VIRY.CZ

Zdravím,
při spouštění chromu vyskakují reklamy a při klikání na hypertextové odkazy vyskakují nová okna, prosil bych Vás o kontrolu logu.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Doan at 2014-10-29 22:33:44
Microsoft Windows 7 Home Premium
System drive C: has 26 GB (11%) free of 232 GB
Total RAM: 4044 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:51:22, on 29.10.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\PodoWeb\bin\PodoWeb.BrowserAdapter.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Program Files (x86)\PodoWeb\bin\PodoWeb.BOASHelper.exe
C:\Program Files (x86)\PodoWeb\bin\PodoWeb.BOASPRT.exe
C:\Program Files (x86)\PodoWeb\bin\PodoWeb.BOAS.exe
C:\Program Files (x86)\PodoWeb\bin\PodoWeb.BOASPRT.exe
C:\Program Files (x86)\PodoWeb\bin\PodoWeb.BOAS.exe
C:\Program Files (x86)\PodoWeb\bin\PodoWeb.BOASPRT.exe
C:\Program Files (x86)\PodoWeb\bin\PodoWeb.BOAS.exe
C:\Program Files\trend micro\Doan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.lookforithere.info/?pi ... Z&unqvl=14
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss ... ffID=16553
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: cb53b500f3e90131a6091fb939dcadf40061915 - {11111111-1111-1111-1111-110611191115} - C:\Program Files (x86)\Senses\Senses-bho.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PodoWeb - {980b8a8f-ea0b-4c24-a2e9-70635e2502e9} - C:\Program Files (x86)\PodoWeb\PodoWebbho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [mobilegeni daemon] Ä??{
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [PCSpeedUp] C:\Program Files (x86)\Zrychleni Pocitace\PCSpeedUp.lnk
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Doan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Uprubo] C:\Users\Doan\AppData\Local\Temp\Pacya\uprubo.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: DesktopWeatherAlerts.lnk = Doan\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
O4 - Startup: Weather Alerts.lnk = Doan\AppData\Local\WeatherAlerts\WeatherAlerts.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ImageBrowser EX Agent.lnk = C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
O4 - Global Startup: SolidWorks Nástroj pro stahování na pozadí.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MaintainerSvc6.89.573444 - Unknown owner - C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321\maintainer.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update PodoWeb - Unknown owner - C:\Program Files (x86)\PodoWeb\updatePodoWeb.exe
O23 - Service: Util PodoWeb - Unknown owner - C:\Program Files (x86)\PodoWeb\bin\utilPodoWeb.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18162 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e2d5ce72-5959-45ca-b722-5a6149467a9a -SystemEventPortName:HostProcess-10a95659-39b8-4214-bc2f-51f0005351b2 -IoCancelEventPortName:HostProcess-428fca1f-6fa6-4112-95f4-b0725ec1a6f9 -NonStateChangingEventPortName:HostProcess-cb6408fb-286d-4ac6-a4fa-ce6cd0edeb2a -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:617950f8-670e-4fdd-9b24-71d592796bdd -DeviceGroupId:
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 25320480
\??\C:\Windows\system32\conhost.exe "-18427029861942151184-1631153493463004882604791095-1852945078-14385423771902887596
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
taskeng.exe {7698D2E1-554F-4409-8374-3924953FD19C}
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
"C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321\maintainer.exe"
"c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
taskeng.exe {6DE9FD9C-E14D-4324-9F69-492CFB2ECC5E}
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Users\Doan\AppData\Local\WeatherAlerts\WeatherAlerts.exe" /restart
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" -cefhost -cachedir "C:\Program Files (x86)\Steam\config\htmlcache" -cookiepath "C:\Program Files (x86)\Steam\config\cookies" -steampid 4348 --blacklist-accelerated-compositing --process-per-tab --enable-direct-write
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Combo: On</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_on.ico</IconPath><ID>1499283714</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" --type=renderer --disable-delegated-renderer --disable-gpu-compositing --disable-threaded-compositing --enable-pinch --enable-software-compositing --no-sandbox --enable-direct-write --lang=en-US --lang=en-US --product-version="Valve Steam Client" --disable-accelerated-compositing --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="6364.0.1249321826\586570442" /prefetch:673131151
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files (x86)\PodoWeb\updatePodoWeb.exe"
"C:\Program Files (x86)\PodoWeb\bin\utilPodoWeb.exe"
/c 3ad44358-2eca-444c-bd52-49b227c79e6b /i 47a6db3b-f507-45f7-9e74-4382bca17bf0 /f b37262ea-3375-4dfc-992b-aa8f38548065 /z "n=PodoWeb&is=smdvcz&dpt=20"
/c 3ad44358-2eca-444c-bd52-49b227c79e6b /i 47a6db3b-f507-45f7-9e74-4382bca17bf0 /f b37262ea-3375-4dfc-992b-aa8f38548065 /z "n=PodoWeb&is=smdvcz&dpt=20"

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=6108.19b1eee0.890366085 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 6108 "\\.\pipe\gecko-crash-server-pipe.6108" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --proxy-stub-channel=Flash4652.10A5D8D0.32618 --host-broker-channel=Flash4652.10A5D8D0.12555 --host-pid=4652 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --channel=1212.003AF3F0.1885212035 --proxy-stub-channel=Flash4652.10A5D8D0.32618 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files (x86)\PodoWeb\bin\PodoWeb.PurBrowse64.exe" /l false /s false /c "PodoWeb" /t "C:\Program Files (x86)\PodoWeb\bin\TEMP" /i "http://apipodowebnet-a.akamaihd.net/gsr ... 0000000000" /d {d04f5c84-12ff-4486-8e31-240e7ca6e6d3}w64 /p b37262ea-3375-4dfc-992b-aa8f38548065:firefox /p 3ad44358-2eca-444c-bd52-49b227c79e6b:chrome /p 47a6db3b-f507-45f7-9e74-4382bca17bf0:iexplore /h cdn.sharedaddomain.com,cdn.sharedaddomain2.com 0 10 "C:\Program Files (x86)\PodoWeb\bin\bau" true
\??\C:\Windows\system32\conhost.exe "-1109559278-1883289432214034881717356280861612399485-178718860814968667851881249992
/w 910 /h 100 /cg 8ac8f7fa-5808-4a4b-b3c0-7980133ddfc0 /gc 1 /ff 1 /ie 1 /is smdvcz
"C:\Program Files (x86)\PodoWeb\bin\PodoWeb.BOASPRT.exe" /w 910 /h 100 /hw 853224 /g 8ac8f7fa-5808-4a4b-b3c0-7980133ddfc0 /is smdvcz
"C:\Program Files (x86)\PodoWeb\bin\PodoWeb.BOAS.exe" /w 910 /h 100 /hw 853224 /g 8ac8f7fa-5808-4a4b-b3c0-7980133ddfc0 /is smdvcz /bt 1 /ps \\.\pipe\boa{CFAA5D92-952E-4062-8C08-6E65AFC6CBE4} /bv 33
"C:\Program Files (x86)\PodoWeb\bin\PodoWeb.BOASPRT.exe" /w 910 /h 100 /hw 3146894 /g 8ac8f7fa-5808-4a4b-b3c0-7980133ddfc0 /is smdvcz
"C:\Program Files (x86)\PodoWeb\bin\PodoWeb.BOAS.exe" /w 910 /h 100 /hw 3146894 /g 8ac8f7fa-5808-4a4b-b3c0-7980133ddfc0 /is smdvcz /bt 1 /ps \\.\pipe\boa{8F28F432-26A5-46AB-A71A-9A95B102458F} /bv 33
"C:\Program Files (x86)\PodoWeb\bin\PodoWeb.BOASPRT.exe" /w 910 /h 100 /hw 459878 /g 8ac8f7fa-5808-4a4b-b3c0-7980133ddfc0 /is smdvcz
"C:\Program Files (x86)\PodoWeb\bin\PodoWeb.BOAS.exe" /w 910 /h 100 /hw 459878 /g 8ac8f7fa-5808-4a4b-b3c0-7980133ddfc0 /is smdvcz /bt 1 /ps \\.\pipe\boa{3B179B90-DC38-45DC-A978-575318569C37} /bv 33
taskeng.exe {CBE64795-1B82-4C1B-BCE6-0091D1C82CC7}
"C:\Users\Doan\Desktop\RSITx64.exe"
taskmgr.exe /3
"c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey ACFD5DA8-104F-4513-228E-C790319BBAD5 -Reinvoke

======Scheduled tasks folder======

C:\Windows\tasks\8b8af638-f8bc-4972-8c79-82d268796676-1.job - C:\Program Files (x86)\Senses\Senses-codedownloader.exe /rawdata=cC/1FM2SL3eO0MQpuHljhymBzdpoV92KDuyVfrNjtqslGPdW2ykvFVbOs/CMHjAL0kNONPcWSTRtO82NGTnLKWjFHB3/XnybEG7BGKJF9bMug4iucMixqd2Hm0PxF2699UEbIbl06NFEGEl8h7KKfBSPEwcCH+kqGBAf6PArIxwnLfYw2O5R/B2g/NdYK+llSMiUo+XohABwl0RdLRnp6Wqitr85p8L2zmhinTK9dDw1Sa3QwKmErOSvfzMKEZJDwpFs1jmhrHyBCxQsOquRImOa6YhwF5eVmuBiFG6S77KegF0OQeZX3/XN5FkZptHpXO0SsXxRI14DZmuidxsKXIA0agBXeQ+lYlmSbAjW5qucakZri+4jNBmvcL49x/0ewVGM2txisOZYsJQXm4ZCuaSA2nKxEDdhbKUnRJ39G5vvxjlue1xbN5CA+ahfg6DzU0O1igctZkUXxZlOxfhH0rVEs7oBskVSD4odFwqwmEEM0GBmYF5Vu8nvhxzIMCF3RdYWR3qXLRVJFpomyCI5Qjory+d0pvMcBR5rP9i35lYA0wJ+RF/eEz2KRWfPJ9h0Sck7e2j5JGWmfKbRfQEu1xBnWDO1FmAxO9gtbeG9OejWmrksXy02AWPWox2EPHLZbnElDK0yOh0TAuz65ev2PKhCBU7HBc1ek9E/I/UAK+9LiJ24OczvqbtFBMDOVmJ7/4AHTCtjFWAh/qTNv2knGFi5ByznGTr9INtZIvl89b+gb7JAX4yI7pHoaGn0Afv1G/ihEZDqsLqM8HQiILCqyomAVOxtkaSZUPwshpFgl/OHmfxJgyS/2YtDzXRBCIsZaBWzmk6ulXCI5yZah9c315eAgAZX/wao2S+52nG+8T3pbpim8QXFUbFAJ5g1revoktmows1fLmcWPETAmM3xEwJjs/S6EbiLV6+VDiMfMIHpOLsSg0YOv+ZYWDqcqnlGVPdkRCrccnjX5VwEPgGWRsyj5eUXWMNG8/1+EJXqA0eqXvVYkA9lU7jLwNL/qKfBDSLNbIitzwcm/21pOV+xXT9QiC/gs/bc1QfoIv+a09X0mUt6XjqQUnSai/L7YSPYwRO1krT0mrpHsX8QV4mWJkRL+JPkPJNogOXvV2tDX+AVM0mi+IQeaPXxnz4XnejAIvpU7i1CRrS9YChqH5aCPyb2uXJPbkXb4sxMWHBQQC1vhII2nnB+JVrqtiMQfjOU+ggahMdSywnw710hNzERfjLcGUmokulvE5BOuklRYth6B3wFUJpgi+nZyr5bOF8pEaPC9S5daVLkRJnZtsjcvykFD6E/Lk/YZFXD9PPlOY9xWUGQ0+todnD7hkJMRgVUjz3O1jt07K6zDOboTaQW9DQwafrYhZU8cg7gJ7GayA3A/FSJ+r3pqltGi9e5VGARKCA5xweHOgBjm+xtrI/8CMXJdL6r6m1/7F0CzphlMk4CuQJtXBl2EHbkm8XuWm87H74QbdApI6kT1YXO6Jb0Vv3pzmI7vkZ3ckh+sZE0PCjqF/FsYSLIS4J3ngV2pBjQLXlHKUcNF2HLguTAoXPsPYZPYIz0xA6gbbQ3m6hFp+0rQJbckCUnVCOSeL+wQGZNm72CpP2VKTWGe2oksnjj8KzyGK+UxW7nmsTpp13pHHB2mDZG3ZBm8RZWD3zMyMkICdZ9xIq0rUjOsLmdJxt3Lht1JWSdQ9ybxUQ2Jp8yVMA=
C:\Windows\tasks\8b8af638-f8bc-4972-8c79-82d268796676-11.job - C:\Program Files (x86)\Senses\8b8af638-f8bc-4972-8c79-82d268796676-11.exe /rawdata=lzpws4w0e1A3ywc2kiiGpSPgpLN/UNI1nnIlfFnIZSQDStyu1/fHiYJQmQ+11kGPFoZA49AsdZcX1Bm2LPtf0bkATJeT4vzXAmw6dzzOTbVcjQg6HAn8HIfnYZMpSy2MGyNJpAnQHc1G144SvjC5IilYE+4kezvVO8xNBWJ71JVLZlkv6u4ifpt1MGmOhftHO/wLae//VNSFx+rdN9+FKqQ7DtN+7C7ITr/7KsJj4LN9k/5JZSuz/9eXQ1AqYMRC0dOHaa6S5ePVAZNpI0jSl4VKFlDYDplppBjQwvFoZ5HVJd8qKyFeFPdXQrpgwJuw7Y5cZZcQeUH48GDUphO52QprXsuegX/Ni34OHqInCCInfTp945NGGmV/MYvzmnBvBHOmpptbHDj4TmVu51kh+wGe1L5UZ+zM63R7FNhSgKv5hP18n5CaopZFwkjKjb7yWh4wGBdaObN/0TMMwC2MEC6ovrOFNlqlVgCX2kvRUfBrlWCTSc51Y9HUUpjJstF5U+q6X7nGS5H94sYgAF0beM3lBuZQPuIcuHUauD237ykwsXcfxRLtKETk3nmIb27CU5m9JgZ6fcG/w/jYQ/RUAxFen63CM385ynZqh/m8IPhB5fnPSmTZGGs0n3N/vI0MmbEQPLeYgEH0qNIia6IwKcHSIB/Xhz+So11Zf0kLldW8x5Ison49f9nX5JoZbVWTLiGr8b19R+O/XgypvRdZF6GORDT8tmC6YNL96XQ3BrzYGS6izMGBwJLL4vCj+YN5H/xSPsKNLd/IWTDcSp/cj8oAjcRhRs8IIbZy2oQAWO1k29GvERAbY+yU5A7pUx+uNud2hLicotXvcsKXNz6ujZXwWs1T9rc0zKLHOD8OazKfmzia7EC21qdE9n50BDTZIPN0gPEC27vwQRkXvBfkt2SBCNcxR5GKQjS2SOIIzEavoQJQcWS3y2TGlpt6ssF7CnuuxqLrQHg/M3SFMQAvRXlQtrrl/CXehNMyH1VEBs5lH+HU2mHTyxwBNIWQjp1cYIDdCwZg6sM2wneuvxDR8F62p9UCyNoW1UkaQqqUABjHmr0SN46eRV4WYwIke8xDe81MntX4Yf56GnDNzlG7UOQqiciINrUd3UmEGZ8+9PqTXSQBgcyoH4JI2YmHM2HFkNzDQJKQ4aAmMENypKZQeeAF/FgAuhAzrcEOlPT1eMdhimL2G7LMEVsorKRIrGHWCAbNxMc/DyFdO3zjRjxr+5Q28G7+w6ShfDrYwE3oxoU8knNa0y2f0LRFP7srCjdREtaXfLnEqjxUQEMYDxC9ir/YA6JT1PQSMOJ9P+egQWBpq2uQjjSmB8UoiLsHy7DNOQmvfNMTx4w/4WJXTJiMYlhS6tnj8GD+NzmIoPBh0uu1PR21+cSrKOeMVwup2GkPhmp/bxsY3G73xHkd1g0N68HvdOjgb4hN9hl3TrITW7uc5/T3aCMv2xndRvRw3BgFXQy8z1VwEpCFCS2qcgmg2jAFi49cxVpXnaBOcTEr7VVCodoj1a5Xt3zpXbdQBu3uvsdeNMbadQ9vYwQg0KwnAFsIlpIJ8tYPPODulxrmbu0ZdiVK7/J0wiDy1fD9ZhCB03M9IcQZ4vkCC1aFXjddmoNM6AerJ4do0ScYtCrbTO8wzgdwmypxHt0Ganxi6upmr5ewF2zoD4YNNpew75VmRw/8Tl9G56xr+2w7BzmJr+W9df0QaPHky6Tzj+WlNssBzjdSoZ8Ws0XKxvq8biLJ570lAPo8lZRrzjoKXkBH9fSB3lT662s9d+ow+1vfPK3JcsCMAP6kvUfVy7QJ/knTwFuJ56otNJKzmRCy6TWJBNJNwwLwOvwzIcG6nKeEMg2aMiD+blxg56h3JStwO7M+3bGTxP0ezbyoOOXpsTQRKTO9YIPj+q2pWlea9qxgk49y6CaF+81GfmKrUaPusa+ag9vFMVB3inj9VK8O7VFCgaXEVXsBmZEyQxXEii4n1cvEI43AAeU86SKnXqvzjHmp7wVVwsr00s4gFUHz4P0PmLjoZA72hJs5sIUAF4B8Xm3cKqxJjB1H+TRkfijaSYmy+mBCnd/kjlp2Cj5NVdagaCP5LONgUeHYrgTnp12NKgC+6eyAmAuKeDp3iF68zehqiiVCeOmWBLogF4nHN/1VevhYKEMa+Ey5rxGfKxrLgXQyGDEV8n6v78IFu9moxK/U3bkgnCdNIAs2gve0rvfdxVNX5htbkl2eQmlzHEFXn37iPjI0iNWO1UcRTzAoPQJGyfgaGZ8CteXePXbOKIZr9zi9jEg1gY9TqNMREZxk7U/l3iE1rzmx4rnQv7tY3+ehBtZrx+7RrXSAOZR4NmS08GezNdqZCd687DNttAVDlrWRYdLgzEfCbtqiM8fcRG9au2sUBGVT+Bp+h8REeYNidLDDgxJK04vqCqOcVwmBM0MhEjgDmu8ZgG48ta4QW3GmFgC/6LBsDI8qMHEAEhlEfgpPqZAkPyzvRR+iz/bOOySAa5MBk8AuwtX6u+aABHqdcn27H7E9dhJCJbQ39Yjuja0/BcisP05Da+RAyudG3yQZ
C:\Windows\tasks\8b8af638-f8bc-4972-8c79-82d268796676-2.job - C:\Program Files (x86)\Senses\8b8af638-f8bc-4972-8c79-82d268796676-2.exe /rawdata=k4nHn1BzFgsVSuguoCVm7EXyI9kb/fEkuqmDneTmeWglHncHcQxpHsMQITQRlQW7IloOsiDuj7qPnkAp7+HUusJTCzQuHquzwjDG05BbHlhEuj9viQb4m3dh/v/bJ+vgS3ct09ZKytz+GrRNqkFsUHv+pbliYhEKvVXSemQ7CMNIdnJCkSMAucnTh38QPxXmHzgAY2hu1EtybId+4GWMMbQQNEZElNaECbiljWP0bHEEQGqpignItOzxPmn61FRVCnXNfWdCVWKQj0/z9nMCQz6jD9xHIWQylXI2HE1GBowsR/oOvSbhcnubOLHlUpHDFiK7lQzk2h+W7Go3b9D4LcZKhmhmIZgs4R7Bgkzwzcp0mmBK/GYxlw6s7rqv72I3TD1Tz9rYyH3JkgUFgamreNvefi/nKVWQRY1j+aPxJGaMX/AzVZcDzKyGMOy6NrdDDY+CeoG9lAdqPDlBebOdZ5hXs5q1sXB1qBttNinUku4izqnvEdhHcVPIjgPMCNDjMYTrJWtcnUS/i4Xk6EcWLic914LRRPc9i9ucFNEj+cBwF7WEodAg+5thu0qwEzni5y9hWI9red8XoAC+/5MVQ3cnMdTa/HNYCURwYkFmB/aa/84hZYAwIe2oOjvkF4lIlavLqPm/E3ntFzTcFFRRJrMN8a2jTh0bgfXJlGaRPbctaAN/kxd0Da4bgNj/QGqE0CRb9Wt/8EkE+hVduBJXOZV23lXk+/YCz6OIvbkJ+sO3mYYjMhMSJ2rKelrDF+g91gsN24zNjQFC++WpHDvTNG8B//jWmgGWr/GZa4GeWGSYfEtHsIzMrsEZsG1kEAZonc/pab/B3/Ox7VoxQeObyUslx4rTXndgTQlSI4rdlNZzZq9GOKbdsAD5eiTKiyM0uoTYqMgj5rIKuIp6jRxQVrLxnr7ggvP4LrZQkSfFHcudS1weSIP7GiIlcnfjG0IBlvqDAXni0IWqv7aQGyG3tuzMQweTYUxqvPzrokxGRaJiQ0pyw8gC+TXpqpVLzkxG
C:\Windows\tasks\8b8af638-f8bc-4972-8c79-82d268796676-3.job - C:\Program Files (x86)\Senses\8b8af638-f8bc-4972-8c79-82d268796676-3.exe /rawdata=eGqW4O3tPdt0dm7wLZAyiSpgMyE9EbRuXWlXvRLFE7KAPYOdKZfrOFlwQAcNOYvwbVq3krs9zOy2PXasACpmn+K3BWW+Vgo6bR9/gnckm2l2XsPTtxa1KdagnR3t9prx/S8AK4x97F5d4DEcBmSDUE75bYaScHGySObUpXUMur1M7f85cE1DOFw3j8egcBCrW8bCJgeViUpNyFSRXHcEqYzu5kEXxLj8Wf0X1uTTmq1E7bPj75cUjDQ7b6jIeFnXYSyTJA2DkSLmVavM+t0ATtGtlYN8cGN34bvytdc/RIP8om9eeMkRYWqvcpGOuh5UMD6AH8sil0uoKldup0GWIZaVYeFtcuAt2GKYDolCsNmX8IwI2ix3xDTZxV0jg9KdhDnBe2rPN6HuNhVEEUY0RtmErWYIdXUCHAVp3RfOVx5FysdHBRUjFjSGHfyhY+d8lXYj0isJIBirD0SlKtvS0EH1HN+h8jdqgaCpTTe8knWh3PQQ4RwJscclpiMqoe9yVMwXHHho4qE/frCcBcJJ59qxv1ie3cU6BFUBWHeDHIAWvn6p7u6274Zkef4mTPvN/8KBLGYsHgOdIF3ju0jbRi55ROpOZcvoE/GuiBwXHv32lX54BFimt5tjkBd/vj6XaWektQt9qApoHZi/dnWHdFBElfuwlMNv54jclkk4nZkwQLcYLj9xwlBBzdYQBJPNHfGu+wLJQw8FL8bm3ttjmpe4AXFtfOQK4bbqT00AOx/AfzdF5YVfdTowv0evZnAKOZnBXKgvsSzcamhDkWdnsozmh4UHc0whoDGgpnXpI3T+V3udZcLkrFIc+zvpvGqaxK6n59V8vPQIUNefNF1yz45sV9nPOmTKGu38/hqZaysEYs8W3yOMGuvyHjjvmuHo5rSuAkN+BOi4nP1NixUkOA1vHvMmsGWPho+bW3NUL8KOx3zKHdDffn1F7RE5aN+jtOHIu8GVEjTJQa7xijJhHyuD84AxZv+VbsQfbGlr+h4lUCeSDhtW/7ir4umQCyj3b5IcmbCiDT2dCmiU9am2XKkISe4oU8MDnX6v0F2CQwv/o9k+WTiR1WzFPFFZ3tcr2fBPmegWnSB6XDiR4vswBed6f0CCpR+vSWTiqyemczcoXdrH8HlS3SHqVVoIOgCnRCkfBHYCcm5CCFRIQNRFmLRQWXErK25Gw8SYPjcIsAA91mEVmgTivPasMLNswRUb0xQhSGF42CBAA6mTtZzOshdzXI4zuAXPOz4FHk76ninIhxfC/4cMBy3dJQNYY1lyqiNsD0rP9aF5duVjiP8JMjboY5zjBto9SnKV8g4gK7h3f2cLHmETFEO4/uyeJQw26JvbZf5wu5wnzkqsQ8EUrLyEQ4Fqi2lxK7q8uoblLbDPu1Xhl/lL+1cR7tlQXK0xx+ZGwwG30iT0xZxlVg0GIrBRwPWWxfRnL+16NbUBUnru0uOl0z51VljTk/Wy4ywzWJfx2KP6paDcVs/rwFYT2lPbECb1V5819epkVBRPzv0aJBvjpv34MY+GuwZcA/5ys2P3KB08VqsiDIjcz8dBSr6PT4hePavvBKAR3Iy8U8BEl85AkxwPS0DCFDvio9aTgVy9BmWA0hyWiN34QYBCHqep+ApvQOWRoNf1gLQim/910FQHv/jHpPAZ/14EMGp69ZwtPPWLGjut8XsmMTu+fXdX1RPlx+KxLt5czn065oU=
C:\Windows\tasks\8b8af638-f8bc-4972-8c79-82d268796676-4.job - C:\Program Files (x86)\Senses\8b8af638-f8bc-4972-8c79-82d268796676-4.exe /rawdata=vpllmF532BogtqZuqquT81llz7ivMDD/BBF7fzR0N8UE2sRorN61+W8VQv4vbRfprAPaJUFzAYap2VGrJr2JuuJaZYfUdza0va8JxePb6I4aUkObPXvCrJNhxwtdNuWBo5sU/EqeJvsgL09yw2+h3AGPGTMByZSwLM3BGEp4IthKTuLf+5t20Ha2chwIo0F6vme19qU4vMbyetz8Us6KkfcBhbCRT0hw0up3XsyR4YijXJJ1ES03VilU4SX5ETK9YdfK6ywq6CHYoAxCvFYwmvLeOG153+V3Ph1qaq0NLRDKlQ5ITCW542/FZhjZpS6kgqNW+2F2hHdtdd0vmVLmF6UFe0DsuB+/oFrlCRVnhQ3vLoQ8dqn2qS4odNK87pWqorTuiDF9h0tAceYrd2VMQ6hgV9DZnYwC6A7+5+D9zaZc0ieTszMEFWF5Rw9G2oPWuG9TY2oBROX+ZQrR+q+wvKvitFgVEVx1EvujFh7IWDKO9yYUk5yemDZ/Hki3VRPFq01FcosAM90kRVsfcvuo9oF2GmYuKYF66TmntxS89G8Ji0+eH9WtWAS4xk341mcdRgnzNNYuNd1MUNvRSP4x1lHcy+UTIgq7O0vBRNk5JyvXsO1k2akY0dT9xnElS1qA7PuEYFEQmcYeePP9DNKXmAK4i8imocUZhbLaWP8Sdim07dZTFbuXvdtjP7QT79pSLRrTay00IWjhfyvObdSCdJ6CMCraO71roE7B3ezmr/ZP96aIh6t4zezJhkfOPFLnrYlNSDRYLFR4DhJL5RnJMpNK5OHahuTEpDMXh9DYguHu2ZfMz+lN0UL6DSTpeYtfqQ99gy3crKn7fIg1jJ+bJUy5CG2QFp5i7yvypd84efMap+KJOL4czZ0GsffruiFeyY18ELiZjbtLAlGQUQImd+lrbNNonOZim4xB/izp3bXdv0Mgl/XQcLtmyfwjPjjCYIdaN3CQG5Eg/6ynGi4Oa99ORqg2WMqGepvA9Y1FIDnTAahfFYro14O4ZkoWjOqHFXg0BZSma0PnUbmZiI1xvGNd9dsx1Nb8bNUMe6Y/QCb2bMYXdfqVcInHYcEookpZVvMJF36Q3/7p9C1Av00n5Y66rKcKD1J7p3DFFWXtWvHd9tdQBVigj1hBOlCSrlKCYZhDyq3F0jusOjL5SQLR07WKNWOEP5U7wrQ6kckraiobmkWevJVq0N1s+s4DBHea/H9TZ52MJyZ+18jNRqTgdEo7qfEwCdQ9Z+5OlKvKtOZAfhIsomPl+035FtbKJ7zPYy9OBkRykZ5H3z1liS2GkCBAJj8buoEKuMql+KHWJunb+MfNeP1nu/yuoPgwKoBkQ5Uydo+dCqmuwA94YzJL1DQdlbV9ntOwWysyEqZg+UIWP8IDVgNkM02sfWHQKm8HcaSDqdtJgx98tfpPqmzu+M7EP9zBPhCtVhAqDc8/EJfJIRLZR2Gh4Z8NPF3OSb98zlHJRehcCIJhZV7IY4AF89DWnDMea5ohUxK8PgN3tp+3h4MqZo+fpi5GeS4Ck+HeG5RpiAJCTrcCcTdUf/XCbxHzD5A0Uh93iufgJl7KSZC5pIGWzkZxRr/Q0VoRxdy3gSZNQ7xIfIxPu10yKnE1t0T77x5yUQsS6gHaDImRJMWMY3817nF8JJbF6JougLYJwti3t9sqLCh35EUwU0iSGiUVpzuHyTmHq7gllhLI651EhU1MbvzVMksPigOMGdUgsZWTWWaC4gDrVkhsiEQBVZiONqvy3CJwsWuVHE1udgk4aBQd6m3WJVwWaDTpJQGQH82oRykKHotVohdU7+MeHPvlbNslyXYpUQC0JVFYprX50FAuexCQjy4Dviv3u1x3isqQjR8g2T2Fo9j1VNif8QDGTcR2viHmubZY0+HjJnadzQWBJ6SlqKZXgTEUM5M13wFKIFhs10hIjZTJaQNa1do2YfxJVPiWVVBDLWLM0Spzh2d4YAnWcOMyMG1m1IGtjuxtYECuF9q5Ofz17y7B0KzkzUxSEcUM5pbiI96rus5F1cFfGECydQA0FFpxmL5R
C:\Windows\tasks\8b8af638-f8bc-4972-8c79-82d268796676-5.job - C:\Program Files (x86)\Senses\8b8af638-f8bc-4972-8c79-82d268796676-5.exe /rawdata=jr9tZdKgqz244hpv9qM2EuGacUUowNwDnBoUFImKsdNMuOKWyHoyc2iRgMcVMxpghmgGDtuglUzF3eWRn+gOdvkrbf6VtL1igfBH0L446EjSrl1IFIsIqEJ0cWHBcqTBskRVYTg9upG5KNNNFMQv8Fj/sreM0R5hByWZahxVNvk8QnjaXMr47On9HQXd6telP4wnyFMqrswb5/s6hHMM0WMFGTPLqpPGeH+D5nXOee0jBEVcilw2Y1RhUC4vQegRY4G4wH3Pdz7D8DcCKiI47+hVl+pDvXtkVyztOR4pOZ7H6wTbL0ItbS5wVN9qjlZtpRJ1tGy6qZCvNLKqfu5it042ahNAWRNM6CDKr7rYWS1y5nQrPFOK1ZD4XBR52UMoVSPRsxOCe+O8uMfAVIOAVV/p27MLL4ioRhIQb3C4r4b9wVxsO3vI4Sj/hKttrE5zmKyQPQ8MtvFeqnQXJnX/ZI0FBy+K+DJD2FRuKf+xNEqg39PM6Di/QMQA8UFRUyJ0DpC/sddTwdsuWPD/smpYCVHy/hQYIEjOP64ZB9QYitKQJ2TfTPMQCYafijpCwH+Uw9IHaoocms40FZkogbnXssDgNiIXBRXtSLMjEA4I8v6YUl2FGgmvLs1SxRnabvOv2g9Ptp6GMstsXwPowZhorTPF4ZBujPcZ99PN/jeBOzqPFC3+x8onBkyEaRg1Q1pEMCJlWAyzTH5Gy4hNQX7u+wu68hczOQEt28uV/u1IRsVzjMHp4AGc7jzAonbEzKrDZXclxmlUAd2a72CzugTDpxp3R4f8jQphsdjL1/XOvJcA31ikDvotAA2a26mmacLfa5+OiQP3RPZZFXsT7GrcTi8DuzUNqL+pmsC35k8xIRUY8A8B0FTJsA30QE+f3cwuoYeAbv4dtuvQRFLrv4XS+YXy02jsn9jUzA3ejNMFZ+Cu2+IgwAu3Q7R7fulQnCe8IGWGfMmK90vLYu+HWHJCmaV/jciw9Di6ATD0bsS0Hz/rWZIDD7TEPtYZZ39mOyv2RPcIEWM6XRWYfr7tDq1EwMMd9jBnO/vAun+USgsyyKhzg0VNvaCa+OWqB0xFu3TXUSklHOtTeeuCvSTcNQGPQXA4eun2OJWL7u9OGNqzajNn113yJOuQ/slFb3QnXSDYt9qzTRFM+mA2hpXAvy0YYqAPvfzIkB4e6UMb8LDGoqc=
C:\Windows\tasks\8b8af638-f8bc-4972-8c79-82d268796676-5_user.job - C:\Program Files (x86)\Senses\8b8af638-f8bc-4972-8c79-82d268796676-5.exe /rawdata=jr9tZdKgqz244hpv9qM2EuGacUUowNwDnBoUFImKsdNMuOKWyHoyc2iRgMcVMxpghmgGDtuglUzF3eWRn+gOdvkrbf6VtL1igfBH0L446EjSrl1IFIsIqEJ0cWHBcqTBskRVYTg9upG5KNNNFMQv8Fj/sreM0R5hByWZahxVNvk8QnjaXMr47On9HQXd6telP4wnyFMqrswb5/s6hHMM0WMFGTPLqpPGeH+D5nXOee0jBEVcilw2Y1RhUC4vQegRY4G4wH3Pdz7D8DcCKiI47+hVl+pDvXtkVyztOR4pOZ7H6wTbL0ItbS5wVN9qjlZtpRJ1tGy6qZCvNLKqfu5it042ahNAWRNM6CDKr7rYWS1y5nQrPFOK1ZD4XBR52UMoVSPRsxOCe+O8uMfAVIOAVV/p27MLL4ioRhIQb3C4r4b9wVxsO3vI4Sj/hKttrE5zmKyQPQ8MtvFeqnQXJnX/ZI0FBy+K+DJD2FRuKf+xNEqg39PM6Di/QMQA8UFRUyJ0DpC/sddTwdsuWPD/smpYCVHy/hQYIEjOP64ZB9QYitKQJ2TfTPMQCYafijpCwH+Uw9IHaoocms40FZkogbnXssDgNiIXBRXtSLMjEA4I8v6YUl2FGgmvLs1SxRnabvOv2g9Ptp6GMstsXwPowZhorTPF4ZBujPcZ99PN/jeBOzqPFC3+x8onBkyEaRg1Q1pEMCJlWAyzTH5Gy4hNQX7u+wu68hczOQEt28uV/u1IRsVzjMHp4AGc7jzAonbEzKrDZXclxmlUAd2a72CzugTDpxp3R4f8jQphsdjL1/XOvJcA31ikDvotAA2a26mmacLfa5+OiQP3RPZZFXsT7GrcTi8DuzUNqL+pmsC35k8xIRUY8A8B0FTJsA30QE+f3cwuoYeAbv4dtuvQRFLrv4XS+YXy02jsn9jUzA3ejNMFZ+Cu2+IgwAu3Q7R7fulQnCe8IGWGfMmK90vLYu+HWHJCmaV/jciw9Di6ATD0bsS0Hz/rWZIDD7TEPtYZZ39mOyv2ZAlHid0H1VxWQ7LIO+CnAACnnacyVTkeT8oYu/VYA20hDQ81pm50097aVH6RfbcLHqSvoW1wI1CSepIYkx2n+OjcxvxZ++EkEWdamma4trIiLunrBALatUmf491r4etXlZl/HnLIVSoYGLq2WKWIIdt8uobKwNXslJG/z14n2M8=
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\dsmonitor.job - C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3635118404-1531409289-2213508233-1000Core.job - C:\Users\Doan\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3635118404-1531409289-2213508233-1000UA.job - C:\Users\Doan\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /c
C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\HPCeeScheduleForDOAN-HP$.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForDOAN-HP$ (null)
C:\Windows\tasks\HPCeeScheduleForDoan.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForDoan (null)
C:\Windows\tasks\Malwarebytes Anti-Exploit.job - C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe "C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\Doan\AppData\Roaming\Mozilla\Firefox\Profiles\vnle7zg0.default-1414345479689

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/MycameraPlugin]
"Description"=Canon MycameraPlugin
"Path"=C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33]
"Description"=
"Path"=C:\Windows\SysWOW64\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL


C:\Users\Doan\AppData\Roaming\Mozilla\Firefox\Profiles\vnle7zg0.default-1414345479689\extensions\
warnerroberts@hotmail.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611191115}]
Senses - C:\Program Files (x86)\Senses\Senses-bho64.dll [2014-10-12 758176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-01-21 6723984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}]
TrueSuite Website Log On - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-01-16 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-29 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611191115}]
Senses - C:\Program Files (x86)\Senses\Senses-bho.dll [2014-10-12 563616]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-08-07 329520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{980b8a8f-ea0b-4c24-a2e9-70635e2502e9}]
PodoWeb - C:\Program Files (x86)\PodoWeb\PodoWebbho.dll [2014-10-12 250136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-08-07 59184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-12-17 2480936]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-07-21 8192]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-12-17 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-12-17 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-12-17 418328]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-12-02 524800]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe []
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-10-21 21720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-11-22 2736128]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2014-10-21 1938624]
"PCSpeedUp"=C:\Program Files (x86)\Zrychleni Pocitace\PCSpeedUp.lnk []
"Facebook Update"=C:\Users\Doan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-27 138096]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"Uprubo"=C:\Users\Doan\AppData\Local\Temp\Pacya\uprubo.exe []
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-09-13 283160]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-12-30 336384]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-11-09 586296]
"Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2010-12-13 61112]
"HPOSD"=C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2010-12-13 318520]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"UnlockerAssistant"=C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"DivXMediaServer"=C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe []
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-10-01 152392]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"mobilegeni daemon"=Ä??{ []
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-01-21 91520]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
ImageBrowser EX Agent.lnk - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
SolidWorks Nástroj pro stahování na pozadí.lnk - C:\Program Files (x86)\Common Files\Manažer instalací SolidWorks\BackgroundDownloading\sldBgDwld.exe

C:\Users\Doan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
DesktopWeatherAlerts.lnk - C:\Users\Doan\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
Weather Alerts.lnk - C:\Users\Doan\AppData\Local\WeatherAlerts\WeatherAlerts.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-12-17 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-01-21 6723984]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2011-01-29 52920]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux2"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-10-29 22:33:47 ----D---- C:\Program Files\trend micro
2014-10-29 22:33:44 ----D---- C:\rsit
2014-10-29 11:14:22 ----A---- C:\Windows\system32\drivers\{d04f5c84-12ff-4486-8e31-240e7ca6e6d3}w64.sys
2014-10-28 12:32:40 ----D---- C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321
2014-10-27 11:23:02 ----A---- C:\Windows\system32\drivers\{19b94dbb-e67e-43ec-827b-c943f0fc9c16}w64.sys
2014-10-23 08:24:16 ----A---- C:\Windows\system32\drivers\{972b8ad0-9d6f-4688-9227-759df6914df4}w64.sys
2014-10-22 10:20:01 ----D---- C:\Program Files (x86)\Microsoft Games
2014-10-18 10:33:30 ----D---- C:\Casino
2014-10-16 16:52:15 ----D---- C:\ProgramData\Sony Corporation
2014-10-16 16:52:14 ----D---- C:\Program Files (x86)\Sony
2014-10-16 12:13:07 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-16 12:13:04 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-10-12 19:09:37 ----A---- C:\Windows\system32\drivers\{00c97d86-accb-4288-9972-6d929c1fe93a}w64.sys
2014-10-12 18:17:17 ----A---- C:\Users\Doan\AppData\Roaming\CXNAYXY.exe
2014-10-12 18:16:49 ----A---- C:\Users\Doan\AppData\Roaming\BOBBU.exe
2014-10-12 18:16:36 ----D---- C:\Program Files (x86)\globalUpdate
2014-10-12 18:16:33 ----D---- C:\Program Files (x86)\Senses
2014-10-12 18:06:05 ----D---- C:\Program Files (x86)\winhotspot
2014-10-12 18:05:14 ----D---- C:\Program Files (x86)\Seznam.cz
2014-10-12 18:04:59 ----D---- C:\Users\Doan\AppData\Roaming\Seznam.cz
2014-10-12 18:04:17 ----D---- C:\Program Files (x86)\PodoWeb
2014-10-02 20:57:19 ----D---- C:\ProgramData\GFACE

======List of files/folders modified in the last 1 month======

2014-10-29 22:49:49 ----D---- C:\Windows\Temp
2014-10-29 22:47:51 ----D---- C:\Windows\Prefetch
2014-10-29 22:33:47 ----RD---- C:\Program Files
2014-10-29 20:42:34 ----SHD---- C:\Windows\Installer
2014-10-29 20:42:34 ----SHD---- C:\Config.Msi
2014-10-29 17:45:56 ----D---- C:\Program Files (x86)\Steam
2014-10-29 15:22:51 ----A---- C:\Windows\win.ini
2014-10-29 14:01:17 ----SHD---- C:\System Volume Information
2014-10-29 13:47:31 ----D---- C:\Windows\system32\config
2014-10-29 11:14:42 ----A---- C:\Windows\SYSWOW64\log.txt
2014-10-29 11:14:22 ----D---- C:\Windows\system32\drivers
2014-10-28 23:05:29 ----D---- C:\Windows\tracing
2014-10-28 22:03:55 ----D---- C:\Windows\System32
2014-10-28 22:03:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-10-28 22:03:54 ----D---- C:\Windows\inf
2014-10-28 12:32:40 ----HD---- C:\ProgramData
2014-10-22 10:20:02 ----RSD---- C:\Windows\Fonts
2014-10-22 10:20:02 ----D---- C:\Windows\SysWOW64
2014-10-22 10:20:01 ----D---- C:\Program Files (x86)
2014-10-18 16:15:25 ----D---- C:\Windows\Tasks
2014-10-18 16:15:25 ----D---- C:\Windows\system32\Tasks
2014-10-18 09:18:27 ----D---- C:\Windows\system32\catroot2
2014-10-16 12:20:05 ----D---- C:\Program Files (x86)\Google
2014-10-15 22:48:20 ----D---- C:\Users\Doan\AppData\Roaming\TS3Client
2014-10-12 18:17:37 ----D---- C:\Program Files\Common Files
2014-10-12 18:09:03 ----AD---- C:\ProgramData\Temp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2010-08-12 30008]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-09-13 437272]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2011-01-29 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-07 270912]
R1 Eve;EVE Protocol Driver; C:\Windows\system32\DRIVERS\eve.sys [2013-01-04 39064]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2010-08-12 43320]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-12-31 8281600]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-12-31 292864]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-05-17 3065408]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2012-07-06 80384]
R3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-07-20 102952]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2010-07-20 135720]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-07-20 21544]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-12-10 31088]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2010-12-17 12256512]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2010-12-08 329832]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-10-19 406632]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-12-02 520192]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-12-17 1403440]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S0 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys []
S3 AVerAF35;HP USB DVB-T TV Tuner; C:\Windows\System32\Drivers\HPAF35.sys [2009-10-19 511104]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552448]
S3 ew_mbbusbdev;MBB USB PNP Device; C:\Windows\system32\DRIVERS\ew_mbbusbdev.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2011-03-18 74376]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2011-03-18 85384]
S3 giveio;giveio; \??\C:\Windows\giveio.sys [2008-06-20 5248]
S3 HPIR;HP TV Tuner Infrared Receiver; C:\Windows\system32\DRIVERS\HPIR.sys [2009-11-16 93184]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-12-17 12256512]
S3 massfilter;Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2010-02-22 11776]
S3 mbbdatacard;MBB DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []
S3 VSPerfDrv110;Performance Tools Driver 11.0; \??\C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2012-07-13 70264]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-12-31 203776]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-07-29 951584]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2011-02-23 125496]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2010-08-12 30520]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-11-22 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-11-23 325656]
R2 MaintainerSvc6.89.573444;MaintainerSvc6.89.573444; C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321\maintainer.exe [2014-10-28 123632]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\NLSSRV32.EXE [2012-04-12 69640]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-07-15 75136]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2012-02-11 129624]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2010-12-02 275968]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
R2 Update PodoWeb;Update PodoWeb; C:\Program Files (x86)\PodoWeb\updatePodoWeb.exe [2014-10-29 523504]
R2 Util PodoWeb;Util PodoWeb; C:\Program Files (x86)\PodoWeb\bin\utilPodoWeb.exe [2014-10-29 523504]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2011-01-25 791608]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-10-01 641352]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-10-21 833728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 globalUpdate;globalUpdate Update Service (globalUpdate); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-12 68608]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 107912]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25 267440]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-07-25 139776]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-12 68608]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16 107912]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-11 114288]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe -d -f C:\Program Files (x86)\WinPcap\rpcapd.ini []
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 Te.Service;Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-19 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139680]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139680]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139680]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Po spusteni probehne stazeni databaze
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

# AdwCleaner v3.311 - Report created 30/10/2014 at 14:38:19
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : Doan - DOAN-HP
# Running from : C:\Users\Doan\Desktop\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
[#] Service Deleted : Update PodoWeb
[#] Service Deleted : Util PodoWeb
Service Deleted : {00c97d86-accb-4288-9972-6d929c1fe93a}w64
Service Deleted : {16d667ee-6782-4b21-81df-8ded8ebc3868}w64
Service Deleted : {19b94dbb-e67e-43ec-827b-c943f0fc9c16}w64
Service Deleted : {972b8ad0-9d6f-4688-9227-759df6914df4}w64
Service Deleted : {d04f5c84-12ff-4486-8e31-240e7ca6e6d3}w64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\contaiynuettosaovve
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Folder Deleted : C:\Program Files (x86)\Advanced System Protector
Folder Deleted : C:\Program Files (x86)\continuetosave
Folder Deleted : C:\Program Files (x86)\globalUpdate
[!] Folder Deleted : C:\Program Files (x86)\PodoWeb
Folder Deleted : C:\Program Files (x86)\SimilarSites
Folder Deleted : C:\Program Files (x86)\Systweak Support Dock
Folder Deleted : C:\Program Files (x86)\Uniblue
Folder Deleted : C:\Program Files (x86)\WebSearch
Folder Deleted : C:\Program Files (x86)\Senses
[!] Folder Deleted : C:\Program Files (x86)\PodoWeb
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\Doan\AppData\Local\genienext
Folder Deleted : C:\Users\Doan\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Doan\AppData\Local\Local_Weather_LLC
Folder Deleted : C:\Users\Doan\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Doan\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Doan\AppData\Local\PackageAware
Folder Deleted : C:\Users\Doan\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Doan\AppData\Local\visi_coupon
Folder Deleted : C:\Users\Doan\AppData\Local\WeatherAlerts
Folder Deleted : C:\Users\Doan\AppData\Local\Temp\PodoWeb
Folder Deleted : C:\Users\Doan\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Doan\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\Doan\AppData\LocalLow\contaiynuettosaovve
Folder Deleted : C:\Users\Doan\AppData\LocalLow\Senses
Folder Deleted : C:\Users\Doan\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Doan\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Doan\AppData\Roaming\NCdownloader
Folder Deleted : C:\Users\Doan\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Doan\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Doan\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Doan\AppData\Roaming\SimilarSites
Folder Deleted : C:\Users\Doan\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Doan\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Doan\AppData\Roaming\YourFileDownloader
Folder Deleted : C:\Users\Doan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
Folder Deleted : C:\Users\Public\Documents\Goobzo
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Users\Public\Documents\YTAHelper
Folder Deleted : C:\Users\Doan\AppData\Roaming\Mozilla\Firefox\Profiles\vnle7zg0.default-1414345479689\Extensions\warnerroberts@hotmail.com
Folder Deleted : C:\Users\Doan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfjbgbmjaheanejhaompcejgiebnlioo
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\drivers\{00c97d86-accb-4288-9972-6d929c1fe93a}w64.sys
File Deleted : C:\Windows\System32\drivers\{16d667ee-6782-4b21-81df-8ded8ebc3868}w64.sys
File Deleted : C:\Windows\System32\drivers\{19b94dbb-e67e-43ec-827b-c943f0fc9c16}w64.sys
File Deleted : C:\Windows\System32\drivers\{972b8ad0-9d6f-4688-9227-759df6914df4}w64.sys
File Deleted : C:\Windows\System32\drivers\{d04f5c84-12ff-4486-8e31-240e7ca6e6d3}w64.sys
File Deleted : C:\Users\Doan\daemonprocess.txt
File Deleted : C:\Users\Doan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk
File Deleted : C:\Users\Doan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
File Deleted : C:\Users\Doan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk

***** [ Scheduled Tasks ] *****

Task Deleted : dsmonitor
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : YourFile DownloaderUpdate
Task Deleted : 8b8af638-f8bc-4972-8c79-82d268796676-1
Task Deleted : 8b8af638-f8bc-4972-8c79-82d268796676-11
Task Deleted : 8b8af638-f8bc-4972-8c79-82d268796676-2
Task Deleted : 8b8af638-f8bc-4972-8c79-82d268796676-3
Task Deleted : 8b8af638-f8bc-4972-8c79-82d268796676-4
Task Deleted : 8b8af638-f8bc-4972-8c79-82d268796676-5
Task Deleted : 8b8af638-f8bc-4972-8c79-82d268796676-5_user

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\angobeimajilfhlcpeiccndaifchnppl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [pcspeedup]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\appshat-distribution_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\appshat-distribution_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PodoWeb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PodoWeb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatePodoWeb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatePodoWeb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilPodoWeb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilPodoWeb_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update PodoWeb
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util PodoWeb
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_daemon-tools_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_daemon-tools_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pspad_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pspad_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_steam (1)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_steam (1)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611191115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192215}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{980b8a8f-ea0b-4c24-a2e9-70635e2502e9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196615}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644194415}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{b3d6b511-4d77-44db-a459-938d9e6995f7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611191115}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{980b8a8f-ea0b-4c24-a2e9-70635e2502e9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611191115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{980b8a8f-ea0b-4c24-a2e9-70635e2502e9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444C3C5-6C56-4A16-A453-832B05BF6EA4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611191115}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192215}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195515}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196615}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611191115}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabylonChromeExtension
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\PodoWeb
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Senses
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Goobzo
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\MediaPlayerV1
Key Deleted : HKLM\SOFTWARE\MediaViewerV1
Key Deleted : HKLM\SOFTWARE\MediaViewV1
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\PodoWeb
Key Deleted : HKLM\SOFTWARE\SafetyNut
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Senses
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DesktopWeatherAlerts
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Senses
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PodoWeb
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v33.0 (x86 cs)

[ File : C:\Users\Doan\AppData\Roaming\Mozilla\Firefox\Profiles\vnle7zg0.default-1414345479689\prefs.js ]

Line Deleted : user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7B%22[...]
Line Deleted : user_pref("extensions.crossrider.bic", "149513a420e095786ecdaf0cfbfde8cb");

-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Doan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f02730fa000000000000cc52af95c0f3&tlver=1.4.19.19&affID=16553
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYCZ&apn_uid=d1bbb88d-b76c-4f2c-a5fb-ffe6f194bf09&apn_sauid=5B469E58-04D5-4369-9923-45823BC76DDB

*************************

AdwCleaner[R0].txt - [27706 octets] - [30/10/2014 13:17:04]
AdwCleaner[R1].txt - [27767 octets] - [30/10/2014 13:40:28]
AdwCleaner[S0].txt - [26476 octets] - [30/10/2014 14:38:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26537 octets] ##########

Jeste aplikujte Zoek

Zoek.exe v5.0.0.0 Updated 31-10-2014
Tool run by Doan on p  31.10.2014 at 23:34:13,63.
Microsoft Windows 7 Home Premium 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Doan\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

31.10.2014 23:38:55 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3635118404-1531409289-2213508233-1000\Software\Microsoft\Internet Explorer\SearchScopes\{49A5EB47-3AA6-4D1C-801B-D95537A44AF3} deleted successfully
HKEY_USERS\S-1-5-21-3635118404-1531409289-2213508233-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} deleted successfully
HKEY_USERS\S-1-5-21-3635118404-1531409289-2213508233-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E92A8F76-8A6E-4077-92A2-7C84F151774E} deleted successfully
HKEY_USERS\S-1-5-21-3635118404-1531409289-2213508233-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3c2916e9-9142-4201-a837-764ac9cdbb81} deleted successfully
HKEY_USERS\S-1-5-21-3635118404-1531409289-2213508233-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3c2916e9-9142-4201-a837-764ac9cdbb81} deleted successfully
HKEY_USERS\S-1-5-21-3635118404-1531409289-2213508233-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} deleted successfully
HKEY_USERS\S-1-5-21-3635118404-1531409289-2213508233-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B} deleted successfully
HKEY_USERS\S-1-5-21-3635118404-1531409289-2213508233-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338A754C-B46E-4BF2-8AC8-23DE36862AD3} deleted successfully
HKEY_USERS\S-1-5-21-3635118404-1531409289-2213508233-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611511123} deleted successfully
HKEY_USERS\S-1-5-21-3635118404-1531409289-2213508233-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\S-1-5-21-3635118404-1531409289-2213508233-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3c2916e9-9142-4201-a837-764ac9cdbb81} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{643bd3c3-2737-41ec-b96d-749e7666aa6d} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{b319a293-8766-45ab-95ce-b96f1bc2dc4a} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3635118404-1531409289-2213508233-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaPlayerV1alpha1442.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaViewerV1alpha1592.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaViewV1alpha912.net deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Doan\AppData\Roaming\Mozilla\Firefox\Profiles\vnle7zg0.default-1414345479689\prefs.js:

Added to C:\Users\Doan\AppData\Roaming\Mozilla\Firefox\Profiles\vnle7zg0.default-1414345479689\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Doan\AppData\Roaming\Mozilla\Firefox\Profiles\vnle7zg0.default-1414345479689

user.js not found
---- Lines PodoWeb removed from prefs.js ----
user_pref("extensions.PodoWeb.asul", "1414603468249");
user_pref("extensions.PodoWeb.aul", "1414671522551");
user_pref("extensions.PodoWeb.irl", true);
user_pref("extensions.PodoWeb.is", "smdvcz");
user_pref("extensions.PodoWeb.ug", "EF492ED6-6DB2-4412-B16A-9084A0E0DE38");
---- Lines awarnerrobertshotmailcom61915 removed from prefs.js ----
user_pref("extensions.awarnerrobertshotmailcom61915.61915.active", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.addressbar", "NA");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.addressbarenhanced", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.asyncdb.was_copied", "true");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.asyncinternaldb.was_copied", "true");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.backgroundver", 1);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.certdomaininstaller", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallationTime.value", "%221413134182%22");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000805%22%2C%22sub_id%22%3A%220%22%2
user_pref("extensions.awarnerrobertshotmailcom61915.61915.description", ".");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.domain", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.enablesearch", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.homepage", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.changeprevious", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.iframe", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.InstallationThankYouPage", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.InstallationTime", 1413134182);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.__defualt_browser__.value", "%22ff%22");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%2220
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2220A5276225E74E9B8148225
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000805%22%2C%22sub_id%22%3A%220%
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000805%22%2C%22sub_id%22%3A
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%2220A5276225E74E
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100")
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT+01
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_last_executable_request.expiration", "Thu Oct 30 2014 10:32:2
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_last_executable_request.value", "%22http%3A//images.malwarere
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT+010
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_appVer.value", "44");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_nextCheck.expiration", "Thu Oct 30 2014 19:18:39 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.lastDailyReport", "1414671513646");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.lastUpdate", "1414671512769");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.manifesturl", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.name", "Sense1");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.newtab", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.opensearch", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.pluginsurl", "http://js.newinfoclientstack.com/plugin ... ugins.json"
user_pref("extensions.awarnerrobertshotmailcom61915.61915.pluginsversion", 40);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.publisher", "Object Browser");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.searchstatus", 0);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.setnewtab", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.thankyou", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.updateinterval", 360);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.ver", 44);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncdb_dbWasSet", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncinternaldb_dbWasSet", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comawarnerrobertshotmailcom61915_dbWasSet", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comawarnerrobertshotmailcom61915_dbWasSet_FF25_FIX", true);
user_pref("extensions.awarnerrobertshotmailcom61915.apps", "61915");
user_pref("extensions.awarnerrobertshotmailcom61915.bic", "149513a420e095786ecdaf0cfbfde8cb");
user_pref("extensions.awarnerrobertshotmailcom61915.cid", 61915);
user_pref("extensions.awarnerrobertshotmailcom61915.firstrun", false);
user_pref("extensions.awarnerrobertshotmailcom61915.hadappinstalled", true);
user_pref("extensions.awarnerrobertshotmailcom61915.installationdate", 1414407013);
user_pref("extensions.awarnerrobertshotmailcom61915.modetype", "production");
user_pref("extensions.awarnerrobertshotmailcom61915.reportInstall", true);
user_pref("extensions.awarnerrobertshotmailcom61915.statsDailyCounter", 4);
---- FireFox user.js and prefs.js backups ----

prefs_01.11.2014_0005_.backup

==== Batch Command(s) Run By Tool======================

C:\Windows\system32\appdata deleted

==== Deleting Files \ Folders ======================

C:\Windows\syswow64\appdata deleted
C:\extensions.sqlite deleted
C:\extensions.ini deleted
C:\Users\Doan\AppData\Roaming\GetRightToGo deleted
C:\Users\Doan\AppData\Roaming\ICQ Search deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\SearchNewTab deleted
C:\PROGRA~3\ICQ deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Doan\AppData\Local\cache deleted
C:\Users\Doan\AppData\Local\Installer deleted
C:\Users\Doan\AppData\Local\CrashRpt deleted
C:\Users\Public\sdelevURL.tmp deleted
C:\Users\Doan\AppData\LocalLow\Yahoo! deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Yahoo! deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\shoFE6A.tmp deleted
C:\Users\Doan\AppData\Roaming\Mozilla\Firefox\Profiles\vnle7zg0.default-1414345479689\extensions\staged deleted
C:\Users\Doan\AppData\Roaming\BOBBU.exe deleted
C:\Users\Doan\AppData\Roaming\CXNAYXY.exe deleted
"C:\Users\Doan\AppData\Local\LumaEmu" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Doan\AppData\Roaming\Mozilla\Firefox\Profiles\vnle7zg0.default-1414345479689
- PodoWeb - %ProfilePath%\extensions\{19b94dbb-e67e-43ec-827b-c943f0fc9c16}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Doan\AppData\Roaming\Mozilla\Firefox\Profiles\vnle7zg0.default-1414345479689
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
DCB0BCEF594E2C410793C4A823C318F3 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll - Shockwave for Director / Shockwave for Director
4EB1BF40E5CF06AC0C0CA3606B7588D7 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 6.0.330.5
B932CB0D859B981C99B90F3BEAE017B7 - C:\Users\Doan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


==== Deleted Firefox Extensions ======================

C:\Users\Doan\AppData\Roaming\Mozilla\Firefox\Profiles\vnle7zg0.default-1414345479689\extensions\{19b94dbb-e67e-43ec-827b-c943f0fc9c16}.xpi deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
godimpbmfohihoaikgfknnnmlncabkkp - C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp\coc.crx[29.06.2014 14:54]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Doan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[]

Babylon Chrome OCR - Doan\AppData\Local\Chromium\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Website Logon - Doan\AppData\Local\Chromium\User Data\Default\Extensions\nhfpefkeidlhbjljfdojcnngjbddgein
Re§im ECHO je vypnut. - Doan\AppData\Local\Google\Chrome\User Data\Default\Extensions\godimpbmfohihoaikgfknnnmlncabkkp
Senses - Doan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lohbonfeioofpgpcmebnncnmiobojbgk

==== Chromium Startpages ======================

C:\Users\Doan\AppData\Local\Chromium\User Data\Default\Preferences
"homepage": "http://www.search.ask.com/?o=APN10640A& ... 83-110&t=4",
"homepage": "http://www.search.ask.com/?o=APN10640A& ... 83-110&t=4",


==== Chromium Fix ======================

C:\Users\Doan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultfriendfinder.com_0.localstorage deleted successfully
C:\Users\Doan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultfriendfinder.com_0.localstorage-journal deleted successfully
C:\Users\Doan\AppData\Local\Chromium\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully
C:\Users\Doan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully
C:\Users\Doan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lohbonfeioofpgpcmebnncnmiobojbgk deleted successfully
C:\Users\Doan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lohbonfeioofpgpcmebnncnmiobojbgk_0.localstorage deleted successfully
C:\Users\Doan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lohbonfeioofpgpcmebnncnmiobojbgk_0.localstorage-journal deleted successfully
C:\Users\Doan\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lohbonfeioofpgpcmebnncnmiobojbgk_0 deleted successfully
C:\Users\Doan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lohbonfeioofpgpcmebnncnmiobojbgk deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com"
"Default_Page_URL"="http://www.bing.com?pc=HPNTDF"
"Search Bar"="http://www.bing.com"
"ICQ Search"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.yahoo.com"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.yahoo.com"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.bing.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{59CED043-13C4-432C-9179-815F533C2CE1} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTer ... arch_13415"
{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} Bing Url="http://www.bing.com/search?q={searchTer ... -SearchBox"

==== Reset Google Chrome ======================

C:\Users\Doan\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully
C:\Users\Doan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Doan\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
C:\Users\Doan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7E1DD019-EAB7-4103-A4E4-AFD49E6A760C} deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Doan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Doan\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Doan\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Doan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Doan\AppData\Local\Mozilla\Firefox\Profiles\vnle7zg0.default-1414345479689\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Doan\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Doan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=501 folders=418 1307948123 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Doan\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Doan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Doan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Doan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NTQ6DKXE\empire.static.zgncdn.com" not found
"C:\Users\Doan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NTQ6DKXE\staticedge.hardsextube.com" not found

==== EOF on so 01.11.2014 at 0:19:52,77 ======================

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100