Prosím o kontrolu logu, přes firefox vyskakují různé reklamy

Zpráva

rada85 · #1 Příspěvek od **rada85** » 05 dub 2015 08:14

Nefunguje ani blokování oken a ani AD Block

Logfile of random's system information tool 1.10 (written by random/random)
Run by User at 2015-04-05 09:10:50
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 140 GB (70%) free of 200 GB
Total RAM: 4032 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:11:04, on 5.4.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\mr fun\mr_fun_notification_service.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: 3cbeccd0f561013193a909dd7c8eb7090062182 - {11111111-1111-1111-1111-110611211182} - C:\Program Files (x86)\Shopp_Upe_1.8\Shopp_Upe_1.8-bho.dll (file missing)
O2 - BHO: SaleeSMaigneet - {23c4a9ae-1a6d-453f-8565-44680b7f1e17} - C:\ProgramData\SaleeSMaigneet\DK7EkINJXpTIZs.dll (file missing)
O2 - BHO: FinEDDealSoft - {329da942-ae15-46d2-b983-1491bd88112c} - C:\ProgramData\FinEDDealSoft\qidC37ULxpZ3wf.dll (file missing)
O2 - BHO: dealPeak - {d72c64bb-d587-473b-affe-0f27582eb844} - C:\ProgramData\dealPeak\DaH1U0Ja40IbUs.dll (file missing)
O2 - BHO: RoiyyalShoppearAAppi - {ed2594bd-2ee9-43de-84d6-2a162dd61f1b} - C:\ProgramData\RoiyyalShoppearAAppi\LDLoYZHzBhABo3.dll (file missing)
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8211 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\igfxCUIService.exe
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
taskeng.exe {8C27ECD0-6C70-4154-8BDC-00680F5FCB6A}
"C:\Program Files (x86)\mr fun\mr_fun_notification_service.exe" /url='http://cdn.selectbestopt.com/notf_sys/index.html' /crregname='mr fun' /appid='73143' /srcid='2913' /bic='8744cc2e44458d78deb18f3f05c7aa96' /verifier='67d74c9a0900f8f721982bbf1832b051' /installerversion='1.50.3.10' /statsdomain='http://stats.buildomserv.com/data.gif?' /errorsdomain='http://stats.buildomserv.com/data.gif?' /monetizationdomain='http://logs.buildomserv.com/monetization.gif?' /installationtime='1427993863' /runfrom='task' /brwtype='notbg' /postponedhours='6'
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
"C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
igfxEM.exe
igfxHK.exe
igfxTray.exe
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20150216192849.log C:\Windows\Logs\CBS\CbsPersist_20150216192849.cab
\??\C:\Windows\system32\conhost.exe "-2075027366992427188-378920900-4015435468829859718444036755203921141916219352
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=612.22bc4780.888654122 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 612 "\\.\pipe\gecko-crash-server-pipe.612" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --proxy-stub-channel=Flash3128.6EC4BE28.9915 --host-broker-channel=Flash3128.6EC4BE28.1144 --host-pid=3128 --host-npapi-version=28 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --channel=3160.002CF76C.171964706 --proxy-stub-channel=Flash3128.6EC4BE28.9915 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" --host-npapi-version=28 --type=renderer
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-bfa10dc3-7514-410e-9a0c-3e168b277b41 -SystemEventPortName:HostProcess-f3a02e45-35fa-4c95-83d6-c761d75217c8 -IoCancelEventPortName:HostProcess-cc90ce10-55eb-4043-a436-121b7e9c5217 -NonStateChangingEventPortName:HostProcess-31e7cb70-78f4-4b65-a4be-999a828ede39 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:29d2d889-30b9-437d-943f-c54fe44a9333 -DeviceGroupId:WpdFsGroup
"F:\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\mr_fun_notification_service.job - C:\Program Files (x86)\mr fun\mr_fun_notification_service.exe /url='http://cdn.selectbestopt.com/notf_sys/index.html' /crregname='mr fun' /appid='73143' /srcid='2913' /bic='8744cc2e44458d78deb18f3f05c7aa96' /verifier='67d74c9a0900f8f721982bbf1832b051' /installerversion='1.50.3.10' /statsdomain='http://stats.buildomserv.com/data.gif?' /errorsdomain='http://stats.buildomserv.com/data.gif?' /monetizationdomain='http://logs.buildomserv.com/monetization.gif?' /installationtime='1427993863' /runfrom='task' /brwtype='notbg' /postponedhours='6'
C:\Windows\tasks\mr_fun_updating_service.job - C:\Program Files (x86)\mr fun\mr_fun_updating_service.exe /campid=2913 /verid=1 /url=http://cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=mr_fun_updating_service /funurl=http://stats.buildomserv.com
C:\Windows\tasks\zvjarNrd1S4wtm5U3ky8nFa.job - C:\Users\User\AppData\Roaming\zvjarNrd1S4wtm5U3ky8nFa.exe --c=ky7PwYzRuV3mV9f+YS9tMOAIGF96WAb4MbH+biaiuz0h8Nt+pgjscUEwegK63fH9s99bexEBNXyeTkwm7Gfe5m45JVgYgM/wBurJhLQcgnyHyqZkiXBN3r91qJQpW4nMuB360JvN18RPZv0Yo6cBNe3T4rlLzafcstV0P7PoHTUCxxgSxH30WACIPIxKWWQkTVHfCFiyKWNbmWUiWgnY6IczSC44TMTOr6pgu65lnPnNNiRwL/PeweHK4at8U8gxzTdOKQbQkBb8mjx1i6XocU7CsQtJrAU7I9WOPByxpAvOfHRI4a84NCrPCYeaTa2IFuLVYZkHVgcyBlLmJHtvRw==

=========Mozilla firefox=========

ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j4127pcy.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611211182}]
Shopp_Upe_1.8 - C:\Program Files (x86)\Shopp_Upe_1.8\Shopp_Upe_1.8-bho64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23c4a9ae-1a6d-453f-8565-44680b7f1e17}]
SaleeSMaigneet - C:\ProgramData\SaleeSMaigneet\DK7EkINJXpTIZs.x64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{329da942-ae15-46d2-b983-1491bd88112c}]
FinEDDealSoft - C:\ProgramData\FinEDDealSoft\qidC37ULxpZ3wf.x64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d72c64bb-d587-473b-affe-0f27582eb844}]
dealPeak - C:\ProgramData\dealPeak\DaH1U0Ja40IbUs.x64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed2594bd-2ee9-43de-84d6-2a162dd61f1b}]
RoiyyalShoppearAAppi - C:\ProgramData\RoiyyalShoppearAAppi\LDLoYZHzBhABo3.x64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611211182}]
Shopp_Upe_1.8 - C:\Program Files (x86)\Shopp_Upe_1.8\Shopp_Upe_1.8-bho.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23c4a9ae-1a6d-453f-8565-44680b7f1e17}]
SaleeSMaigneet - C:\ProgramData\SaleeSMaigneet\DK7EkINJXpTIZs.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{329da942-ae15-46d2-b983-1491bd88112c}]
FinEDDealSoft - C:\ProgramData\FinEDDealSoft\qidC37ULxpZ3wf.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d72c64bb-d587-473b-affe-0f27582eb844}]
dealPeak - C:\ProgramData\dealPeak\DaH1U0Ja40IbUs.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed2594bd-2ee9-43de-84d6-2a162dd61f1b}]
RoiyyalShoppearAAppi - C:\ProgramData\RoiyyalShoppearAAppi\LDLoYZHzBhABo3.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-01-13 7510896]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30 1332296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"=C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [2014-11-27 466144]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-03-06 292848]
"BtTray"=C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2012-09-03 364544]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-04-05 09:10:51 ----D---- C:\Program Files\trend micro
2015-04-05 09:10:50 ----D---- C:\rsit
2015-04-04 23:18:37 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-04 20:08:56 ----D---- C:\ProgramData\Malwarebytes
2015-04-02 18:57:39 ----D---- C:\Program Files (x86)\mr fun
2015-03-29 19:43:54 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-03-25 19:30:34 ----A---- C:\Windows\system32\invagent.dll
2015-03-25 19:30:34 ----A---- C:\Windows\system32\generaltel.dll
2015-03-25 19:30:34 ----A---- C:\Windows\system32\appraiser.dll
2015-03-25 19:30:34 ----A---- C:\Windows\system32\aeinv.dll
2015-03-25 19:30:34 ----A---- C:\Windows\system32\acmigration.dll
2015-03-25 19:30:33 ----A---- C:\Windows\system32\devinv.dll
2015-03-25 19:30:33 ----A---- C:\Windows\system32\aepic.dll
2015-03-25 19:30:33 ----A---- C:\Windows\system32\aepdu.dll
2015-03-16 01:01:59 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-03-16 01:01:59 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-03-16 01:01:59 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-03-16 01:01:59 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-03-16 01:01:59 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-03-16 01:01:58 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-03-16 01:01:54 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-03-16 01:01:54 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-03-16 01:01:54 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-03-16 01:01:54 ----A---- C:\Windows\system32\iernonce.dll
2015-03-16 01:01:54 ----A---- C:\Windows\system32\ie4uinit.exe
2015-03-16 01:01:53 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-03-16 01:01:53 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-03-16 01:01:53 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-03-16 01:01:53 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-16 01:01:50 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-03-16 01:01:50 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-03-16 01:01:50 ----A---- C:\Windows\system32\urlmon.dll
2015-03-16 01:01:50 ----A---- C:\Windows\system32\iedkcs32.dll
2015-03-16 01:01:49 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-03-16 01:01:49 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-03-16 01:01:49 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-03-16 01:01:49 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-03-16 01:01:48 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-03-16 01:01:48 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-03-16 01:01:48 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-16 01:01:48 ----A---- C:\Windows\system32\dxtrans.dll
2015-03-16 01:01:47 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-03-16 01:01:47 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-03-16 01:01:47 ----A---- C:\Windows\system32\msfeeds.dll
2015-03-16 01:01:46 ----A---- C:\Windows\system32\iesetup.dll
2015-03-16 01:01:46 ----A---- C:\Windows\system32\ieapfltr.dll
2015-03-16 01:01:44 ----A---- C:\Windows\system32\iertutil.dll
2015-03-16 01:01:43 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-03-16 01:01:43 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-03-16 01:01:43 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-03-16 01:01:42 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-03-16 01:01:42 ----A---- C:\Windows\system32\jsproxy.dll
2015-03-16 01:01:42 ----A---- C:\Windows\system32\ieUnatt.exe
2015-03-16 01:01:41 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-03-16 01:01:40 ----A---- C:\Windows\system32\ieui.dll
2015-03-16 01:01:40 ----A---- C:\Windows\system32\dxtmsft.dll
2015-03-16 01:01:39 ----A---- C:\Windows\system32\ieframe.dll
2015-03-16 01:01:38 ----A---- C:\Windows\system32\mshtmled.dll
2015-03-16 01:01:37 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-03-16 01:01:37 ----A---- C:\Windows\system32\jscript9diag.dll
2015-03-16 01:01:36 ----A---- C:\Windows\system32\vbscript.dll
2015-03-16 01:01:36 ----A---- C:\Windows\system32\jscript9.dll
2015-03-16 01:01:35 ----A---- C:\Windows\system32\wininet.dll
2015-03-16 01:01:34 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-03-16 01:01:33 ----A---- C:\Windows\system32\msrating.dll
2015-03-16 01:01:32 ----A---- C:\Windows\system32\mshtml.dll
2015-03-11 00:13:59 ----A---- C:\Windows\SYSWOW64\mf.dll
2015-03-11 00:13:58 ----A---- C:\Windows\SYSWOW64\wmp.dll
2015-03-11 00:13:58 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-03-11 00:13:54 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-03-11 00:13:54 ----A---- C:\Windows\system32\crypt32.dll
2015-03-11 00:13:53 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-03-11 00:13:53 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-03-11 00:13:52 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2015-03-11 00:13:51 ----A---- C:\Windows\system32\mf.dll
2015-03-11 00:13:50 ----A---- C:\Windows\system32\wmp.dll
2015-03-11 00:13:48 ----A---- C:\Windows\system32\drmv2clt.dll
2015-03-11 00:13:47 ----A---- C:\Windows\SYSWOW64\quartz.dll
2015-03-11 00:13:47 ----A---- C:\Windows\system32\quartz.dll
2015-03-11 00:13:45 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2015-03-11 00:13:45 ----A---- C:\Windows\system32\winload.exe
2015-03-11 00:13:45 ----A---- C:\Windows\system32\msscp.dll
2015-03-11 00:13:44 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2015-03-11 00:13:44 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2015-03-11 00:13:44 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2015-03-11 00:13:44 ----A---- C:\Windows\system32\cryptui.dll
2015-03-11 00:13:43 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-03-11 00:13:43 ----A---- C:\Windows\system32\wmdrmsdk.dll
2015-03-11 00:13:43 ----A---- C:\Windows\system32\wintrust.dll
2015-03-11 00:13:43 ----A---- C:\Windows\system32\pcasvc.dll
2015-03-11 00:13:43 ----A---- C:\Windows\system32\cryptnet.dll
2015-03-11 00:13:43 ----A---- C:\Windows\system32\audiosrv.dll
2015-03-11 00:13:42 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2015-03-11 00:13:42 ----A---- C:\Windows\system32\srcore.dll
2015-03-11 00:13:42 ----A---- C:\Windows\system32\blackbox.dll
2015-03-11 00:13:41 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2015-03-11 00:13:41 ----A---- C:\Windows\system32\rstrui.exe
2015-03-11 00:13:40 ----A---- C:\Windows\system32\drmmgrtn.dll
2015-03-11 00:13:39 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2015-03-11 00:13:39 ----A---- C:\Windows\system32\mfplat.dll
2015-03-11 00:13:39 ----A---- C:\Windows\system32\AUDIOKSE.dll
2015-03-11 00:13:38 ----A---- C:\Windows\SYSWOW64\evr.dll
2015-03-11 00:13:38 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2015-03-11 00:13:38 ----A---- C:\Windows\system32\evr.dll
2015-03-11 00:13:37 ----A---- C:\Windows\SYSWOW64\msscp.dll
2015-03-11 00:13:37 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-03-11 00:13:37 ----A---- C:\Windows\system32\AudioSes.dll
2015-03-11 00:13:36 ----A---- C:\Windows\system32\qdvd.dll
2015-03-11 00:13:36 ----A---- C:\Windows\system32\audiodg.exe
2015-03-11 00:13:35 ----A---- C:\Windows\system32\msnetobj.dll
2015-03-11 00:13:35 ----A---- C:\Windows\system32\cryptsvc.dll
2015-03-11 00:13:32 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2015-03-11 00:13:32 ----A---- C:\Windows\system32\pcadm.dll
2015-03-11 00:13:32 ----A---- C:\Windows\system32\AudioEng.dll
2015-03-11 00:13:31 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2015-03-11 00:13:31 ----A---- C:\Windows\system32\rrinstaller.exe
2015-03-11 00:13:30 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2015-03-11 00:13:30 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2015-03-11 00:13:29 ----A---- C:\Windows\SYSWOW64\mfps.dll
2015-03-11 00:13:29 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-03-11 00:13:29 ----A---- C:\Windows\system32\smss.exe
2015-03-11 00:13:29 ----A---- C:\Windows\system32\msmmsp.dll
2015-03-11 00:13:29 ----A---- C:\Windows\system32\mfps.dll
2015-03-11 00:13:28 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2015-03-11 00:13:28 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2015-03-11 00:13:28 ----A---- C:\Windows\system32\pcawrk.exe
2015-03-11 00:13:28 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2015-03-11 00:13:28 ----A---- C:\Windows\system32\appidsvc.dll
2015-03-11 00:13:28 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 00:13:28 ----A---- C:\Windows\system32\appidapi.dll
2015-03-11 00:13:27 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-03-11 00:13:27 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2015-03-11 00:13:27 ----A---- C:\Windows\system32\srclient.dll
2015-03-11 00:13:27 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-03-11 00:13:27 ----A---- C:\Windows\system32\pcalua.exe
2015-03-11 00:13:27 ----A---- C:\Windows\system32\mfpmp.exe
2015-03-11 00:13:27 ----A---- C:\Windows\system32\EncDump.dll
2015-03-11 00:13:27 ----A---- C:\Windows\system32\csrsrv.dll
2015-03-11 00:13:27 ----A---- C:\Windows\system32\cryptsp.dll
2015-03-11 00:13:26 ----A---- C:\Windows\system32\drivers\appid.sys
2015-03-11 00:13:26 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 00:13:24 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2015-03-11 00:13:24 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2015-03-11 00:13:24 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-03-11 00:13:24 ----A---- C:\Windows\system32\spwmp.dll
2015-03-11 00:13:24 ----A---- C:\Windows\system32\pcaevts.dll
2015-03-11 00:13:24 ----A---- C:\Windows\system32\dxmasf.dll
2015-03-11 00:13:24 ----A---- C:\Windows\system32\apisetschema.dll
2015-03-11 00:13:23 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2015-03-11 00:13:23 ----A---- C:\Windows\system32\wmploc.DLL
2015-03-11 00:13:21 ----A---- C:\Windows\SYSWOW64\mferror.dll
2015-03-11 00:13:21 ----A---- C:\Windows\system32\mferror.dll
2015-03-11 00:11:53 ----A---- C:\Windows\system32\shell32.dll
2015-03-11 00:11:52 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-03-11 00:11:50 ----A---- C:\Windows\SYSWOW64\ubpm.dll
2015-03-11 00:11:50 ----A---- C:\Windows\system32\ubpm.dll
2015-03-11 00:11:46 ----A---- C:\Windows\system32\schannel.dll
2015-03-11 00:11:46 ----A---- C:\Windows\system32\lsasrv.dll
2015-03-11 00:11:46 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-03-11 00:11:46 ----A---- C:\Windows\system32\drivers\cng.sys
2015-03-11 00:11:45 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-03-11 00:11:45 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-03-11 00:11:45 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-03-11 00:11:45 ----A---- C:\Windows\system32\wdigest.dll
2015-03-11 00:11:45 ----A---- C:\Windows\system32\ncrypt.dll
2015-03-11 00:11:45 ----A---- C:\Windows\system32\msv1_0.dll
2015-03-11 00:11:45 ----A---- C:\Windows\system32\kerberos.dll
2015-03-11 00:11:45 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-03-11 00:11:44 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-03-11 00:11:44 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-03-11 00:11:44 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-03-11 00:11:44 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-03-11 00:11:44 ----A---- C:\Windows\system32\TSpkg.dll
2015-03-11 00:11:44 ----A---- C:\Windows\system32\sspisrv.dll
2015-03-11 00:11:44 ----A---- C:\Windows\system32\sspicli.dll
2015-03-11 00:11:44 ----A---- C:\Windows\system32\lsass.exe
2015-03-11 00:11:44 ----A---- C:\Windows\system32\credssp.dll
2015-03-11 00:11:44 ----A---- C:\Windows\system32\auditpol.exe
2015-03-11 00:11:43 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-03-11 00:11:43 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-03-11 00:11:43 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-03-11 00:11:43 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-03-11 00:11:43 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-03-11 00:11:43 ----A---- C:\Windows\system32\secur32.dll
2015-03-11 00:11:43 ----A---- C:\Windows\system32\msaudite.dll
2015-03-11 00:11:43 ----A---- C:\Windows\system32\adtschema.dll
2015-03-11 00:11:42 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-03-11 00:11:42 ----A---- C:\Windows\system32\msobjs.dll
2015-03-11 00:07:47 ----A---- C:\Windows\system32\atmfd.dll
2015-03-11 00:07:46 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-03-11 00:07:46 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-03-11 00:07:46 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-03-11 00:07:46 ----A---- C:\Windows\system32\lpk.dll
2015-03-11 00:07:46 ----A---- C:\Windows\system32\dciman32.dll
2015-03-11 00:07:46 ----A---- C:\Windows\system32\atmlib.dll
2015-03-11 00:07:45 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-03-11 00:07:45 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-03-11 00:07:45 ----A---- C:\Windows\system32\fontsub.dll
2015-03-10 23:52:58 ----A---- C:\Windows\system32\msctf.dll
2015-03-10 23:52:57 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-03-10 23:52:56 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-03-10 23:52:55 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-03-10 23:52:51 ----A---- C:\Windows\system32\win32k.sys
2015-03-10 23:48:37 ----A---- C:\Windows\system32\WMPhoto.dll
2015-03-10 23:48:36 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll

======List of files/folders modified in the last 1 month======

2015-04-05 09:10:55 ----D---- C:\Windows\Temp
2015-04-05 09:10:51 ----RD---- C:\Program Files
2015-04-05 09:10:28 ----D---- C:\Windows\System32
2015-04-05 09:10:28 ----D---- C:\Windows\inf
2015-04-05 09:10:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-04-05 09:07:29 ----A---- C:\Windows\SYSWOW64\bscs.ini
2015-04-05 09:05:30 ----D---- C:\Windows\system32\config
2015-04-05 09:04:28 ----A---- C:\Windows\SYSWOW64\LOCALSERVICE.INI
2015-04-05 09:04:24 ----A---- C:\Windows\SYSWOW64\LOCALDEVICE.INI
2015-04-04 23:18:37 ----RD---- C:\Program Files (x86)
2015-04-04 23:09:51 ----D---- C:\Windows\system32\drivers
2015-04-04 23:05:41 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-04-04 22:58:38 ----SHD---- C:\System Volume Information
2015-04-04 22:56:46 ----D---- C:\Program Files (x86)\Sanatorium Green Hills
2015-04-04 22:55:01 ----D---- C:\Program Files (x86)\Alawarhry.cz
2015-04-04 22:41:57 ----D---- C:\Windows\Migration
2015-04-04 22:41:53 ----HD---- C:\ProgramData
2015-04-04 22:41:53 ----D---- C:\Program Files (x86)\globalUpdate
2015-04-04 22:41:52 ----D---- C:\Program Files (x86)\Bechiro S.L
2015-04-04 22:41:47 ----D---- C:\Windows\Tasks
2015-04-04 22:41:47 ----D---- C:\Windows\system32\Tasks
2015-04-04 21:01:18 ----A---- C:\Windows\SYSWOW64\REMOTEDEVICE.INI
2015-04-04 20:05:21 ----D---- C:\Users\User\AppData\Roaming\Skype
2015-04-04 19:52:45 ----D---- C:\Windows
2015-04-04 19:48:08 ----D---- C:\Windows\Downloaded Program Files
2015-04-03 00:58:19 ----D---- C:\Windows\SysWOW64
2015-03-27 08:50:02 ----D---- C:\Windows\winsxs
2015-03-27 08:47:09 ----SD---- C:\Windows\system32\CompatTel
2015-03-27 08:47:09 ----D---- C:\Windows\system32\wbem
2015-03-27 08:47:09 ----D---- C:\Windows\system32\appraiser
2015-03-27 08:47:09 ----D---- C:\Windows\AppPatch
2015-03-25 19:22:55 ----D---- C:\Windows\system32\catroot2
2015-03-16 04:18:07 ----D---- C:\Windows\SYSWOW64\en-US
2015-03-16 04:18:07 ----D---- C:\Windows\system32\en-US
2015-03-16 04:18:07 ----D---- C:\Program Files\Internet Explorer
2015-03-16 04:18:07 ----D---- C:\Program Files (x86)\Internet Explorer
2015-03-16 01:33:51 ----D---- C:\Windows\SYSWOW64\Dism
2015-03-16 01:33:51 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-03-16 01:33:51 ----D---- C:\Program Files\Windows Media Player
2015-03-16 01:33:51 ----D---- C:\Program Files (x86)\Windows Media Player
2015-03-16 01:33:50 ----D---- C:\Windows\system32\Dism
2015-03-16 01:33:50 ----D---- C:\Windows\system32\cs-CZ
2015-03-16 01:33:50 ----D---- C:\Windows\system32\Boot
2015-03-16 01:18:26 ----SHD---- C:\Windows\Installer
2015-03-16 01:18:24 ----SHD---- C:\Config.Msi
2015-03-16 01:18:24 ----D---- C:\ProgramData\Microsoft Help
2015-03-16 01:05:46 ----D---- C:\Windows\system32\MRT
2015-03-16 01:00:37 ----A---- C:\Windows\system32\MRT.exe
2015-03-06 19:10:40 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-03-06 19:02:34 ----D---- C:\Windows\Prefetch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2013-11-08 632168]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2013-11-08 28008]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-03-06 20464]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-11-15 274696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 124560]
R3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-19 56904]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-08-14 48736]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2014-08-14 4786544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-01-14 3837144]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-03-06 370672]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-03-06 791024]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-12-09 100312]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2012-12-06 2350176]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [2011-09-21 258664]
R3 rtbth;RTBTH Bluetooth Device Driver; C:\Windows\system32\DRIVERS\rtbth.sys [2012-09-05 695904]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-12-18 888536]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\drivers\usbfilter.sys [2011-12-13 56448]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\drivers\amdhub30.sys [2012-01-04 103552]
S3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\amdxhc.sys [2012-01-04 220288]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 iaStor;iaStor; C:\Windows\system32\drivers\iaStor.sys [2012-02-02 568600]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\drivers\nusb3hub.sys [2010-07-27 78848]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\nusb3xhc.sys [2010-07-27 180224]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-09-03 1602560]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-11-08 15720]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2014-08-14 324424]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-01-30 23784]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-01-08 290520]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-09-03 138752]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-01-30 366512]
S2 038428a9;TrustMix; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2014-08-14 276808]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-02-20 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-04-03 148080]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-10-13 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

rada85 · #2 Příspěvek od **rada85** » 05 dub 2015 08:40

Ještě bylo projeto přes malwarebytes našel cca 150 hrozeb, odstraněno, ale žádná změna.
Otevírají se nová okna nebo reklamy kde je v rohu Ads by name a Ad option.

Díky

#3 Příspěvek od **vyosek** » 05 dub 2015 08:57

Zdravim

Log z MBAM by byl

rada85 · #4 Příspěvek od **rada85** » 05 dub 2015 09:11

Taky Vás zdravím, tady je log

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/04/04 20:10:24 +0200</date>
<logfile>mbam-log-2015-04-04 (20-10-14).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.01.4.1018</version>
<malware-database>v2015.04.04.05</malware-database>
<rootkit-database>v2015.03.31.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>User</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>342328</objects>
<time>2940</time>
<processes>0</processes>
<modules>0</modules>
<keys>68</keys>
<values>5</values>
<datas>2</datas>
<folders>21</folders>
<files>53</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0CFBE80D-5608-4309-A0F5-3B1414833432}</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>eda8f771b0da54e2e78c90dc1de6ff01</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Bechiro.smartbardskBnd.1</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>eda8f771b0da54e2e78c90dc1de6ff01</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Bechiro.smartbardskBnd</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>eda8f771b0da54e2e78c90dc1de6ff01</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Bechiro.smartbardskBnd</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>eda8f771b0da54e2e78c90dc1de6ff01</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\Bechiro.smartbardskBnd</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>eda8f771b0da54e2e78c90dc1de6ff01</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Bechiro.smartbardskBnd.1</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>eda8f771b0da54e2e78c90dc1de6ff01</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\Bechiro.smartbardskBnd.1</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>eda8f771b0da54e2e78c90dc1de6ff01</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0CFBE80D-5608-4309-A0F5-3B1414833432}</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>eda8f771b0da54e2e78c90dc1de6ff01</hash></key>
<key><path>HKU\S-1-5-21-2897123802-2947230696-785428262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0CFBE80D-5608-4309-A0F5-3B1414833432}</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>eda8f771b0da54e2e78c90dc1de6ff01</hash></key>
<key><path>HKU\S-1-5-21-2897123802-2947230696-785428262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0CFBE80D-5608-4309-A0F5-3B1414833432}</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>eda8f771b0da54e2e78c90dc1de6ff01</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FD36FEBE-DBA1-4597-9DD1-B13794B92F68}</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>2273fa6e5f2b5bdbaec66b010df60ef2</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Bechiro.smartbarHlpr.1</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>2273fa6e5f2b5bdbaec66b010df60ef2</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Bechiro.smartbarHlpr</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>2273fa6e5f2b5bdbaec66b010df60ef2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Bechiro.smartbarHlpr</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>2273fa6e5f2b5bdbaec66b010df60ef2</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\Bechiro.smartbarHlpr</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>2273fa6e5f2b5bdbaec66b010df60ef2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FD36FEBE-DBA1-4597-9DD1-B13794B92F68}</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>2273fa6e5f2b5bdbaec66b010df60ef2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Bechiro.smartbarHlpr.1</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>2273fa6e5f2b5bdbaec66b010df60ef2</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\Bechiro.smartbarHlpr.1</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>2273fa6e5f2b5bdbaec66b010df60ef2</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FD36FEBE-DBA1-4597-9DD1-B13794B92F68}</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>2273fa6e5f2b5bdbaec66b010df60ef2</hash></key>
<key><path>HKU\S-1-5-21-2897123802-2947230696-785428262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD36FEBE-DBA1-4597-9DD1-B13794B92F68}</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>2273fa6e5f2b5bdbaec66b010df60ef2</hash></key>
<key><path>HKU\S-1-5-21-2897123802-2947230696-785428262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD36FEBE-DBA1-4597-9DD1-B13794B92F68}</path><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><hash>2273fa6e5f2b5bdbaec66b010df60ef2</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Bechiro.smartbarappCore</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>3263fd6b464452e491e054a7ea194eb2</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Bechiro.smartbarappCore.1</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>dbbaf672b2d8cb6b8be68c6ff60d40c0</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\esrv.smartbarESrvc</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>cfc693d5b9d162d42052d328f50e9f61</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\esrv.smartbarESrvc.1</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>4a4b4c1c008af343cca61ae1b251e61a</hash></key>
<key><path>HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\23586</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>365f7debabdf2313d7752fcc7d86817f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\Shopp_Upe_1.8</path><vendor>PUP.Optional.ShopUp.A</vendor><action>success</action><hash>ff96224661291422c4df973dad568e72</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\BECHIRO S.L.\smartbar</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>aaebdf89dcae22144a256e8dcc3737c9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Bechiro.smartbarappCore</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>494c4127a0ea77bf026f9566ef14b64a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Bechiro.smartbarappCore.1</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>237202663b4f171f175a45b647bcf30d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.smartbarESrvc</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>4e47dd8b5931e551d0a201face358d73</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.smartbarESrvc.1</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>d0c5beaa51399d99aac8a45740c30ff1</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>5540a5c38307f046434129b9e81bd729</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\flcjcajklmlbpmgckpcmnampagbhhmcp</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>ace9a1c719717eb898ab1329df2614ec</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\23586</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>286dc5a3e3a79f97b4982fcceb181ce4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\smartbar</path><vendor>Adware.SmartBar</vendor><action>success</action><hash>534264044644a5917c900890828228d8</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>02935e0a5a3032041cd78cb23fc646ba</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>2075e97f6e1c40f6589c2c12669f6e92</hash></key>
<key><path>HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Shopp_Upe_1.8</path><vendor>PUP.Optional.ShopUp.A</vendor><action>success</action><hash>d3c26bfd23677cba366b2aaa28db53ad</hash></key>
<key><path>HKU\S-1-5-21-2897123802-2947230696-785428262-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>3f56a9bf1575ce6846c8112024e1837d</hash></key>
<key><path>HKU\S-1-5-21-2897123802-2947230696-785428262-1000\SOFTWARE\APPDATALOW\SOFTWARE\Shopp_Upe_1.8</path><vendor>PUP.Optional.ShopUp.A</vendor><action>success</action><hash>801551175c2efa3c3968c113bb48659b</hash></key>
<key><path>HKU\S-1-5-21-2897123802-2947230696-785428262-1000\SOFTWARE\BECHIRO S.L.\smartbar</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>6e276afe2d5d44f291df02f913f0748c</hash></key>
<key><path>HKU\S-1-5-21-2897123802-2947230696-785428262-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY</path><vendor>PUP.Optional.GlobalUpdate.C</vendor><action>success</action><hash>c0d55216b5d57eb8973d169f778c6997</hash></key>
<key><path>HKU\S-1-5-21-2897123802-2947230696-785428262-1000\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\23586</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>a6ef630506842412b9a13f985aa96a96</hash></key>
<key><path>HKU\S-1-5-21-2897123802-2947230696-785428262-1000\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Winportal</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>ade8afb97614ad89894801f851b26a96</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdate.OneClickCtrl.10</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdate.Update3WebControl.4</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1</path><vendor>PUP.Optional.GetTheDiscount.A</vendor><action>success</action><hash>6e27ee7a6e1ce94d43f659483ec5d22e</hash></key>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path><valuename>{0CFBE80D-5608-4309-A0F5-3B1414833432}</valuename><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><valuedata>SmartBar Toolbar</valuedata><hash>eda8f771b0da54e2e78c90dc1de6ff01</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{0CFBE80D-5608-4309-A0F5-3B1414833432}</path><valuename></valuename><vendor>PUP.Optional.Smartbar.A</vendor><action>success</action><valuedata></valuedata><hash>0194b0b88901b77fa3d0f17b23e0cf31</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE</path><valuename>path</valuename><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><valuedata>C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe</valuedata><hash>5540a5c38307f046434129b9e81bd729</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATEDEV</path><valuename>AuCheckPeriodMs</valuename><vendor>PUP.Optional.GlobalUpdate.C</vendor><action>success</action><valuedata>21600000</valuedata><hash>72232048b7d344f2ba81516411f27c84</hash></value>
<value><path>HKU\S-1-5-21-2897123802-2947230696-785428262-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY</path><valuename>source</valuename><vendor>PUP.Optional.GlobalUpdate.C</vendor><action>success</action><valuedata>direct</valuedata><hash>c0d55216b5d57eb8973d169f778c6997</hash></value>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.GboxApp.A</vendor><action>replaced</action><valuedata>http://search.gboxapp.com/?aff=p</value ... ash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.GboxApp.A</vendor><action>replaced</action><valuedata>http://search.gboxapp.com/?aff=p</value ... ash></data>
<folder><path>C:\Users\User\AppData\Local\Temp\mt_ffx\Bechiro S.L</path><vendor>PUP.Optional.ToolBarbInstaller.A</vendor><action>success</action><hash>f5a00167e0aa5fd774473d4944bf9e62</hash></folder>
<folder><path>C:\Users\User\AppData\Local\Temp\mt_ffx\Bechiro S.L\smartbar</path><vendor>PUP.Optional.ToolBarbInstaller.A</vendor><action>success</action><hash>f5a00167e0aa5fd774473d4944bf9e62</hash></folder>
<folder><path>C:\Users\User\AppData\Local\Temp\mt_ffx\Bechiro S.L\smartbar\1.8.8.12</path><vendor>PUP.Optional.ToolBarbInstaller.A</vendor><action>success</action><hash>f5a00167e0aa5fd774473d4944bf9e62</hash></folder>
<folder><path>C:\Program Files (x86)\Bechiro S.L\smartbar</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>d6bfcc9cabdf05317c42b8cef60dc040</hash></folder>
<folder><path>C:\Program Files (x86)\Bechiro S.L\smartbar\1.8.8.12</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>d6bfcc9cabdf05317c42b8cef60dc040</hash></folder>
<folder><path>C:\Program Files (x86)\Bechiro S.L\smartbar\1.8.8.12\bh</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>d6bfcc9cabdf05317c42b8cef60dc040</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Download</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Download\{B6EA0772-A24A-422A-86F5-F73A6BB2886E}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Download\{B6EA0772-A24A-422A-86F5-F73A6BB2886E}\1.3.25.27</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Install</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Offline</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Offline\{FCB58386-ECDD-4C40-AE7D-19566BC914E6}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></folder>
<folder><path>C:\Users\User\AppData\Local\Temp\comh.227200</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>068fe088226888ae43aaa4f244bfca36</hash></folder>
<folder><path>C:\ProgramData\DealsFactor</path><vendor>PUP.Optional.DealsFactor.A</vendor><action>success</action><hash>6134a2c67119a294202e7f1e7093ce32</hash></folder>
<folder><path>C:\Program Files (x86)\Shopp_Upe_1.8</path><vendor>PUP.Optional.ShopUp.A</vendor><action>success</action><hash>5d386701bfcb70c61cd50799cd36916f</hash></folder>
<folder><path>C:\ProgramData\GetTheDiscount</path><vendor>PUP.Optional.GetTheDiscount.A</vendor><action>success</action><hash>6e27ee7a6e1ce94d43f659483ec5d22e</hash></folder>
<folder><path>C:\ProgramData\CoupScanner</path><vendor>PUP.Optional.CoupScanner.A</vendor><action>success</action><hash>03923335a2e8d462c62b5e43ee15ae52</hash></folder>
<folder><path>C:\ProgramData\savernet</path><vendor>PUP.Optional.SaverNet.A</vendor><action>success</action><hash>2d68d197ff8be94dcf92a104c043a35d</hash></folder>
<folder><path>C:\ProgramData\dealPeak</path><vendor>PUP.Optional.DealPeak.A</vendor><action>success</action><hash>5a3b92d60783e84e474c4c631de61be5</hash></folder>
<file><path>C:\Users\User\AppData\Roaming\zvjarNrd1S4wtm5U3ky8nFa.exe</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>c3d273f52d5d51e5ab6c3720847cef11</hash></file>
<file><path>C:\Program Files (x86)\mr fun\mr_fun_updating_service.exe</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>5a3be4840c7efb3b3224cc75d52d02fe</hash></file>
<file><path>C:\Windows\System32\Tasks\7c68aaf5-ee9a-4cda-b69e-d7cc9ad3e8c1-1</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>019465035634f4425d225989fe05a759</hash></file>
<file><path>C:\Windows\System32\Tasks\7c68aaf5-ee9a-4cda-b69e-d7cc9ad3e8c1-11</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>5d38fb6dbcce1f177d02cf13ca392cd4</hash></file>
<file><path>C:\Windows\System32\Tasks\7c68aaf5-ee9a-4cda-b69e-d7cc9ad3e8c1-4</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>f89d43254446d5617708578bc3402fd1</hash></file>
<file><path>C:\Windows\System32\Tasks\7c68aaf5-ee9a-4cda-b69e-d7cc9ad3e8c1-5</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>83125a0ed2b8e35394eb5b8736cd28d8</hash></file>
<file><path>C:\Windows\System32\Tasks\7c68aaf5-ee9a-4cda-b69e-d7cc9ad3e8c1-5_user</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>1e77491f94f69d993748d30fa65d6a96</hash></file>
<file><path>C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j4127pcy.default\searchplugins\smartbar.xml</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>aee722467119d066e28ca556f70c08f8</hash></file>
<file><path>C:\Windows\Tasks\7c68aaf5-ee9a-4cda-b69e-d7cc9ad3e8c1-1.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>b2e3d19747432214d60fe7558c79966a</hash></file>
<file><path>C:\Windows\Tasks\7c68aaf5-ee9a-4cda-b69e-d7cc9ad3e8c1-11.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>8a0b3e2a2c5ecd69edf8ef4d61a46f91</hash></file>
<file><path>C:\Windows\Tasks\7c68aaf5-ee9a-4cda-b69e-d7cc9ad3e8c1-4.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>41541e4acebc50e6ebfa49f327dea25e</hash></file>
<file><path>C:\Windows\Tasks\7c68aaf5-ee9a-4cda-b69e-d7cc9ad3e8c1-5.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>a9eca5c3d5b5360012d338045aab21df</hash></file>
<file><path>C:\Windows\Tasks\7c68aaf5-ee9a-4cda-b69e-d7cc9ad3e8c1-5_user.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>7322a7c1cbbf2f0724c171cbfe078c74</hash></file>
<file><path>C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>5a3bf96f0d7d91a53db728146f96b14f</hash></file>
<file><path>C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>eea76cfc84063ef8678e6dcfd431e020</hash></file>
<file><path>C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>593c4622385267cf41b5063644c10ff1</hash></file>
<file><path>C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>dbba8fd90b7fe452d027a498cd385fa1</hash></file>
<file><path>C:\Users\User\AppData\Local\Temp\mt_ffx\Bechiro S.L\smartbar\1.8.8.12\smartbar.xpi</path><vendor>PUP.Optional.ToolBarbInstaller.A</vendor><action>success</action><hash>f5a00167e0aa5fd774473d4944bf9e62</hash></file>
<file><path>C:\Program Files (x86)\Bechiro S.L\smartbar\1.8.8.12\smartbar.crx</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>d6bfcc9cabdf05317c42b8cef60dc040</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\Download\{B6EA0772-A24A-422A-86F5-F73A6BB2886E}\1.3.25.27\setup.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>a3f2dd8b45458bab9143d5c1b54e2bd5</hash></file>
<file><path>C:\Users\User\AppData\Local\Temp\comh.227200\GoogleCrashHandler.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>068fe088226888ae43aaa4f244bfca36</hash></file>
<file><path>C:\Users\User\AppData\Local\Temp\comh.227200\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>068fe088226888ae43aaa4f244bfca36</hash></file>
<file><path>C:\Users\User\AppData\Local\Temp\comh.227200\GoogleUpdateBroker.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>068fe088226888ae43aaa4f244bfca36</hash></file>
<file><path>C:\Users\User\AppData\Local\Temp\comh.227200\GoogleUpdateHelper.msi</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>068fe088226888ae43aaa4f244bfca36</hash></file>
<file><path>C:\Users\User\AppData\Local\Temp\comh.227200\GoogleUpdateOnDemand.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>068fe088226888ae43aaa4f244bfca36</hash></file>
<file><path>C:\Users\User\AppData\Local\Temp\comh.227200\goopdate.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>068fe088226888ae43aaa4f244bfca36</hash></file>
<file><path>C:\Users\User\AppData\Local\Temp\comh.227200\goopdateres_en.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>068fe088226888ae43aaa4f244bfca36</hash></file>
<file><path>C:\Users\User\AppData\Local\Temp\comh.227200\npGoogleUpdate4.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>068fe088226888ae43aaa4f244bfca36</hash></file>
<file><path>C:\Users\User\AppData\Local\Temp\comh.227200\psmachine.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>068fe088226888ae43aaa4f244bfca36</hash></file>
<file><path>C:\Users\User\AppData\Local\Temp\comh.227200\psuser.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>068fe088226888ae43aaa4f244bfca36</hash></file>
<file><path>C:\ProgramData\DealsFactor\DealsFactor.exe</path><vendor>PUP.Optional.DealsFactor.A</vendor><action>success</action><hash>6134a2c67119a294202e7f1e7093ce32</hash></file>
<file><path>C:\Program Files (x86)\Shopp_Upe_1.8\1293297481.mxaddon</path><vendor>PUP.Optional.ShopUp.A</vendor><action>success</action><hash>5d386701bfcb70c61cd50799cd36916f</hash></file>
<file><path>C:\Program Files (x86)\Shopp_Upe_1.8\background.html</path><vendor>PUP.Optional.ShopUp.A</vendor><action>success</action><hash>5d386701bfcb70c61cd50799cd36916f</hash></file>
<file><path>C:\Program Files (x86)\Shopp_Upe_1.8\Shopp_Upe_1.8.ico</path><vendor>PUP.Optional.ShopUp.A</vendor><action>success</action><hash>5d386701bfcb70c61cd50799cd36916f</hash></file>
<file><path>C:\ProgramData\GetTheDiscount\GetTheDiscount.exe</path><vendor>PUP.Optional.GetTheDiscount.A</vendor><action>success</action><hash>6e27ee7a6e1ce94d43f659483ec5d22e</hash></file>
<file><path>C:\ProgramData\CoupScanner\uYNlz7oorWubJT.dat</path><vendor>PUP.Optional.CoupScanner.A</vendor><action>success</action><hash>03923335a2e8d462c62b5e43ee15ae52</hash></file>
<file><path>C:\ProgramData\CoupScanner\uYNlz7oorWubJT.tlb</path><vendor>PUP.Optional.CoupScanner.A</vendor><action>success</action><hash>03923335a2e8d462c62b5e43ee15ae52</hash></file>
<file><path>C:\ProgramData\savernet\Myiiw5gywhzgWZ.dat</path><vendor>PUP.Optional.SaverNet.A</vendor><action>success</action><hash>2d68d197ff8be94dcf92a104c043a35d</hash></file>
<file><path>C:\ProgramData\savernet\Myiiw5gywhzgWZ.tlb</path><vendor>PUP.Optional.SaverNet.A</vendor><action>success</action><hash>2d68d197ff8be94dcf92a104c043a35d</hash></file>
<file><path>C:\ProgramData\dealPeak\DaH1U0Ja40IbUs.dat</path><vendor>PUP.Optional.DealPeak.A</vendor><action>success</action><hash>5a3b92d60783e84e474c4c631de61be5</hash></file>
<file><path>C:\ProgramData\dealPeak\DaH1U0Ja40IbUs.tlb</path><vendor>PUP.Optional.DealPeak.A</vendor><action>success</action><hash>5a3b92d60783e84e474c4c631de61be5</hash></file>
<file><path>C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j4127pcy.default\prefs.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>replaced</action><baddata>user_pref("extensions.crossrider.bic", "1499ad81e11fc5c2cb97b4c9878dfc01");</baddata><gooddata></gooddata><hash>6f26e88054362115c23c989d09fde917</hash></file>
</items>
</mbam-log>

#5 Příspěvek od **vyosek** » 05 dub 2015 09:15

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

rada85 · #6 Příspěvek od **rada85** » 05 dub 2015 11:51

# AdwCleaner v4.200 - Log vytvooen 05/04/2015 v 10:19:16
# Aktualizováno 29/03/2015 by Xplode
# Databáze : 2015-03-29.1 [Server]
# Operaení system : Windows 7 Professional Service Pack 1 (x64)
# Uživatelské jméno : User - USER-PC
# Spuštino z : C:\Users\User\Desktop\adwcleaner_4.200.exe
# Nastavení : Eištiní

***** [ Služby ] *****

[#] Služba Smazáno : 038428a9

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\f1f62a37158ff8f9
Složka Smazáno : C:\Program Files (x86)\globalUpdate
Složka Smazáno : C:\Users\User\AppData\Local\Temp\mt_ffx
Složka Smazáno : C:\Users\User\AppData\Local\globalUpdate
Složka Smazáno : C:\Users\User\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
Složka Smazáno : C:\Users\User\Documents\Optimizer Pro
Soubor Smazáno : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j4127pcy.default\user.js

***** [ Naplánované úlohy ] *****

***** [ Zástupci ] *****

***** [ Registry ] *****

Klíe Smazáno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Klíe Smazáno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Klíe Smazáno : HKLM\SOFTWARE\Classes\b
Klíe Smazáno : HKLM\SOFTWARE\Classes\escort.escortIEPane
Klíe Smazáno : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Klíe Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Klíe Smazáno : HKLM\SOFTWARE\Classes\P23c4a9ae_1a6d_453f_8565_44680b7f1e17_.P23c4a9ae_1a6d_453f_8565_44680b7f1e17_
Klíe Smazáno : HKLM\SOFTWARE\Classes\P23c4a9ae_1a6d_453f_8565_44680b7f1e17_.P23c4a9ae_1a6d_453f_8565_44680b7f1e17_.9
Klíe Smazáno : HKLM\SOFTWARE\Classes\P329da942_ae15_46d2_b983_1491bd88112c_.P329da942_ae15_46d2_b983_1491bd88112c_
Klíe Smazáno : HKLM\SOFTWARE\Classes\P329da942_ae15_46d2_b983_1491bd88112c_.P329da942_ae15_46d2_b983_1491bd88112c_.9
Klíe Smazáno : HKLM\SOFTWARE\Classes\Pd72c64bb_d587_473b_affe_0f27582eb844_.Pd72c64bb_d587_473b_affe_0f27582eb844_
Klíe Smazáno : HKLM\SOFTWARE\Classes\Pd72c64bb_d587_473b_affe_0f27582eb844_.Pd72c64bb_d587_473b_affe_0f27582eb844_.9
Klíe Smazáno : HKLM\SOFTWARE\Classes\.
Klíe Smazáno : HKLM\SOFTWARE\Classes\..9
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{38428a9}
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{23c4a9ae-1a6d-453f-8565-44680b7f1e17}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{329da942-ae15-46d2-b983-1491bd88112c}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{d72c64bb-d587-473b-affe-0f27582eb844}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{ed2594bd-2ee9-43de-84d6-2a162dd61f1b}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611211182}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622212282}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655215582}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666216682}
Klíe Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Klíe Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Klíe Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644214482}
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23c4a9ae-1a6d-453f-8565-44680b7f1e17}
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{329da942-ae15-46d2-b983-1491bd88112c}
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d72c64bb-d587-473b-affe-0f27582eb844}
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed2594bd-2ee9-43de-84d6-2a162dd61f1b}
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611211182}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23c4a9ae-1a6d-453f-8565-44680b7f1e17}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{329da942-ae15-46d2-b983-1491bd88112c}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d72c64bb-d587-473b-affe-0f27582eb844}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed2594bd-2ee9-43de-84d6-2a162dd61f1b}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611211182}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23c4a9ae-1a6d-453f-8565-44680b7f1e17}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{329da942-ae15-46d2-b983-1491bd88112c}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d72c64bb-d587-473b-affe-0f27582eb844}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ed2594bd-2ee9-43de-84d6-2a162dd61f1b}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611211182}
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23c4a9ae-1a6d-453f-8565-44680b7f1e17}
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{329da942-ae15-46d2-b983-1491bd88112c}
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d72c64bb-d587-473b-affe-0f27582eb844}
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ed2594bd-2ee9-43de-84d6-2a162dd61f1b}
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Klíe Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{23c4a9ae-1a6d-453f-8565-44680b7f1e17}
Klíe Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{329da942-ae15-46d2-b983-1491bd88112c}
Klíe Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{d72c64bb-d587-473b-affe-0f27582eb844}
Klíe Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{ed2594bd-2ee9-43de-84d6-2a162dd61f1b}
Klíe Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611211182}
Klíe Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622212282}
Klíe Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Klíe Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655215582}
Klíe Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666216682}
Klíe Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23c4a9ae-1a6d-453f-8565-44680b7f1e17}
Klíe Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{329da942-ae15-46d2-b983-1491bd88112c}
Klíe Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d72c64bb-d587-473b-affe-0f27582eb844}
Klíe Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed2594bd-2ee9-43de-84d6-2a162dd61f1b}
Klíe Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611211182}
Klíe Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5B13B5ED-203E-48AB-A258-8CB0A7FF66AD}
Klíe Smazáno : HKCU\Software\GlobalUpdate
Klíe Smazáno : HKCU\Software\InstalledBrowserExtensions
Klíe Smazáno : HKCU\Software\Optimizer Pro
Klíe Smazáno : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Klíe Smazáno : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíe Smazáno : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Klíe Smazáno : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Klíe Smazáno : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Klíe Smazáno : HKLM\SOFTWARE\GlobalUpdate
Klíe Smazáno : HKLM\SOFTWARE\InstalledBrowserExtensions
Klíe Smazáno : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíe Smazáno : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Klíe Smazáno : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Klíe Smazáno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gboxapp.com

***** [ Prohlížeee ] *****

-\\ Internet Explorer v11.0.9600.17689

Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v37.0.1 (x86 cs)

[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("browser.search.selectedEngine", "Search the web (CT)");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.crossrider.bic", "1499ad81e11fc5c2cb97b4c9878dfc01");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.admin", false);
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.aflt", "orgnl");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.appId", "{C5E5951A-4ADD-4402-8A8E-EF97DCB9D8EC}");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.autoRvrt", "false");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.cntry", "CZ");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.dfltLng", "");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.dfltSrch", true);
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.dnsErr", true);
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.excTlbr", false);
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.hdrMd5", "");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.hmpg", true);
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.hmpgUrl", "hxxp://search.creativetoolbars.com/?src=hp&id=smartbar&g=");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.hpOld0", "hxxp://www.seznam.cz/");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.id", "5cf9a5e7000000000000b010418006fa");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.instlDay", "16384");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.instlRef", "");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.kw_url", "hxxp://search.creativetoolbars.com/results?src=tb&id=smartbar&g=&q=");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.lastVrsnTs", "");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.newTab", true);
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.newTabUrl", "hxxp://search.creativetoolbars.com/?src=nt&id=smartbar&g=");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.prdct", "smartbar");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.prtnrId", "bechiro");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.rvrt", "false");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.sg", "{smplGrp}");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.smplGrp", "mm");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.srchPrvdr", "Search the web (CT)");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.tlbrId", "smartbar");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.tlbrSrchUrl", "hxxp://search.creativetoolbars.com/results?src=tb&id=smartbar&g=&q=");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.vrsn", "1.8.8.12");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.vrsnTs", "1.8.8.1218:51:00");
[j4127pcy.default\prefs.js] - Oádek Smazáno : user_pref("extensions.smartbar.vrsni", "1.8.8.12");

*************************

AdwCleaner[R0].txt - [16662 bytu] - [05/04/2015 10:18:29]
AdwCleaner[S0].txt - [16144 bytu] - [05/04/2015 10:19:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16203 bytu] ##########

Zoek.exe v5.0.0.0 Updated 02-April-2015
Tool run by User on ne 05.04.2015 at 10:31:56,80.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-04-05-082636.log 285 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Bechiro S.L deleted successfully
C:\PROGRA~2\whiteappsoft deleted successfully
C:\PROGRA~3\AWEM deleted successfully
C:\Users\User\AppData\Roaming\spidla deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{145FC35C-A5D0-4135-B736-B9C45E1A19C} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15CDC38-4245-40DF-B580-27137681986} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FDDF10-BBD1-4035-BC91-A7D3601BEE20} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17D14C5D-31BD-41D7-A8B4-65BA9AF7549} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{184E99D-D846-4CC0-9BAA-2830D1C587} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A6E35B0-CCF7-4841-B1D5-F1CEB1C55250} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B22B9D-263C-4AF8-84D-F3A74C352C71} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B2AF8F9-6EDA-400C-ABD9-9F169C70AE3A} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C259EB4-C8C3-4339-AC76-DEA91849448} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F6B1A9C-D1EC-43DF-BC47-CF414B2CF17} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20ECD3D3-41D1-46BB-8973-1F3AD77E5} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21F3293A-9A5D-4372-9744-461E479622F8} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2555D9D0-B7FC-4A17-8394-45413A812A0} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2589F55B-205E-441A-B1E-AC4A379E1633} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2850F2BA-B7D-487D-A3D6-18348622656} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{291F01C6-EEFE-4823-82EF-CBB399E8AD} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BD2242-79D8-4E5B-B317-51511CA0458B} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2DAB00DB-6619-48B1-B49C-FB854DD6F5} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2DEC79B8-2D15-48E3-A752-6371342690BF} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E918D4F-103B-48F4-BC2B-A9D9F422B1A} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F1B7851-A07B-4D0F-BA59-3B438734CC3} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30034296-29CF-4B9C-8D15-A94BC548509A} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30FCAFC7-43A0-469A-AE1-F99809E3B3E} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3262BA0F-16B1-4FC9-B83F-287855CDD88F} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32FAB43D-A4E7-4D13-9B9A-7BA42E7DB9} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33A3C1A3-DB96-4A72-8D48-5B302BAD4C44} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33DF789B-7484-4CE7-B09A-7D797D6BAFCA} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33F06264-4477-4833-8464-BA3ADC7BA41E} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3509A2CF-7F0A-430E-AEDE-3E412DB5A487} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{356F97A-400-475E-ACE6-94CA9CD2859} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3624788F-CEC3-427A-A6FB-70F69B9E29C} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3681DEA3-D902-400B-90EC-FB383675087} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3944E2FD-7027-499B-8F87-926DA7F294AB} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AE0DD0A-19-484B-9C87-3B8E0C97493} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BDC62AD-DA1-447E-BA0-D7C64879C57D} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C51F442-44EE-4207-86BD-4348215916C} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3DB0D33A-2DF7-448C-A0C8-C0E56976DEAA} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3DB8A4E6-D84C-444F-9C15-F64530C5C88A} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E16B51A-BB20-4031-B04B-849642B7C8F3} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40BDB82B-2547-430E-8962-4DF5AAB0A5BC} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41DFF92A-122B-4E35-A7D4-BC43E68382A} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42A4D3A6-996D-426F-A84D-24BF8819C7C3} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42EDB91C-4124-48A5-82F0-26BD47DCF67} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{470A2022-DBE3-48CE-8582-2358C95A579} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4871EE2F-C864-489B-BBFF-793DD229B010} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49611579-DCAA-4428-87E1-F1EF41834E9} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AEF42E9-E166-487E-BAB9-9FF52A7545E7} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4BBE7FED-1F3B-4BFF-AB2D-92ECC24FB0CF} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5254ACF4-4351-4A39-82C9-A71B1EB3975E} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{532E52DB-A87F-470C-A97F-2EFE4EDD3D55} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{562B26C6-B2B2-45FC-9F3D-EF77BD768914} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56C5A3BF-606E-4B22-8FA0-3AD2A5643E4} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{575076EE-C419-4CB7-9F84-E98CE8B098B3} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5767AD87-671E-4D90-8EDD-4E983F69B13} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A1D763A-7774-4006-AAE7-B3C1571DD2D3} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F09AFFB-4FA3-431B-9DE-73B57E861FC4} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F120222-FBA6-4920-9DA1-3077D5C6A} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60FFC48D-AB13-471F-A7AB-F3819BAA38B6} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61628FE-4A56-4C3F-AC22-1DA195363977} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6511D2ED-7D74-46DC-8D93-0DAC88D910} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65C89721-CAEA-432F-ABC4-50C4E682C57C} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66AC2327-8DF8-4C8A-80D5-DBB380F6F31D} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E1226F2-837C-44A9-9F12-47E824469DFE} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FB7FCD3-39CC-4B61-99AB-F231DBDC72} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FBDE810-FC2F-4F9A-A87C-A0D8DA754AF} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{714BCCF1-98D5-4C86-9AE-82C854B65D21} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72426D03-1913-4221-AC14-DBF77C762C86} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73387950-210A-4593-974B-6B680C6180} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7342C2D5-2FD8-4625-A55C-693649EB547D} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7448DCF1-A498-4CF5-B872-ABF858754B95} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74F32DD-2FF7-4305-83BE-E165D9E337EF} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{768177FC-4FB8-44F1-926C-7CA7BA8AA5D2} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76B5CDEB-106F-405F-B010-C6A13EAC5947} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77E81498-2E-4DA4-90F2-BCC664D6CCE} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78DDA4AA-9038-49FE-9CFB-CACF4B15587B} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{79375417-24B0-4BF0-B76-81ABC1F5367A} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A1180D5-F004-44B5-A6F1-78C895385A5E} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C6E3857-C7D1-4391-BD5C-1B7EFBF0265C} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D485E58-479-4BB7-8E49-E6D44CB92432} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{810EF422-6A65-4D81-86A7-EF886398B268} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8331CF8B-ECC4-40AD-9A8A-C2E6F2428E5B} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84661E37-F375-4A51-A81E-B444274F14} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84B5DC4E-166C-4FA9-944D-7E67976027AA} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{878FB3DF-BDB8-4D05-BFF0-74386011D0DF} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B8A9C64-5827-471E-9A46-C835B16D127} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E134DEA-5B84-4C6D-A963-C1891CC15F90} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91717A8A-B157-4B18-985B-855D14DDBECA} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91B74C24-2E24-447F-B055-4515B96E776B} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{931477BB-8838-448C-A9CB-A8515DC0E08C} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9477D053-3470-4C1B-A638-381A66A9327E} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9847776C-2999-4092-B52E-9515AEDC1C3E} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98DB0F2-4E11-453A-A386-7642514C7659} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{998EAF77-46ED-4C61-9548-6E9F117D90E8} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99A2541-700D-46DC-90F0-4A5774C66E84} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C700F98-E2CD-47A9-875C-43F95D9A413E} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E0F0E01-E9C4-4DF8-9119-4A6F9631E858} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E53463D-52AE-4831-94CE-69288F11BCF8} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9EB3C3AC-3644-48F7-8E9F-51903A2E147E} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9EE591D6-836-42AA-B787-CC7E2572FCC} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0650DC1-7697-4ED9-A6B8-35A79761D612} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A19B4A7D-836F-4055-9DDD-EF1710FB1CEF} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4EE3410-C11A-4907-9374-23149085A767} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A808CC40-ECCB-4423-B262-EEE4C3325DD4} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A93AD2D2-534E-4A51-88C7-F2C06B8C41F9} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA00696C-4E13-4CD7-9C7-D0BB9D69D3F} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aaf9b46d-cff4-4920-b591-f684dba25144} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABE0D650-AB48-4E9D-8B4F-F8BB48AFB8EE} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD42C28-DB-4130-B058-69C372BAEA87} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ADF84D20-821C-46A0-8593-F5C3BE8B2787} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B01DF9BB-EA9D-4298-A333-90911135C28B} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0263B52-505A-4869-A782-C832AB19894} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0656106-26EE-414D-8DBA-60FD2991EB5} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B168E6E7-1C6B-48F1-8712-BF4DD47F6C2C} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1E38DD7-540B-4CE1-9DDC-7C86F1E3644D} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B467CB28-FE7C-4A9F-ACBC-D0AFFF22F46} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B632C70-4925-49C9-AB8F-B60E9525C83} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6F5DE95-D2E9-4107-9731-818A767983E} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B90350EA-2420-4CBC-9E7C-D8741A95EE3} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B95D1CC1-9AA1-4C50-8271-A9E1F34A7B4D} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAAEF4A3-2F4-403F-941E-E3CBFA76AACB} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD641431-3E1C-46BB-94A6-745FEAEEBB37} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE66124C-123B-452F-9E0-C21120ACEBDD} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C07CE9F6-12BA-4853-A1A9-A127C7281F46} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1792F8B-A78B-47EE-B1C0-1F5549F0C62A} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C194F8FE-F2F2-463A-8998-A4E390403B48} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C48CAD24-882B-4B3C-AE15-E973EF028F3} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C643402B-F14B-4206-9660-4769FC6FE55} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9550CAF-5948-4B7C-BDEF-19EDEE3067EC} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBDC6256-C6F6-4C24-9437-579DBAF03D14} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCA4C89F-ABB6-4E6C-8D57-A9F25D73340} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCA79D74-CDBF-4678-9A9E-48C2A3EE27D6} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D16CF27F-DEB5-47C9-922F-E7F9B76520A4} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2217470-62EF-455A-97EE-F0A42EA8AFB2} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7EE0311-B34D-4162-B0ED-FEDE1D9787F8} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{da09580d-0c1b-4daa-8d4a-4739e51fc670} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA0EA02F-4EAF-4F27-A46A-9ACA9069A387} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB987C0B-6246-4FAE-A1D8-E8D5ADB7610} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBDA1C16-D440-4723-9832-B8ECEB96E17F} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E04D0F2F-C33E-4C30-A1A1-A7F45EB080F7} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E21FFC9D-68CA-4214-B147-A1AC211DC323} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3182B49-7ED0-454B-BD84-3DEB997C3D99} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E423DB6D-D6A9-44AC-A5EA-227E5742E9} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4ABB09-BC8C-4571-967E-5B507B7A6240} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4E57926-C3C6-4146-B32F-E83FF9B14D0} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5B6695F-6711-485C-83FB-61E14918AC8} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7271023-983F-4008-AD6B-8728388CB8CF} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E73D44A8-7BA3-4B6C-901-69861B81C81E} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7483AA9-9159-4366-BCEB-1CC5FC087CA} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8C11094-AF58-431D-816D-ED64B5924BC} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8E5225E-D65D-495C-A03D-784A31877888} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB111568-2521-42C7-ADCE-5C3192A09971} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC5FDA3B-B637-4CB8-B55-56AFAE80EF4F} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED346756-66AB-4166-918E-3A2DA27FDF82} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE13B933-6206-4C7A-9A36-67A0E5355875} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE98DD74-E815-4665-91DE-D0509EF51A61} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0AC900C-9870-4491-BDFF-EA27738987DA} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F15AD0A1-2384-4ADA-BBFB-A51EAF831D82} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F23CAC1D-4058-49A1-A9AA-93D3FDD841A2} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2B4700B-1262-442A-A4A5-B95A5E31D176} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2E93D5A-A083-4AE2-91F9-A9BC3EDDDEF} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F427A4F5-105F-41C4-AFEE-2AA95AEC97DF} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6738B82-FEBF-473A-9F26-506250E1150} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6EAAC44-9738-492D-AE4F-32DBB195332} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7399921-483C-4C42-80A3-E4EC412FB6C} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7A1B9CB-5E8-403D-AC6E-BDA9AEFD67D1} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8933A16-DB2A-4993-9863-95198C80F0A8} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9399C2C-6AA8-49CE-9E44-A2AA112851DF} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9CE3CD9-BA70-41BD-95B1-896C3E7AA0} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB1E4614-D103-4BD9-8B19-169D787458D} deleted successfully
HKEY_USERS\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FDBF3661-3607-46DA-A959-ACFF9DC2C173} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aaf9b46d-cff4-4920-b591-f684dba25144} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{da09580d-0c1b-4daa-8d4a-4739e51fc670} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j4127pcy.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/");

Added to C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j4127pcy.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j4127pcy.default

user.js not found
---- Lines extensions.3ovPRVRuYBn1tPJB removed from prefs.js ----
user_pref("extensions.3ovPRVRuYBn1tPJB.epoch", "1422829586");
user_pref("extensions.3ovPRVRuYBn1tPJB.url", "http://fibervalue.com/sync2/?q=hfZ9ofqR ... 4tMFHhd9Fq
---- Lines extensions.E7AFDjmcD8OHteRt removed from prefs.js ----
user_pref("extensions.E7AFDjmcD8OHteRt.epoch", "1422830256");
user_pref("extensions.E7AFDjmcD8OHteRt.url", "http://webdriiver.in/sync2/?q=hfZ9oex9D ... qdwFrHaFqT
---- Lines extensions.MJOrVOD8x2g319XU removed from prefs.js ----
user_pref("extensions.MJOrVOD8x2g319XU.epoch", "1422829596");
user_pref("extensions.MJOrVOD8x2g319XU.url", "http://veterances.com/sync2/?q=hfZ9ojmV ... Uojw8rdwGr
---- Lines extensions.OIyi6Q07yWpVb3f8 removed from prefs.js ----
user_pref("extensions.OIyi6Q07yWpVb3f8.epoch", "1422829722");
user_pref("extensions.OIyi6Q07yWpVb3f8.url", "http://solutionprojob.info/sync2/?q=hfZ ... gMBzqUojw9
---- Lines extensions.vhDws6oDbVZTCvI8 removed from prefs.js ----
user_pref("extensions.vhDws6oDbVZTCvI8.epoch", "1422829643");
user_pref("extensions.vhDws6oDbVZTCvI8.url", "http://transferbox.us/sync2/?q=hfZ9oekG ... FqdwFrjaFp
---- Lines extensions.ybqX6treCFOwQdj4 removed from prefs.js ----
user_pref("extensions.ybqX6treCFOwQdj4.epoch", "1422829595");
user_pref("extensions.ybqX6treCFOwQdj4.url", "http://transferbookmy.info/sync2/?q=hfZ ... hIC7n0rjnF
---- FireFox user.js and prefs.js backups ----

prefs_05.04.2015_1102_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Bechiro S.L not found
C:\PROGRA~2\whiteappsoft not found
C:\PROGRA~3\Špidla Data Processing, s.r.o not found
C:\PROGRA~3\17435169423484778745 deleted
C:\PROGRA~2\Alawarhry.cz deleted
C:\PROGRA~3\LuckuyiCoupon deleted
C:\PROGRA~3\SaleeSMaigneet deleted
C:\PROGRA~3\RoiyyalShoppearAAppi deleted
C:\PROGRA~3\FinEDDealSoft deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Public\Documents\AlawarWrapper deleted
"C:\Users\User\AppData\Roaming\zvjarNrd1S4wtm5U3ky8nFa" deleted
"C:\Windows\tasks\zvjarNrd1S4wtm5U3ky8nFa.job" deleted
"C:\Windows\SysNative\tasks\zvjarNrd1S4wtm5U3ky8nFa" deleted
"C:\PROGRA~3\AlawarWrapper" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j4127pcy.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j4127pcy.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j4127pcy.default
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash

==== Chromium Look ======================

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{80c554b9-c7f8-4a21-9471-06d606da78a2} Bing Url="http://www.bing.com/search?q={searchTer ... DF&pc=MSSE"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\41OC5M2R will be deleted at reboot
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJ9HYQ0D will be deleted at reboot
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VBCXH10P will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\j4127pcy.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=417 folders=31 6904637 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\41OC5M2R" not found
"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJ9HYQ0D" not found
"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VBCXH10P" not found
"C:\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YB4NQW9W\d2a8a4q9.ssl.hwcdn.net" not found
"C:\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YB4NQW9W\device.maxmind.com" not found
"C:\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YB4NQW9W\fbstatic-a.akamaihd.net" not found

==== EOF on ne 05.04.2015 at 12:48:24,00 ======================

#7 Příspěvek od **vyosek** » 05 dub 2015 11:59

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

rada85 · #8 Příspěvek od **rada85** » 05 dub 2015 12:25

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by User (administrator) on USER-PC on 05-04-2015 13:22:43
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(FileProperties_CompanyName) C:\Program Files (x86)\mr fun\mr_fun_notification_service.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510896 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-03-06] (Intel Corporation)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364544 2012-09-03] (IVT Corporation)
HKU\S-1-5-21-2897123802-2947230696-785428262-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-2897123802-2947230696-785428262-1000\...\MountPoints2: {5f4ada19-5e90-11e4-848b-b010418006fa} - F:\Startme.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2897123802-2947230696-785428262-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2897123802-2947230696-785428262-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2897123802-2947230696-785428262-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j4127pcy.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll [2014-10-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll [2014-10-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j4127pcy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1602560 2012-09-03] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-09-03] (IVT Corporation) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-14] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-14] (Ralink Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-08] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-21] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [695904 2012-09-05] (Ralink Technology, Corp.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 13:22 - 2015-04-05 13:23 - 00009423 _____ () C:\Users\User\Desktop\FRST.txt
2015-04-05 13:22 - 2015-04-05 13:22 - 00000000 ____D () C:\FRST
2015-04-05 13:21 - 2015-04-05 13:21 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
2015-04-05 13:21 - 2015-04-05 13:14 - 02095616 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-04-05 11:08 - 2015-04-05 10:31 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-04-05 10:35 - 2015-04-05 10:26 - 00000285 _____ () C:\zoek-results2015-04-05-082636.log
2015-04-05 10:26 - 2015-04-05 12:48 - 00041324 _____ () C:\zoek-results.log
2015-04-05 10:23 - 2015-04-05 11:03 - 00000000 ____D () C:\zoek_backup
2015-04-05 10:22 - 2015-04-05 10:16 - 01305600 _____ () C:\Users\User\Desktop\zoek.exe
2015-04-05 10:18 - 2015-04-05 10:16 - 02208768 _____ () C:\Users\User\Desktop\adwcleaner_4.200.exe
2015-04-05 10:17 - 2015-04-05 10:19 - 00000000 ____D () C:\AdwCleaner
2015-04-05 10:07 - 2015-04-05 10:07 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-05 10:07 - 2015-04-05 10:07 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-05 10:07 - 2015-04-05 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-05 10:06 - 2015-04-05 10:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-05 10:06 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-05 10:06 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-05 10:06 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-05 10:05 - 2015-04-05 10:06 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-05 09:11 - 2015-04-05 09:11 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 09:11 - 2015-04-05 09:11 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 09:10 - 2015-04-05 09:11 - 00000000 ____D () C:\rsit
2015-04-05 09:10 - 2015-04-05 09:11 - 00000000 ____D () C:\Program Files\trend micro
2015-04-04 23:18 - 2015-04-04 23:18 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-04 23:18 - 2015-04-04 23:18 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-04 23:18 - 2015-04-04 23:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-04 20:08 - 2015-04-04 20:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-03 00:58 - 2015-04-05 12:48 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-02 18:57 - 2015-04-05 12:57 - 00001288 _____ () C:\Windows\Tasks\mr_fun_notification_service.job
2015-04-02 18:57 - 2015-04-05 12:48 - 00000650 _____ () C:\Windows\Tasks\mr_fun_updating_service.job
2015-04-02 18:57 - 2015-04-04 22:41 - 00000000 ____D () C:\Program Files (x86)\mr fun
2015-04-02 18:57 - 2015-04-02 18:57 - 00004306 _____ () C:\Windows\System32\Tasks\mr_fun_notification_service
2015-04-02 18:57 - 2015-04-02 18:57 - 00003670 _____ () C:\Windows\System32\Tasks\mr_fun_updating_service
2015-03-29 19:43 - 2015-04-04 23:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-25 19:30 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 19:30 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 19:30 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 19:30 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 19:30 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 19:30 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 19:30 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 19:30 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-16 01:01 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-16 01:01 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-16 01:01 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-16 01:01 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-16 01:01 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-16 01:01 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-16 01:01 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-16 01:01 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-16 01:01 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-16 01:01 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-16 01:01 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-16 01:01 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-16 01:01 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-16 01:01 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-16 01:01 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-16 01:01 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-16 01:01 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-16 01:01 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-16 01:01 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-16 01:01 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-16 01:01 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-16 01:01 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-16 01:01 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-16 01:01 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-16 01:01 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-16 01:01 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-16 01:01 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-16 01:01 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-16 01:01 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-16 01:01 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-16 01:01 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-16 01:01 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-16 01:01 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-16 01:01 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-16 01:01 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-16 01:01 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-16 01:01 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-16 01:01 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-16 01:01 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-16 01:01 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-16 01:01 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-16 01:01 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-16 01:01 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-16 01:01 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-16 01:01 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-16 01:01 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-16 01:01 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-16 01:01 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-16 01:01 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-16 01:01 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-16 01:01 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-16 01:01 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-16 01:01 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-16 01:01 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-16 01:01 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-16 01:01 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 00:13 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 00:13 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 00:13 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 00:13 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 00:13 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 00:13 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 00:13 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 00:13 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 00:13 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 00:13 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 00:13 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 00:13 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 00:13 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 00:13 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 00:13 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 00:13 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 00:13 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 00:13 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 00:13 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 00:13 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 00:13 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 00:13 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 00:13 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 00:13 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 00:13 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 00:13 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 00:13 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 00:13 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 00:13 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 00:13 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 00:13 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 00:13 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 00:13 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 00:13 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 00:13 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 00:13 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 00:13 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 00:13 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 00:13 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 00:13 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 00:13 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 00:13 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 00:13 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 00:13 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 00:13 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 00:13 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 00:13 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 00:13 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 00:13 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 00:11 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 00:11 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 00:11 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 00:11 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 00:11 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 00:11 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 00:11 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 00:11 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 00:11 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 00:11 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 00:11 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 00:11 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 00:11 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 00:11 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 00:11 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 00:11 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 00:11 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 00:11 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 00:11 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 00:11 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 00:11 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 00:11 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 00:11 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 00:11 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 00:11 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 00:11 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 00:11 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 00:11 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 00:11 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 00:11 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 00:11 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 00:11 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 00:11 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 00:11 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 00:11 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 00:11 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 00:07 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 00:07 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 00:07 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 00:07 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 00:07 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 00:07 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 00:07 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 00:07 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 00:07 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 00:07 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 23:52 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 23:52 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 23:52 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 23:52 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 23:52 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 23:48 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 23:48 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 13:23 - 2009-07-14 06:45 - 00027888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-05 13:23 - 2009-07-14 06:45 - 00027888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-05 13:19 - 2011-03-21 02:31 - 00669414 _____ () C:\Windows\system32\perfh005.dat
2015-04-05 13:19 - 2011-03-21 02:31 - 00141540 _____ () C:\Windows\system32\perfc005.dat
2015-04-05 13:19 - 2009-07-14 07:13 - 01585684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-05 12:54 - 2014-10-13 10:18 - 02081057 _____ () C:\Windows\WindowsUpdate.log
2015-04-05 12:51 - 2012-09-10 14:54 - 00000787 _____ () C:\Windows\SysWOW64\bscs.ini
2015-04-05 12:49 - 2014-10-13 11:08 - 00004524 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2015-04-05 12:48 - 2014-10-13 11:08 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2015-04-05 12:47 - 2010-11-21 05:47 - 00073036 _____ () C:\Windows\PFRO.log
2015-04-05 12:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-05 12:47 - 2009-07-14 06:51 - 00042416 _____ () C:\Windows\setupact.log
2015-04-05 11:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-04 23:07 - 2014-10-13 10:59 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-04-04 23:05 - 2014-10-13 11:00 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-04 23:05 - 2014-10-13 11:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-04 22:56 - 2014-10-28 11:01 - 00000000 ____D () C:\Program Files (x86)\Sanatorium Green Hills
2015-04-04 21:01 - 2015-02-15 15:50 - 00000132 _____ () C:\Windows\SysWOW64\REMOTEDEVICE.INI
2015-04-04 20:05 - 2014-10-13 16:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-03-27 08:47 - 2014-12-15 23:14 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-27 08:47 - 2014-10-13 16:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-16 04:23 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-16 01:36 - 2009-07-14 06:45 - 00410408 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-16 01:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-16 01:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-16 01:18 - 2014-10-13 11:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-16 01:05 - 2014-10-13 14:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-16 01:00 - 2014-10-13 14:20 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-06 19:11 - 2014-10-28 13:28 - 00306470 _____ () C:\Windows\DPINST.LOG
2015-03-06 19:10 - 2014-10-28 13:27 - 00002026 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-03-06 19:10 - 2014-10-28 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-03-06 19:10 - 2014-10-13 10:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-05 11:38

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:195.21 GB) (Free:142.2 GB) NTFS
Drive d: () (Fixed) (Total:270.45 GB) (Free:256.59 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:29.06 GB) (Free:25.65 GB) FAT32

Available physical RAM: 2742.23 MB
Total physical RAM: 4032.3 MB
Percentage of memory in use: 31%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 397A8933)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows XP) (Size: 29.1 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=29.1 GB) - (Type=0C)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\mr_fun_notification_service.job => C:\Program Files (x86)\mr fun\mr_fun_notification_service.exeâ/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='mr fun' /appid='73143' /srcid='2913' /bic='8744cc2e44458d78deb18f3f05c7aa96' /verifier='67d74c9a0900f8f721982bbf1832b051' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif
Task: C:\Windows\Tasks\mr_fun_updating_service.job => C:\Program Files (x86)\mr fun\mr_fun_updating_service.exe§ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=mr_fun_updating_service /funurl=http:/stats.buildomserv.com

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\User\Desktop" je 1647 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#9 Příspěvek od **vyosek** » 05 dub 2015 16:57

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-2897123802-2947230696-785428262-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-2897123802-2947230696-785428262-1000\...\MountPoints2: {5f4ada19-5e90-11e4-848b-b010418006fa} - F:\Startme.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

2015-04-05 13:22 - 2015-04-05 13:23 - 00009423 _____ () C:\Users\User\Desktop\FRST.txt
2015-04-05 13:21 - 2015-04-05 13:21 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
2015-04-05 11:08 - 2015-04-05 10:31 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-04-05 10:35 - 2015-04-05 10:26 - 00000285 _____ () C:\zoek-results2015-04-05-082636.log
2015-04-05 10:26 - 2015-04-05 12:48 - 00041324 _____ () C:\zoek-results.log
2015-04-05 10:23 - 2015-04-05 11:03 - 00000000 ____D () C:\zoek_backup
2015-04-05 10:22 - 2015-04-05 10:16 - 01305600 _____ () C:\Users\User\Desktop\zoek.exe
2015-04-05 10:18 - 2015-04-05 10:16 - 02208768 _____ () C:\Users\User\Desktop\adwcleaner_4.200.exe
2015-04-05 10:17 - 2015-04-05 10:19 - 00000000 ____D () C:\AdwCleaner
2015-04-05 10:05 - 2015-04-05 10:06 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.1.4.1018.exe
C:\Program Files (x86)\mr fun

Task: C:\Windows\Tasks\mr_fun_notification_service.job => C:\Program Files (x86)\mr fun\mr_fun_notification_service.exeâ/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='mr fun' /appid='73143' /srcid='2913' /bic='8744cc2e44458d78deb18f3f05c7aa96' /verifier='67d74c9a0900f8f721982bbf1832b051' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif
Task: C:\Windows\Tasks\mr_fun_updating_service.job => C:\Program Files (x86)\mr fun\mr_fun_updating_service.exe§ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=mr_fun_updating_service /funurl=http:/stats.buildomserv.com

Hosts:
EmptyTemp:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

VIRY.CZ

Prosím o kontrolu logu, přes firefox vyskakují různé reklamy

Prosím o kontrolu logu, přes firefox vyskakují různé reklamy

Re: Prosím o kontrolu logu, přes firefox vyskakují různé rek

Re: Prosím o kontrolu logu, přes firefox vyskakují různé rek

Re: Prosím o kontrolu logu, přes firefox vyskakují různé rek

Re: Prosím o kontrolu logu, přes firefox vyskakují různé rek

Re: Prosím o kontrolu logu, přes firefox vyskakují různé rek

Re: Prosím o kontrolu logu, přes firefox vyskakují různé rek

Re: Prosím o kontrolu logu, přes firefox vyskakují různé rek

Re: Prosím o kontrolu logu, přes firefox vyskakují různé rek