Koci internet

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

1. Dodjoh malo pre iz grada i imao sta da vidim, komp radi katastrofa, internet kao da imam dialap..
Uradio mu skeniranje sa Esencijalom, Adw, deinstalaciom nepotrebnih programa i nema napredka.
P.s .. i ciscenje broswer-a.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-12-2014
Ran by prle (administrator) on PRLE-PC on 08-12-2014 20:58:23
Running from C:\Muzika
Loaded Profiles: prle & UpdatusUser (Available profiles: prle & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: engleski (SAD)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Stardock Corporation) C:\Program Files\Stardock\WindowBlinds\WBSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Software, Inc) C:\Program Files\Stardock\WindowBlinds\WBCore.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TopLang Software) C:\Program Files\Password Door\TLPD.EXE
(BitTorrent Inc.) C:\Users\prle\AppData\Roaming\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Skillbrains) C:\Users\prle\AppData\Local\Skillbrains\lightshot\5.1.4.34\Lightshot.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Luxand Blink!] => C:\Program Files\Luxand\Blink!\LuxandBlinkTray.exe [7630656 2012-02-07] (Luxand, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [Fences] => C:\Program Files\Stardock\Fences\Fences.exe [3992208 2014-10-03] (Stardock Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\...\Run: [] => [X]
HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\...\Run: [Password Door] => C:\Program Files\Password Door\TLPD.EXE [61952 2008-03-22] (TopLang Software)
HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\...\Run: [uTorrent] => C:\Users\prle\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-12] (BitTorrent Inc.)
HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [3639568 2014-07-10] (Disc Soft Ltd)
HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30528608 2014-11-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\...\MountPoints2: {1ac22040-806c-11e3-b5d0-806e6f6e6963} - H:\setup.exe
HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\...\Run: [Password Door] => C:\Program Files\Password Door\TLPD.EXE [61952 2008-03-22] (TopLang Software)
HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\...\Run: [LightShot] => C:\Users\UpdatusUser\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
Startup: C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\prle\AppData\Roaming\TornTV.com\TornTV Downloader.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1000 -> DefaultScope {72302D6D-935C-4346-A5BB-96881B825ED8} URL = https://search.yahoo.com/search?fr=chr-greentree_i.....549&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1000 -> {0E90424D-0616-420E-8E5C-6B6FD05CD6D7} URL = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1000 -> {72302D6D-935C-4346-A5BB-96881B825ED8} URL = https://search.yahoo.com/search?fr=chr-greentree_i.....549&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1003 -> {0E90424D-0616-420E-8E5C-6B6FD05CD6D7} URL = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1003 -> {32D5563E-5F7D-4739-96F8-18D1390F66B7} URL = http://www.dogpile.com/search/web?fcoid=417&fc.....ql=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1003 -> {3A748936-3C4B-4965-A0AA-94D2CA2592F8} URL = http://search.ividi.org/?q={searchTerms}&src=tbsp&id=2cf1ec7b0000000000006c626d450386&affilt=3&r=553
SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1003 -> {9E06BDCF-0BDA-468E-B603-AEFD462C9890} URL = http://search.softonic.com/INF00176/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=2cf1ec7b0000000000006c626d450386&r=669
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll (Verimatrix, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1606030900-3430388029-1771253369-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\prle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1606030900-3430388029-1771253369-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll (Verimatrix, Inc.)
FF SearchPlugin: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\vokabular.xml
FF Extension: LavaFox V2 - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\Extensions\info@djzig.com [2014-10-09]
FF Extension: Lightweight Themes Manager - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\Extensions\lwthemes-manager@loucypher.xpi [2014-03-17]
FF Extension: Stylish - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-03-17]
FF Extension: YouTube High Definition - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-03-17]
FF Extension: Adblock Plus - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-17]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.rs/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Auto Replay for YouTube™) - C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2014-12-05]
CHR Extension: (Google новчаник) - C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-04]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 Disc Soft Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [887056 2014-07-10] (Disc Soft Ltd)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WindowBlinds; C:\Program Files\Stardock\WindowBlinds\wbsrv.exe [84592 2014-03-10] (Stardock Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1570304 2012-10-18] (Atheros Communications, Inc.)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [24704 2014-12-02] (Disc Soft Ltd)
S3 gggen; C:\Windows\System32\DRIVERS\gggen.sys [11648 2006-09-28] (Sony Ericsson Mobile Communications) [File not signed]
S3 ggsemc; C:\Windows\System32\DRIVERS\ggsemc.sys [11648 2006-09-28] (Sony Ericsson Mobile Communications) [File not signed]
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2014-08-03] (Sony Mobile Communications)
S3 hcdriver; C:\Windows\System32\DRIVERS\hcdriver.sys [55208 2013-08-21] (Intel Corporation)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-07-20] (REALiX(tm))
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 MpKsl37cef3d6; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCF0773D-A24F-4CC3-BC2F-0A927F53E5A8}\MpKsl37cef3d6.sys [39464 2014-12-08] (Microsoft Corporation)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [83336 2007-04-24] (MCCI Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation)
S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [100488 2007-04-24] (MCCI Corporation)
S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [98696 2007-04-24] (MCCI Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2014-01-18] (Duplex Secure Ltd.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 20:48 - 2014-12-08 20:48 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-12-08 20:48 - 2014-12-08 20:48 - 00000000 ____D () C:\Users\prle\Documents\Sports Interactive
2014-12-08 20:47 - 2014-12-08 20:47 - 00002214 _____ () C:\Users\prle\Desktop\Play Football Manager 2015.lnk
2014-12-08 20:43 - 2014-12-08 20:47 - 00000000 ____D () C:\Program Files\Football Manager 2015
2014-12-08 20:39 - 2014-12-08 20:39 - 00000000 __RSH () C:\MSDOS.SYS
2014-12-08 20:39 - 2014-12-08 20:39 - 00000000 __RSH () C:\IO.SYS
2014-12-08 20:33 - 2014-12-08 20:33 - 00001194 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-12-08 20:33 - 2014-12-08 20:33 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-12-08 20:33 - 2014-12-08 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-12-08 20:33 - 2014-12-08 20:33 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-08 20:33 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-12-08 19:16 - 2014-12-08 19:16 - 00006874 _____ () C:\Users\prle\Desktop\JRT.txt
2014-12-08 19:09 - 2014-12-08 19:09 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-08 19:06 - 2014-12-08 19:09 - 01707646 _____ (Thisisu) C:\Users\prle\Desktop\JRT.exe
2014-12-08 01:36 - 2014-12-08 19:01 - 00000000 ____D () C:\Users\prle\Documents\Football Manager 2015 PC full game ^^nosTEAM^^
2014-12-08 01:34 - 2014-12-08 01:34 - 00001042 _____ () C:\Users\prle\Desktop\Torntv Downloader.lnk
2014-12-07 06:27 - 2014-12-07 06:27 - 00000000 ____D () C:\Users\prle\AppData\Roaming\Verimatrix
2014-12-07 06:24 - 2014-12-07 06:24 - 00000000 ____D () C:\Program Files\Verimatrix
2014-12-04 04:30 - 2014-12-04 04:43 - 00000000 ____D () C:\The.Orphanage.2007.1080p.BluRay.x264.anoXmous
2014-12-02 23:07 - 2014-12-08 19:12 - 00004988 _____ () C:\Windows\PFRO.log
2014-12-02 23:07 - 2014-12-08 19:12 - 00003472 _____ () C:\Windows\setupact.log
2014-12-02 23:07 - 2014-12-02 23:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-02 23:06 - 2014-12-02 23:06 - 00000794 _____ () C:\Users\prle\Desktop\Half-Life WaRzOnE.lnk
2014-12-02 23:06 - 2014-12-02 23:06 - 00000732 _____ () C:\Users\prle\Desktop\HLDS.lnk
2014-12-02 23:06 - 2014-12-02 23:06 - 00000000 ____D () C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HLDS
2014-12-02 23:06 - 2014-12-02 23:06 - 00000000 ____D () C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life
2014-12-02 22:59 - 2014-12-02 22:59 - 02154496 _____ () C:\Users\prle\Documents\adwcleaner_4.103.exe
2014-12-02 22:42 - 2014-12-08 20:47 - 00001337 _____ () C:\Users\prle\Desktop\visit www.nosteam.ro.lnk
2014-12-02 22:11 - 2014-12-02 22:30 - 00000000 ____D () C:\Football Manager 2015 PC full game ^^nosTEAM^^
2014-12-02 21:13 - 2014-12-02 21:13 - 00000000 ____D () C:\Users\prle\AppData\Local\Disc_Soft_Ltd
2014-12-02 21:06 - 2014-12-02 21:07 - 00000000 ____D () C:\Users\prle\AppData\Roaming\DAEMON Tools Ultra
2014-12-02 21:06 - 2014-12-02 21:06 - 00024704 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtscsibus.sys
2014-12-02 21:06 - 2014-12-02 21:06 - 00001899 _____ () C:\Users\Public\Desktop\DAEMON Tools Ultra.lnk
2014-12-02 21:06 - 2014-12-02 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Ultra
2014-12-02 21:05 - 2014-12-02 21:06 - 00000000 ____D () C:\Program Files\DAEMON Tools Ultra
2014-12-02 21:05 - 2014-12-02 21:05 - 00000000 ____D () C:\ProgramData\DAEMON Tools Ultra
2014-12-02 19:57 - 2014-12-02 20:56 - 00000000 ____D () C:\3DMGAME-Football.Manager.2015.v15.1.3.(zabranjeno)ed-3DM
2014-12-01 02:07 - 2014-12-01 02:07 - 00000000 ____D () C:\Users\prle\Desktop\Nova fascikla (3)
2014-11-28 18:11 - 2014-12-08 20:58 - 00000000 ____D () C:\Muzika
2014-11-28 17:42 - 2014-11-28 18:03 - 192866304 _____ () C:\Users\prle\Downloads\YouPorn - Once in the pink then in the stink Shock Wave.mpg
2014-11-23 19:23 - 2014-12-08 19:12 - 00000506 ____H () C:\Windows\Tasks\BrickBooster-S-1408900467.job
2014-11-23 19:22 - 2014-11-23 19:22 - 00000000 ____D () C:\ProgramData\bpjmjekfgokdfmobdiaeahaoepiibceh
2014-11-23 19:21 - 2014-11-23 19:21 - 00000000 ____D () C:\ProgramData\okkcpilbalclmgpkckfamkookccfniao
2014-11-22 23:44 - 2014-11-22 23:49 - 00000000 ____D () C:\StarLite
2014-11-22 23:44 - 2014-11-22 23:44 - 00000606 _____ () C:\Users\UpdatusUser\Desktop\StarLite.lnk
2014-11-22 23:44 - 2014-11-22 23:44 - 00000606 _____ () C:\Users\prle\Desktop\StarLite.lnk
2014-11-22 23:44 - 2014-11-22 23:44 - 00000000 ____D () C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarLite Astrology
2014-11-22 23:44 - 2014-11-22 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarLite Astrology
2014-11-17 18:25 - 2014-11-17 18:25 - 00000000 ____D () C:\Users\prle\AppData\Local\Skillbrains
2014-11-17 04:09 - 2014-11-17 04:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-11-16 16:03 - 2014-11-16 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2014-11-16 16:03 - 2014-11-16 16:03 - 00001936 _____ () C:\Users\prle\Desktop\Customize Fences.lnk
2014-11-12 22:08 - 2014-11-12 22:08 - 00000000 ____D () C:\Users\prle\Desktop\Nikola Slike
2014-11-12 21:48 - 2014-12-05 16:10 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 20:58 - 2014-08-25 12:19 - 00000000 ____D () C:\FRST
2014-12-08 20:54 - 2013-06-28 11:51 - 00000000 ____D () C:\Users\prle\AppData\Roaming\uTorrent
2014-12-08 20:53 - 2014-07-27 00:56 - 00000000 ____D () C:\Users\prle\AppData\Roaming\Skype
2014-12-08 20:41 - 2013-07-25 18:20 - 00000000 ____D () C:\Games
2014-12-08 20:39 - 2014-03-04 19:39 - 00000000 ____D () C:\WinSetupFromUSB
2014-12-08 20:30 - 2013-06-28 12:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-08 20:25 - 2013-08-28 16:39 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 19:38 - 2014-07-18 21:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-08 19:19 - 2013-06-28 11:15 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-08 19:16 - 2014-07-27 21:37 - 01946542 _____ () C:\Windows\WindowsUpdate.log
2014-12-08 19:14 - 2014-07-20 14:19 - 00000000 ____D () C:\Windows\ERUNT
2014-12-08 19:12 - 2014-07-24 20:07 - 00000000 ____D () C:\ProgramData\MCShield
2014-12-08 19:12 - 2013-08-28 16:39 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-08 19:12 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-08 19:11 - 2014-08-25 21:09 - 00000000 ____D () C:\AdwCleaner
2014-12-08 01:39 - 2014-08-07 20:20 - 00000000 ____D () C:\Program Files\Football Manager 2014
2014-12-07 22:38 - 2013-08-20 20:26 - 02390016 ___SH () C:\Users\prle\Desktop\Thumbs.db
2014-12-07 22:21 - 2009-07-14 05:34 - 00013904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-07 22:21 - 2009-07-14 05:34 - 00013904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-05 23:01 - 2013-07-16 20:46 - 00000000 ____D () C:\Users\prle\AppData\Local\Windows Live
2014-12-05 16:10 - 2014-07-18 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-05 16:10 - 2014-07-18 21:21 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-04 18:21 - 2013-08-28 16:40 - 00002167 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-04 18:20 - 2013-06-28 11:59 - 00000000 ____D () C:\Program Files\Google
2014-12-03 22:27 - 2013-06-28 12:09 - 00000000 ___RD () C:\Program Files\Skype
2014-12-03 22:27 - 2013-06-28 12:09 - 00000000 ____D () C:\ProgramData\Skype
2014-12-03 15:25 - 2014-08-04 12:39 - 00000000 ____D () C:\Users\prle\AppData\Local\CrashDumps
2014-12-02 23:06 - 2014-05-15 15:18 - 00001698 _____ () C:\Users\prle\Desktop\Counter-Strike WaRzOnE.lnk
2014-12-02 23:06 - 2014-01-21 03:15 - 00000000 ____D () C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-02 23:06 - 2013-08-29 19:15 - 00000983 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-02 23:06 - 2013-08-29 19:15 - 00000971 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-02 23:06 - 2013-08-28 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-02 23:06 - 2013-06-28 11:48 - 00000897 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-02 23:06 - 2013-06-28 11:11 - 00001106 _____ () C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-02 22:52 - 2013-07-19 12:46 - 00000102 _____ () C:\Users\prle\AppData\default.pls
2014-12-02 22:38 - 2009-07-14 03:04 - 00000580 _____ () C:\Windows\win.ini
2014-12-02 22:32 - 2014-02-14 22:22 - 00000464 __RSH () C:\ProgramData\ntuser.pol
2014-12-02 22:13 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-02 21:01 - 2013-07-08 19:46 - 00000000 ____D () C:\Users\prle\AppData\Local\Sports Interactive
2014-11-28 18:05 - 2014-05-26 23:00 - 00211456 ___SH () C:\Users\prle\Downloads\Thumbs.db
2014-11-27 07:51 - 2013-06-28 12:11 - 00000000 ____D () C:\Users\prle\AppData\Roaming\Winamp
2014-11-27 07:50 - 2014-07-17 18:07 - 00000000 ____D () C:\Windows\Minidump
2014-11-26 15:30 - 2013-06-28 12:04 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-26 15:30 - 2013-06-28 12:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-26 14:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Cursors
2014-11-21 06:14 - 2014-07-18 21:21 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-07-18 21:21 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-07-18 21:20 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-17 18:25 - 2013-11-22 22:39 - 00000000 ____D () C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2014-11-16 16:05 - 2014-10-07 01:33 - 00000000 ____D () C:\Users\prle\AppData\Local\Stardock
2014-11-16 16:05 - 2014-01-08 17:54 - 00000000 ____D () C:\ProgramData\Stardock
2014-11-16 16:03 - 2014-10-07 01:36 - 00000000 ____D () C:\Users\Public\Documents\Stardock
2014-11-16 16:03 - 2014-10-07 01:32 - 00000000 ____D () C:\Users\prle\Downloads\Stardock
2014-11-16 16:03 - 2014-01-08 17:47 - 00000000 ____D () C:\Program Files\Stardock
2014-11-13 13:13 - 2013-07-04 16:38 - 00000000 ____D () C:\Users\prle\AppData\Roaming\PC Suite
2014-11-12 23:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 23:25 - 2014-07-07 01:49 - 00000000 ____D () C:\Windows\pss
2014-11-12 22:08 - 2013-11-25 16:42 - 00000000 ____D () C:\Users\prle\Desktop\Nova fascikla (2)
2014-11-12 22:04 - 2013-06-29 21:06 - 00058016 _____ () C:\Users\prle\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 22:03 - 2009-07-14 05:33 - 03665440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 21:43 - 2014-08-25 23:56 - 00000000 ____D () C:\Users\prle\AppData\Local\FluxSoftware
2014-11-12 20:14 - 2013-06-28 11:10 - 00000000 ____D () C:\Users\prle

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 12:52

==================== End Of Log ============================

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1

KMP Service



Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\...\MountPoints2: {1ac22040-806c-11e3-b5d0-806e6f6e6963} - H:\setup.exe
Startup: C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\prle\AppData\Roaming\TornTV.com\TornTV Downloader.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1003 -> {32D5563E-5F7D-4739-96F8-18D1390F66B7} URL = http://www.dogpile.com/search/web?fcoid=417&fc.....ql=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1003 -> {3A748936-3C4B-4965-A0AA-94D2CA2592F8} URL = http://search.ividi.org/?q={searchTerms}&src=tbsp&id=2cf1ec7b0000000000006c626d450386&affilt=3&r=553
SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1003 -> {9E06BDCF-0BDA-468E-B603-AEFD462C9890} URL = http://search.softonic.com/INF00176/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=2cf1ec7b0000000000006c626d450386&r=669
Task: {8EB3FF3F-91E6-47DB-8FB8-1753DBCFC3EC} - System32\Tasks\BrickBooster-S-1408900467 => c:\programdata\trusted publisher\systemaugmenter\BrickBooster.exe <==== ATTENTION
Task: C:\Windows\Tasks\BrickBooster-S-1408900467.job => c:\programdata\trusted publisher\systemaugmenter\BrickBooster.exe <==== ATTENTION
C:\Users\prle\Desktop\Torntv Downloader.lnk
C:\ProgramData\bpjmjekfgokdfmobdiaeahaoepiibceh
C:\ProgramData\okkcpilbalclmgpkckfamkookccfniao
C:\Users\prle\AppData\Roaming\TornTV.com
c:\programdata\trusted publisher
C:\Windows\pss\MyPC Backup.lnk.Startup
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Korak 3

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

process;
startupall;
drivers-services-list;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Kopiraj sadržaj tog loga u poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

1)Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-12-2014
Ran by prle at 2014-12-08 22:37:12 Run:2
Running from D:\RAd
Loaded Profiles: prle & UpdatusUser (Available profiles: prle & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\...\MountPoints2: {1ac22040-806c-11e3-b5d0-806e6f6e6963} - H:\setup.exe
Startup: C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\prle\AppData\Roaming\TornTV.com\TornTV Downloader.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1003 -> {32D5563E-5F7D-4739-96F8-18D1390F66B7} URL = http://www.dogpile.com/search/web?fcoid=417&fc.....ql=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1003 -> {3A748936-3C4B-4965-A0AA-94D2CA2592F8} URL = http://search.ividi.org/?q={searchTerms}&src=tbsp&id=2cf1ec7b0000000000006c626d450386&affilt=3&r=553
SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1003 -> {9E06BDCF-0BDA-468E-B603-AEFD462C9890} URL = http://search.softonic.com/INF00176/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=2cf1ec7b0000000000006c626d450386&r=669
Task: {8EB3FF3F-91E6-47DB-8FB8-1753DBCFC3EC} - System32\Tasks\BrickBooster-S-1408900467 => c:\programdata\trusted publisher\systemaugmenter\BrickBooster.exe <==== ATTENTION
Task: C:\Windows\Tasks\BrickBooster-S-1408900467.job => c:\programdata\trusted publisher\systemaugmenter\BrickBooster.exe <==== ATTENTION
C:\Users\prle\Desktop\Torntv Downloader.lnk
C:\ProgramData\bpjmjekfgokdfmobdiaeahaoepiibceh
C:\ProgramData\okkcpilbalclmgpkckfamkookccfniao
C:\Users\prle\AppData\Roaming\TornTV.com
c:\programdata\trusted publisher
C:\Windows\pss\MyPC Backup.lnk.Startup
EmptyTemp:
*****************

"HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ac22040-806c-11e3-b5d0-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{1ac22040-806c-11e3-b5d0-806e6f6e6963}" => Key not found.
C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk => Moved successfully.
C:\Users\prle\AppData\Roaming\TornTV.com\TornTV Downloader.exe not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{32D5563E-5F7D-4739-96F8-18D1390F66B7}" => Key deleted successfully.
"HKCR\CLSID\{32D5563E-5F7D-4739-96F8-18D1390F66B7}" => Key not found.
"HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A748936-3C4B-4965-A0AA-94D2CA2592F8}" => Key deleted successfully.
"HKCR\CLSID\{3A748936-3C4B-4965-A0AA-94D2CA2592F8}" => Key not found.
"HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E06BDCF-0BDA-468E-B603-AEFD462C9890}" => Key deleted successfully.
"HKCR\CLSID\{9E06BDCF-0BDA-468E-B603-AEFD462C9890}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8EB3FF3F-91E6-47DB-8FB8-1753DBCFC3EC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EB3FF3F-91E6-47DB-8FB8-1753DBCFC3EC}" => Key deleted successfully.
C:\Windows\System32\Tasks\BrickBooster-S-1408900467 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrickBooster-S-1408900467" => Key deleted successfully.
C:\Windows\Tasks\BrickBooster-S-1408900467.job => Moved successfully.
C:\Users\prle\Desktop\Torntv Downloader.lnk => Moved successfully.
C:\ProgramData\bpjmjekfgokdfmobdiaeahaoepiibceh => Moved successfully.
C:\ProgramData\okkcpilbalclmgpkckfamkookccfniao => Moved successfully.
"C:\Users\prle\AppData\Roaming\TornTV.com" => File/Directory not found.
"c:\programdata\trusted publisher" => File/Directory not found.
C:\Windows\pss\MyPC Backup.lnk.Startup => Moved successfully.
EmptyTemp: => Removed 254.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

2)
Zoek.exe v5.0.0.0 Updated 06-December-2014
Tool run by prle on pon 08.12.2014 at 22:45:26,15.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: D:\RAd\zoek\zoek.exe.com [Scan all users] [Script inserted]

==== System Restore Info ======================

8.12.2014 22:46:30 Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Stardock\WindowBlinds\wbsrv.exe
C:\Program Files\Stardock\WindowBlinds\WBCore.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Password Door\TLPD.EXE
C:\Users\prle\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
C:\Windows\system32\prevhost.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files\common files\adobe\arm\1.0\armsvc.exe
R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - c:\program files\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe
R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - c:\program files\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe
R2 - [MBAMScheduler] - MBAMScheduler - c:\program files\malwarebytes anti-malware\mbamscheduler.exe
R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
R2 - [nvUpdatusService] - NVIDIA Update Service Daemon - c:\program files\nvidia corporation\nvidia update core\daemonu.exe
R2 - [SDScannerService] - Spybot-S&D 2 Scanner Service - c:\program files\spybot - search & destroy 2\sdfssvc.exe
R2 - [SDUpdateService] - Spybot-S&D 2 Updating Service - c:\program files\spybot - search & destroy 2\sdupdsvc.exe
R2 - [SDWSCService] - Spybot-S&D 2 Security Center Service - c:\program files\spybot - search & destroy 2\sdwscsvc.exe
R2 - [WindowBlinds] - Stardock WindowBlinds - c:\program files\stardock\windowblinds\wbsrv.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WMPNetworkSvc] - Usluga deljenja putem mreĹľe za Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [Disc Soft Bus Service] - Disc Soft Bus Service - c:\program files\daemon tools ultra\discsoftbusservice.exe
R3 - [NisSrv] - Microsoft Network Inspection - c:\program files\microsoft security client\nissrv.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files\google\update\googleupdate.exe
S2 - [MBAMService] - MBAMService - c:\program files\malwarebytes anti-malware\mbamservice.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files\skype\updater\updater.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Faks - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files\google\update\googleupdate.exe
S3 - [IDriverT] - InstallDriver Table Manager - c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [NBService] - NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 - [NMIndexingService] - NMIndexingService - c:\program files\common files\ahead\lib\nmindexingservice.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [SwitchBoard] - SwitchBoard - c:\program files\common files\adobe\switchboard\switchboard.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [WatAdminSvc] - Usluga tehnologije aktivacije operativnog sistema Windows - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [MpFilter] - Microsoft Malware Protection Driver - C:\Windows\system32\Drivers\MpFilter.sys
R0 - [Mup] - MUP - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [atapi] - IDE Channel - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Disk] - Disk Driver - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Bitlocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
R0 - [nvstor] - nvstor - C:\Windows\system32\Drivers\nvstor.sys
R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pciide] - pciide - C:\Windows\system32\Drivers\pciide.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [sptd] - sptd - C:\Windows\system32\Drivers\sptd.sys
R0 - [storflt] - Disk Virtual Machine Bus Acceleration Filter Driver - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - UpravljaÄŤki program TCP/IP protokola - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [vmbus] - Virtual Machine Bus - C:\Windows\system32\Drivers\vmbus.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Storage volumes - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - NetIO TDI upravljačkog programa podrške koji je zastareo - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\prle\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2014-12-08 19:33:22 B9BB8E2093C1615AD6EA55AD96214354 27192 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2014-12-02 20:06:12 50778FE9ED67AEB01EA99877B1B4A4DF 24704 ----a-w- C:\Windows\System32\drivers\dtscsibus.sys
2014-11-17 03:09:40 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01009.Wdf
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-12-08 19:43:57 -------- d-----w- C:\Program Files\Football Manager 2015
2014-12-08 19:33:19 -------- d-----w- C:\Program Files\VS Revo Group
2014-12-07 05:24:25 -------- d-----w- C:\Program Files\Verimatrix
2014-12-02 20:05:56 -------- d-----w- C:\Program Files\DAEMON Tools Ultra
======= C: =====
2014-12-08 19:39:47 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\MSDOS.SYS
2014-12-08 19:39:47 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\IO.SYS
2014-12-08 18:09:19 8D987BE841B404B83E6CE18C33C44C88 55 ----a-w- C:\AdwCleanerDebug.txt
====== C:\Users\prle\AppData\Roaming ======
2014-12-07 05:27:06 -------- d-----w- C:\Users\prle\AppData\Roaming\Verimatrix
2014-12-02 22:06:10 -------- d-----w- C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HLDS
2014-12-02 22:06:10 -------- d-----w- C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life
2014-12-02 20:13:47 -------- d-----w- C:\Users\prle\AppData\Local\Disc_Soft_Ltd
2014-12-02 20:06:33 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\DAEMON Tools Ultra
2014-12-02 20:06:08 -------- d-----w- C:\Users\prle\AppData\Roaming\DAEMON Tools Ultra
2014-11-17 17:25:18 -------- d-----w- C:\Users\prle\AppData\Local\Skillbrains
====== C:\Users\prle ======
2014-12-08 19:48:47 -------- d-----w- C:\Users\Public\Documents\Sports Interactive
2014-12-08 19:33:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-12-08 19:33:23 -------- d-----w- C:\ProgramData\VS Revo Group
2014-12-08 18:06:51 C254F3ECEB9B1AC795BA6B25DE008EBA 1707646 ----a-w- C:\Users\prle\Desktop\JRT.exe
2014-12-02 21:59:34 CBDDB6C4BCD895F8879FD6AC588007A0 2154496 ----a-w- C:\Users\prle\Documents\adwcleaner_4.103.exe
2014-12-02 20:06:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Ultra
2014-12-02 20:05:16 -------- d-----w- C:\ProgramData\DAEMON Tools Ultra
2014-11-16 15:03:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock

====== C: exe-files ==
2014-12-08 19:47:36 EF57A9F676A44C3E47EA8387D5FB2489 277335 ----a-w- C:\Program Files\Football Manager 2015\Football Manager 2015\Launcher.exe
2014-12-08 19:47:30 7E79B84448B712B6536B1C21CCCDDE32 667418 ----a-w- C:\Program Files\Football Manager 2015\Football Manager 2015\helper.exe
2014-12-08 19:47:28 8E0C538D5F64F4F12CCF0281153153E8 40662296 ----a-w- C:\Program Files\Football Manager 2015\Football Manager 2015\fm.exe
2014-12-08 19:38:31 ABC402529E7BA1644A1FF8F1BF4EE691 10691640 ----a-w- C:\Muzika\RevoUninProSetup (2).exe
2014-12-08 19:38:31 ABC402529E7BA1644A1FF8F1BF4EE691 10691640 ----a-w- C:\Muzika\RevoUninProSetup (1).exe
2014-12-08 19:33:23 04EFED15350A230218D3884C95C1931F 7151696 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\ruplp.exe
2014-12-08 19:33:22 446C40ECEB7B0E909537333B94C02DA8 2903104 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoAppBar.exe
2014-12-08 19:33:22 2F01619771F819E6558FC33D1EC78C96 76752 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoCmd.exe
2014-12-08 19:33:20 38D29ACC358AC6ACE20F85AE72EBE557 13551672 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
2014-12-08 19:26:32 ABC402529E7BA1644A1FF8F1BF4EE691 10691640 ----a-w- C:\Muzika\RevoUninProSetup.exe
2014-12-08 18:06:16 AF506E0B71016682293AC3814A7D62BA 2153472 ----a-w- C:\Muzika\AdwCleaner.exe
2014-12-08 00:35:42 B64DD60B742363347B5EEFFD50598846 479616 ----a-w- C:\Muzika\Football_Manager_2015_PC_full_game_^^nosTEAM^^ (5).exe
2014-12-08 00:35:38 B64DD60B742363347B5EEFFD50598846 479616 ----a-w- C:\Muzika\Football_Manager_2015_PC_full_game_^^nosTEAM^^ (4).exe
2014-12-08 00:35:17 B64DD60B742363347B5EEFFD50598846 479616 ----a-w- C:\Muzika\Football_Manager_2015_PC_full_game_^^nosTEAM^^ (3).exe
2014-12-08 00:34:21 B64DD60B742363347B5EEFFD50598846 479616 ----a-w- C:\Muzika\Football_Manager_2015_PC_full_game_^^nosTEAM^^.exe
2014-12-04 17:21:03 EB1482D0C28EA78549B936F06ACC4FDE 40749136 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\39.0.2171.71\39.0.2171.71_chrome_installer.exe
2014-12-04 17:20:24 5B4ED5734945619EE3BCDB9825D2F526 51080 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe
2014-12-04 17:20:23 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Program Files\Google\Update\GoogleUpdate.exe
2014-12-04 17:20:23 3A636A2846DD05FADF9ECE085D770468 880784 ----a-w- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateSetup.exe
2014-12-04 17:20:23 06036279056145E0F08FC095CB789E6A 51080 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateBroker.exe
2014-12-04 17:20:22 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdate.exe
2014-12-04 17:20:22 EDD3E562684CB4C50704B471BEAB1F86 114568 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe
2014-12-04 17:20:22 CB8C1CC4F46FBAC78150754D77460C73 230792 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
2014-12-04 17:20:22 7161E8E31B7FD3B1CE083C2CA5FD5F44 285064 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
2014-12-04 17:17:27 3A636A2846DD05FADF9ECE085D770468 880784 ----a-w- C:\Muzika\ChromeSetup (1).exe
2014-12-04 17:14:54 D3FD16D606C2D1FB20BA106432C9A2AF 880784 ----a-w- C:\Muzika\ChromeSetup.exe
2014-12-02 22:06:06 FCCD7F257294E8C981419DDE93602FF7 101376 ----a-w- C:\Games\Counter-Strike\valve\addons\amxmodx\scripting\amxxpc.exe
2014-12-02 22:06:06 FCCD7F257294E8C981419DDE93602FF7 101376 ----a-w- C:\Games\Counter-Strike\cstrike\addons\amxmodx\scripting\amxxpc.exe
2014-12-02 22:06:06 5C37F632B39008B214420721FEE1E6CE 102912 ----a-w- C:\Games\Counter-Strike\valve\addons\amxmodx\scripting\compile.exe
2014-12-02 22:06:06 5C37F632B39008B214420721FEE1E6CE 102912 ----a-w- C:\Games\Counter-Strike\cstrike\addons\amxmodx\scripting\compile.exe
2014-12-02 22:06:06 035D09E67DDED2A7636D04EEB620C3B9 122880 ----a-w- C:\Games\Counter-Strike\cstrike\addons\amxmodx\data\WinCSX.exe
2014-12-02 22:00:21 BAD0DBA74F8A580B02DAFDB3C39CEFF2 268591972 ----a-w- C:\Muzika\Counter-Strike.exe
2014-12-02 21:11:07 5600EB94AAF12790BEDEC74A97E7E396 1309733498 ----a-r- C:\Football Manager 2015 PC full game ^^nosTEAM^^\FM-2015-nosTEAM.exe
2014-12-02 20:06:12 5DD397A26283341EFCB0D33AD497BC83 48376 ----a-w- C:\Program Files\DAEMON Tools Ultra\dtinst.exe
2014-12-02 20:00:16 30F345C27665C8E1851AAABA68795B50 667418 ----a-w- C:\3DMGAME-Football.Manager.2015.v15.1.3.(zabranjeno)ed-3DM\Football Manager 2015\helper.exe
2014-12-02 20:00:15 2470DF8CB057A8C56393104C21E39B70 40669464 ----a-w- C:\3DMGAME-Football.Manager.2015.v15.1.3.(zabranjeno)ed-3DM\Football Manager 2015\fm.exe
2014-12-02 20:00:14 880A353DC9AB4202F2CFBEC1CB37181D 299864 ----a-w- C:\3DMGAME-Football.Manager.2015.v15.1.3.(zabranjeno)ed-3DM\Football Manager 2015\_CommonRedist\DirectX\dxwebsetup.exe
=== C: other files ==
2014-12-08 19:47:40 1C671BC760392AB83138D7D6D0C12DD5 226 ----a-w- C:\Program Files\Football Manager 2015\update-FM2015.bat
2014-12-08 19:47:40 0D5D0E0DF696E34D3538BBC29B420318 226 ----a-w- C:\Program Files\Football Manager 2015\Football Manager 2015\update-FM2015.bat
2014-12-08 19:47:08 B1DCC937513875AF569BF822DE7060B3 951 ----a-w- C:\Program Files\Football Manager 2015\Football Manager 2015\data\sigfx\textures\convert.bat
2014-12-08 19:46:27 74E2CCA5841194DC6F5701B5479DFD19 749 ----a-w- C:\Program Files\Football Manager 2015\Football Manager 2015\data\sigfx\players\skin\male\convert.bat
2014-12-08 19:46:27 6DD6932AFF65B9683A4F2C1FCEB970F7 329 ----a-w- C:\Program Files\Football Manager 2015\Football Manager 2015\data\sigfx\players\goalkeeper\convert.bat
2014-12-08 19:46:27 4552BE5EE6657A29641A822F2F5C9AFE 407 ----a-w- C:\Program Files\Football Manager 2015\Football Manager 2015\data\sigfx\players\outfield\convert.bat
2014-12-08 19:39:47 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\MSDOS.SYS
2014-12-08 19:39:47 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\IO.SYS
2014-12-08 19:33:22 B9BB8E2093C1615AD6EA55AD96214354 27192 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2014-12-08 19:33:22 B9BB8E2093C1615AD6EA55AD96214354 27192 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\revoflt.sys
2014-12-02 20:06:12 50778FE9ED67AEB01EA99877B1B4A4DF 24704 ----a-w- C:\Windows\System32\drivers\dtscsibus.sys
2014-12-02 20:06:12 50778FE9ED67AEB01EA99877B1B4A4DF 24704 ----a-w- C:\Program Files\DAEMON Tools Ultra\dtscsibus.sys
2014-12-02 19:56:07 B1DCC937513875AF569BF822DE7060B3 951 ----a-w- C:\3DMGAME-Football.Manager.2015.v15.1.3.(zabranjeno)ed-3DM\Football Manager 2015\data\sigfx\textures\convert.bat
2014-12-02 19:56:07 74E2CCA5841194DC6F5701B5479DFD19 749 ----a-w- C:\3DMGAME-Football.Manager.2015.v15.1.3.(zabranjeno)ed-3DM\Football Manager 2015\data\sigfx\players\skin\male\convert.bat
2014-12-02 19:56:07 6DD6932AFF65B9683A4F2C1FCEB970F7 329 ----a-w- C:\3DMGAME-Football.Manager.2015.v15.1.3.(zabranjeno)ed-3DM\Football Manager 2015\data\sigfx\players\goalkeeper\convert.bat
2014-12-02 19:56:07 4552BE5EE6657A29641A822F2F5C9AFE 407 ----a-w- C:\3DMGAME-Football.Manager.2015.v15.1.3.(zabranjeno)ed-3DM\Football Manager 2015\data\sigfx\players\outfield\convert.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="C:\Program Files\MCShield\mcshieldrtm.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Password Door"="C:\PROGRA~1\PASSWO~1\TLPD.EXE"
"uTorrent"="C:\Users\prle\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"DAEMON Tools Ultra Agent"="C:\Program Files\DAEMON Tools Ultra\DTAgent.exe -autorun"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
"Password Door"="C:\PROGRA~1\PASSWO~1\TLPD.EXE"
"LightShot"="C:\Users\UpdatusUser\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Luxand Blink\Program Files\Luxand\Blink\LuxandBlinkTray.exe /s"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"Fences"="C:\Program Files\Stardock\Fences\Fences.exe /startup"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="C:\Program Files\MCShield\mcshieldrtm.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Password Door"="C:\PROGRA~1\PASSWO~1\TLPD.EXE"
"uTorrent"="C:\Users\prle\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"DAEMON Tools Ultra Agent"="C:\Program Files\DAEMON Tools Ultra\DTAgent.exe -autorun"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\3RVX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="3RVX"
"hkey"="HKCU"
"command"="C:\\Program Files\\3RVX\\3RVX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeCS6ServiceManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Chatango]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Chatango"
"hkey"="HKCU"
"command"="C:\\Program Files\\Chatango\\Chatango.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Pro Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Pro Agent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Pro\\DTAgent.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\f.lux]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="f.lux"
"hkey"="HKCU"
"command"="\"C:\\Users\\prle\\AppData\\Local\\FluxSoftware\\Flux\\flux.exe\" /noshow"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Facebook Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\prle\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FreeAC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FreeAC"
"hkey"="HKCU"
"command"="C:\\Program Files\\FreeAlarmClock\\FreeAlarmClock.exe -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_72C4CCDB27045DE9679412ACC2C5666F]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleChromeAutoLaunch_72C4CCDB27045DE9679412ACC2C5666F"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --no-startup-window"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightShot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LightShot"
"hkey"="HKCU"
"command"="C:\\Users\\prle\\AppData\\Local\\Skillbrains\\lightshot\\Lightshot.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroFilterCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaSuite.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NokiaSuite.exe"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nokia\\Nokia Suite\\NokiaSuite.exe -tray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Password Door]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Password Door"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\PASSWO~1\\TLPD.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM.EXE"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE -startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDVCPL"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVCpl.exe\" -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\se]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="se"
"hkey"="HKCU"
"command"="\"C:\\Users\\prle\\AppData\\Roaming\\SkypEmoticons\\SE.exe\" /minimized "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony Ericsson PC Suite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Sony Ericsson PC Suite"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Sony Ericsson\\Sony Ericsson PC Suite\\SEPCSuite.exe\" /systray /nologon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SPDriver]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SPDriver"
"hkey"="HKLM"
"command"="C:\\Program Files\\ShopperPro\\JSDriver\\1.37.0.202\\jsdrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SwitchBoard"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Users\\prle\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vProt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\AVG Secure Search\\vprot.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\TP-LINK Wireless Configuration Utility.lnk"
"backup"="C:\\Windows\\pss\\TP-LINK Wireless Configuration Utility.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\TP-LINK\\TP-LIN~1\\TWCU.exe -nogui"
"item"="TP-LINK Wireless Configuration Utility"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Aquarius Soft PC Alarm Clock Pro.lnk]
"path"="C:\\Users\\prle\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Aquarius Soft PC Alarm Clock Pro.lnk"
"backup"="C:\\Windows\\pss\\Aquarius Soft PC Alarm Clock Pro.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\AQUARI~1\\PCALAR~1\\alarm.exe /Startup"
"item"="Aquarius Soft PC Alarm Clock Pro"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Fences.lnk]
"path"="C:\\Users\\prle\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Fences.lnk"
"backup"="C:\\Windows\\pss\\Fences.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\Stardock\\Fences\\Fences.exe /startup"
"item"="Fences"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
"path"="C:\\Users\\prle\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MyPC Backup.lnk"
"backup"="C:\\Windows\\pss\\MyPC Backup.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\MYPCBA~1\\MYPCBA~1.EXE "
"item"="MyPC Backup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
"path"="C:\\Users\\prle\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Stardock ObjectDock.lnk"
"backup"="C:\\Windows\\pss\\Stardock ObjectDock.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Program Files\\Stardock\\ObjectDock\\ObjectDock.exe "
"item"="Stardock ObjectDock"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [26.11.2014 15:30]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04.12.2014 18:20]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04.12.2014 18:20]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe"]
"C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe"]
"C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe"]

==== Firefox Extensions ======================

ProfilePath: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default
- LavaFox V2 - %ProfilePath%\extensions\info@djzig.com
- Undetermined - %ProfilePath%\extensions\lwthemes-manager@loucypher.xpi
- Stylish - %ProfilePath%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
- YouTube High Definition - %ProfilePath%\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\prle\AppData\Roaming\Thunderbird\Profiles\9ih8p39i.default
- Test Pilot for Thunderbird - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default
8303B3CEC05500F763B4FA75210598BB - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll - Shockwave Flash
14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67
0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1
9759358F96AD19A9BC6E7314FB99D830 - C:\Users\prle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
D6BCD0765A259DB2481C082DDBD86AD7 - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll - Nokia Suite Enabler Plugin
F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight


==== Chromium Look ======================

Clip to OneNote - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Clip to OneNote - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
MySearch - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
SingleFile - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
Clip to OneNote - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Clip to OneNote - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Clip to OneNote - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
MySearch - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
SingleFile - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
Clip to OneNote - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Clip to OneNote - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Clip to OneNote - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
MySearch - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
SingleFile - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
Clip to OneNote - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Clip to OneNote - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Auto Replay for YouTube™ - prle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
Google Wallet - prle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Clip to OneNote - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Clip to OneNote - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Clip to OneNote - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
MySearch - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
SingleFile - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
Clip to OneNote - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{72302D6D-935C-4346-A5BB-96881B825ED8}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0E90424D-0616-420E-8E5C-6B6FD05CD6D7} Bing Url="http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox"
{72302D6D-935C-4346-A5BB-96881B825ED8} Yahoo Url="https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on pon 08.12.2014 at 22:52:13,92 ======================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\se];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SPDriver];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk];r
C:\Users\prle\AppData\Roaming\SkypEmoticons;fs
C:\Program Files\ShopperPro;fs
C:\\Program Files\AVG Secure Search;fs
aobhabljihdjejjfhfjoifpginokoaji;chr
baglmalcondloklnfgimjaljakojgooo;chr
dpejaigcnihfpkghmgbkldlhpmoodlic;chr
eglhenilcnljodgkoganfogeejaobbfb;chr
hngegahohpjkdinobobplbepfnjhiapi;chr
jnfiknodfamfadimbpboenlekogbbpan;chr
jonkilmpochnfeolnaemapokondgjmdo;chr
mpiodijhokgodhhofbcjdecpffjipkle;chr
najbgfecdkpcinmghjdnppcpocdffmag;chr
emptyalltemp;
emptyclsid;
shortcutfix;
autoclean;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Kopiraj sadržaj tog loga u poruku.