys [x]
S1 Bprotect;Baidu Protect;c:\windows\System32\drivers\Bprotect.sys;c:\windows\SYSNATIVE\drivers\Bprotect.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 hmip;hmip;c:\windows\system32\Drivers\hmip64.sys;c:\windows\SYSNATIVE\Drivers\hmip64.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender\updatesrv.exe;c:\program files\Bitdefender\Bitdefender\updatesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-19 07:51 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-29 09:24]
.
2013-10-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1632320590-4188346621-2955904884-1000Core.job
- c:\users\Kosta\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-04 15:40]
.
2013-10-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1632320590-4188346621-2955904884-1000UA.job
- c:\users\Kosta\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-04 15:40]
.
2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 19:28]
.
2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cec51022de3734.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 19:28]
.
2013-10-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 41209bf2-f984-4b6e-9c39-0c574cf94e41.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-10-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task becf1ce1-1c34-41a8-a22d-6343f361de9b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2013-07-08 13:59 206352 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2013-07-08 13:59 206352 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2013-07-08 13:59 206352 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2013-07-08 13:59 206352 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-08-24 13538376]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-12 662016]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2013-10-18 1738968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Kosta\AppData\Roaming\Mozilla\Firefox\Profiles\d1vnwbpk.default-1382303665618\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
SafeBoot-IMFservice
Toolbar-10 - (no file)
AddRemove-Ashampoo Burning Studio 2013_is1 - c:\program files (x86)\Ashampoo\Ashampoo Burning Studio 2013\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1632320590-4188346621-2955904884-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-1632320590-4188346621-2955904884-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-1632320590-4188346621-2955904884-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1632320590-4188346621-2955904884-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-1632320590-4188346621-2955904884-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1632320590-4188346621-2955904884-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-1632320590-4188346621-2955904884-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-1632320590-4188346621-2955904884-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1632320590-4188346621-2955904884-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1632320590-4188346621-2955904884-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1632320590-4188346621-2955904884-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1632320590-4188346621-2955904884-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-1632320590-4188346621-2955904884-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1632320590-4188346621-2955904884-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-1632320590-4188346621-2955904884-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1632320590-4188346621-2955904884-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
@=hex:dc,0d,b8,ff,a2,a1,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:42,4e,61,e3,a2,a1,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:9f,73,7e,e3,a2,a1,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:18,99,d1,e0,a2,a1,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-10-22 12:57:18 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-22 10:57
.
Pre-Run: 27.614.707.712 bytes free
Post-Run: 26.629.566.464 bytes free
.
- - End Of File - - 5BEBA67BEDE815A7AC4EFA9475B21678
A36C5E4F47E84449FF07ED3517B43A31



Dopuna: 22 Okt 2013 13:26

Ali i dalje mi Opera i Mozilla Firefox ne rade, sta god da ukucam, nece da mi otvore ni jednu stranicu. Zaista ne znam vise sta da radim.

Dopuna: 22 Okt 2013 13:28

Opera mi je jedna od omiljenih internet pretrazivaca, kao i Mozilla takodje, dodje mi da izludim sto mi ne rade Sad

Dopuna: 22 Okt 2013 13:32

Takodje vidim da mi ne rade Internet Explorer, a ni Google Chrome. Jedino mogu da pristupim na internet preko Safari i Comodo Dragon browsera. Sad Sad

Dopuna: 22 Okt 2013 14:02

Posto AppRemover nije mogao da mi pronadje ostatke Baidu programa kojeg sam ranije uklonio sa racunara, pokusao sam da idem desnim klikom na My computer na desktopu racunara i usao sam na svojstva. Isao sam na upravljac uredjajima, pa na prikaz, zatim na prikazi skrivene uredjaje i pod Non-Plug and Play upravljacki programi nasao sam kako ste mi rekli Baidu, deinstalirao sam ga nakon cega mi je racunar trazio da se restartuje. Posle restartovanja sam ga uklonio, ali i dalje mi se nista ne desava sa browserima.

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Arrow Tvoj kompjuter je čist što se malware-a tiče, ovde više nemamo posla. Problem je verovatno uzrokovan programima kao što su: IOBIT, Game Booster, RAMRush, Glary Utilities ...etc.
Otvori temu u Windows potforumu, oni će nastaviti rešavanje problema:
http://www.mycity.rs/Windows/



Arrow

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.




Arrow Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Alat ce ukloniti sve koriscene alate u ovoj temi...
Kada alat završi, otvoriće izvestaj u notepadu.
Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Nije potrebno dostavljati izvestaj.





Idea Preporučujem ti da koristiš program MCShield za zaštitu USB memorijskih uređaja.

Program možeš preuzeti sa OVOG linka. Nakon instalacije programa, priključi USB memorijske uređaje, i oni će biti skenirani. Na kraju skeniranja ćeš dobiti izveštaj da je uređaj čist ili obaveštenje o uklonjenom malware-u.




Ivance95 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 1242 korisnika na forumu :: 35 registrovanih, 5 sakrivenih i 1202 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: airsuba, babaroga, bojanM84, branko7, Bubimir, Dannyboy, Dogma21, Dorcolac, dragan_mig31, DragoslavS, dule10savic, goxin, HogarStrashni, ivan979, krkalon, Krusarac, Kubovac, kybonacci, Mercury, mikrimaus, milenko crazy north, mnn2, pedjolino76, Petar35, Pohovani_00, Prašinar, procesor, SD izvidjac, shaja1, SR-3m, Toper, USSVoyager, vathra, vladulns, wolverined4