Prosím o kontrolu logu

roman m · Příspěvekod **roman m** » 25 lis 2015 19:13

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:10:03, on 25/11/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18098)
CHROME: 6.0.0.12757
FIREFOX: 42.0 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IObit\Smart Defrag 4\SmartDefrag.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\IObit\IObit Uninstaller\IObitDownloader.exe
C:\Program Files\M-Audio\M-Track\MAPanel.exe
C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe
C:\Program Files\Opera\22.0.1471.50\opera.exe
C:\Program Files\Opera\22.0.1471.50\opera_crashreporter.exe
C:\Program Files\Opera\22.0.1471.50\opera.exe
C:\Program Files\Opera\22.0.1471.50\opera.exe
C:\Program Files\Opera\22.0.1471.50\opera.exe
C:\Program Files\Opera\22.0.1471.50\opera.exe
C:\Program Files\Opera\22.0.1471.50\opera.exe
C:\Users\roman\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com/?fr=hp-avast&type=agc511
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://uk.search.yahoo.com/yhs/search? ... yhs-001&p={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com/?fr=hp-avast&type=agc511
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com/?fr=hp-avast&type=agc511
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://uk.search.yahoo.com/yhs/search? ... yhs-001&p={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {8b617b00-279e-42ff-beac-1f7a8f41ca13} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O3 - Toolbar: (no name) - {8b617b00-279e-42ff-beac-1f7a8f41ca13} - (no file)
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [M-Audio Panel Launcher] C:\PROGRA~1\M-Audio\M-Track\MAPanel.exe 0
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\roman\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\tray.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 8] "C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 8 (AdvancedSystemCareService8) - IObit - C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: M-Track Audio Device Monitor (MTrackAudioDevMon) - M-Audio - C:\Program Files\M-Audio\M-Track\AudioDevMon.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files\Origin\OriginClientService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7425 bytes

Reklama

Příspěvekod **jaro3** » 26 lis 2015 09:00

Odinstaluj:
IObit\Advanced SystemCare 8

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na „Logfile“ ,objeví log ( jinak je uložen systémovem disku jako AdwCleaner[C?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

roman m · Příspěvekod **roman m** » 26 lis 2015 22:20

TFC nejde stahnout!!# AdwCleaner v5.022 - Logfile created 26/11/2015 at 19:49:54
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : roman - ROMAN-PC
# Running from : C:\Users\roman\Desktop\adwcleaner_5.022.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

File Found : C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\hrpuqyjr.default\user.js

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

***** [ Web browsers ] *****

[C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\hrpuqyjr.default\prefs.js] [Preference] Found : user_pref("network.hxxp.request.max-start-delay", 0);

########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [1054 bytes] ########## v tym Malwarebytes' Anti-Malware jsem nepobral jak ti tady mam dat ten log jake b] a [/b] to tady mackam na klavesnici jak blazen a nic. je tam ulozit vysledky tam jsem tam dal kopirovat do schranky ale kde to najdu to nevim. uz opravdu nechybi moc a kupuju si apple to je porad neco

Příspěvekod **jaro3** » 27 lis 2015 08:47

moje chyba:
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Cleaning (Vymazat)“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

roman m · Příspěvekod **roman m** » 06 pro 2015 14:40

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 06/12/2015
Cas skenování: 12:08
Protokol: malwarebytes.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.12.06.02
Databáze rootkitu: v2015.11.26.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: roman

Typ skenu: Sken hrozeb
Výsledek: Dokonceno
Prohledaných objektu: 337423
Uplynulý cas: 22 min, 58 sek

Pamet: Zapnuto
Po spuštení: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíce registru: 113
PUP.Optional.HomeTab, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8b617b00-279e-42ff-beac-1f7a8f41ca13}, , [d406c9d85e2d0c2a644d9dadb9496799],
PUP.Optional.HomeTab, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8B617B00-279E-42FF-BEAC-1F7A8F41CA13}, , [d406c9d85e2d0c2a644d9dadb9496799],
PUP.Optional.HomeTab, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8B617B00-279E-42FF-BEAC-1F7A8F41CA13}, , [d406c9d85e2d0c2a644d9dadb9496799],
PUP.Optional.HomeTab, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\lkcfnokgklfkmdchkhpdjjmkhmjpcplg, , [8654e5bce0ab152107d2335d04ff52ae],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9D6C776E-E1E9-4511-ADA8-A41767D0E922}, , [4f8badf4d2b9b48259ae2462ca39847c],
PUP.Optional.BrowserUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Browser Updater, , [9d3d4160206b8aacd8a6730a24df7a86],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\c8470bad-6418-48e6-9c78-c736c9cf9191-1, , [fbdf614090fbea4cc54566200df6c937],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\c8470bad-6418-48e6-9c78-c736c9cf9191-11, , [6377fea36922191d4cbeff877e858878],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\c8470bad-6418-48e6-9c78-c736c9cf9191-2, , [0bcf802145467abcf1192c5a93708c74],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\c8470bad-6418-48e6-9c78-c736c9cf9191-3, , [e8f248591e6d0036f812cdb9e81b738d],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\c8470bad-6418-48e6-9c78-c736c9cf9191-4, , [08d2c0e10883d66020ea5e281ee55fa1],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\c8470bad-6418-48e6-9c78-c736c9cf9191-5, , [42986a378cff64d29b6f9beb847fad53],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\c8470bad-6418-48e6-9c78-c736c9cf9191-5_user, , [b02a930ea1eaa78f9773018513f0bc44],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\c8470bad-6418-48e6-9c78-c736c9cf9191-6, , [9f3b5d440982ad890307b1d5f40f3fc1],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\c8470bad-6418-48e6-9c78-c736c9cf9191-7, , [9b3f663b6b202e08b555127450b36a96],
PUP.Optional.ProtectedSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ProtectedSearch, , [98422c7515766acc7a26a0033ac934cc],
PUP.Optional.HomeTab, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SystemSockets, , [9248bfe28506132316c693fdde2533cd],
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [c01a732e7417e74f346544aa7e85639d],
PUP.Optional.PlusHD, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-V1.1, , [7d5d6839612a6fc7adbd4a578f743fc1],
PUP.Optional.PlusHD, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-V1.6, , [dbff7c25a0ebdb5b2a403e63a75c8779],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11A81C10-C1C2-4396-B9E3-2B39EFDA3C89}, , [637788195b30023433b4295cbd469868],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{15ADC0E8-6C31-42D0-B542-9437D19BC32F}, , [5a80c7da0388290d6f786e17a360dd23],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{16CABD3E-31C8-4D49-9716-694D902A14C4}, , [7d5d643dfa9143f37572325343c07c84],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1BD53651-F529-418A-983C-56FB1DCCBDBE}, , [4a907f22b9d242f4f7f1790c34cffe02],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{23BDD1B3-3761-4961-AE7B-23BB673A4FE9}, , [3c9e059c04875cdab6327c09cf34d62a],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{25470D05-64B0-4E49-9281-592588DDFDD7}, , [4694643d6a213402db0d4f36e2215ca4],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{272706A2-DB83-4900-AD22-1C3BFB3CD2AD}, , [36a4455c3a51b2843fa8e69fa95a01ff],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{298D762F-A036-40D4-AA24-3272F3B8BB1C}, , [bf1b960b6f1caf876e7a4441ac57bd43],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2A6907A5-DE65-44BE-A82F-7432DC92891B}, , [1fbb8e1308831026d710790c1fe4659b],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2DFBA13D-E414-4C0B-BF11-16D4C3E35C84}, , [a931564bbecdd2644e9986ff04ff33cd],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E074D60-7C23-4AB7-B934-CE93803BE7F2}, , [aa30bbe6dfac92a49d4b1c6934cfe31d],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36425656-B2C1-4F28-AA18-905FEC616241}, , [d8021190830814226a7d6e173ec5f10f],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A9B01A4-78B4-4FA3-B89E-437CE4B14FA5}, , [9c3e0c950784320444a4b7ceca393cc4],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3AE5F546-9A88-45C8-85C5-668CB857CED8}, , [ba200e933f4c51e56285c6bf5da6f20e],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B67C060-B6A9-428A-835E-7FDE76781637}, , [6a70e7ba8803b185f1f7256013f00df3],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3DA03F08-2D24-4BC0-A6B1-B4C72D991589}, , [fcdeadf496f52f07cb1deb9a91720000],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3FC6CCF1-B764-4DC2-907B-7F5F8976A3CF}, , [2ab0653c8ffc5ed83fa9dca90af926da],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3FE567C2-ECFF-49C1-BB9C-B9C8D2CFD453}, , [cd0dd9c8018ae35341a7a9dcf21154ac],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{425E303A-D8D5-4512-B0F4-A631D07FBC95}, , [b327079ad8b36fc7df08dea73dc6de22],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{42CE7DFD-EDBB-45D8-ABF8-9B445EA23533}, , [47934e53800b59dd20c793f220e38878],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4481828C-80BD-44D1-861F-C11BD28F72CF}, , [f3e72b76e0abd5614b9de79e2dd6f40c],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{448A3CB4-8AF7-40A2-B33F-112250C884CC}, , [5f7b8a1754370c2a44a34c3925dea25e],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{46B57809-E47F-4F34-94D7-49B4EEA3CC61}, , [ce0c2978c1ca49ed3ea97e0729da03fd],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4A6978B9-3BCE-43C6-A9A5-46BB73A8854C}, , [19c1564bf398ef47dc0c3b4ae41fda26],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4ADDF608-7152-42C7-9A87-13E459E85989}, , [1bbfc2df72190f276385127334cff40c],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{525DA31F-91A1-442B-B0AA-4CB1375C3A5B}, , [1ebc237ee2a9ff37c424aadbe12232ce],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{56D18D73-D5C0-4A2B-875D-C260F6D2B3FE}, , [419919884e3d3ef85296077e6b98a759],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{58BEF6F7-1794-4DD4-9A69-BF39EF86771B}, , [6971762b14770a2ce800275e35ce619f],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{593C7E07-72C7-407F-928C-7E8CE11EC571}, , [0dcd7a27bad191a57f68b7ce679c37c9],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5BAABB59-2F5A-4E8C-84D7-EDA56F6F28F5}, , [34a6158c5833d561eefa8cf9fb088080],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5BC088F6-5DCE-44D3-93CB-2360BE726489}, , [5684aff2c1ca2313eef9394c6a99ce32],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5BFE8C6B-DFB2-4112-BD9B-9B50A4F2B0B8}, , [8d4d5a476e1d8aac7276d9ac56adba46],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{666BEE14-C89E-4CAF-9776-F2C42CA76543}, , [6971e4bd5635a6909a4dc0c556ad7b85],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{679C45B8-ECDA-4566-B159-6ED7A74B2EA7}, , [3d9d049dbad17bbb8a5ed0b5679c0ef2],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{699D441D-8B14-45A0-A897-7F96A77FC6E7}, , [59816b368b00c17508e08df80ff44bb5],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6DAA5B97-1DA5-4FEB-9B9B-621E4D80C6CF}, , [17c3b2ef95f6a49280674b3aa85bd32d],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7191A0AA-9134-4A53-AFB1-65D76528C81C}, , [e1f99d04c0cbac8a18cf7a0b7f84e21e],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73F3A9AC-1D01-467B-9B75-49974648595F}, , [0fcb742d22692d091acde5a0847f0cf4],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{77352CAF-7B53-4ECE-896E-C94C30462E1A}, , [c6148f12f299f3437375364f010250b0],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{77A8B51C-941D-4870-A2BD-61FC681DFDB9}, , [16c43d641a71bc7a8d5bb0d58d76837d],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7B13E9E9-D903-44E3-9594-60D5F948F9C1}, , [3b9f831e7615c67046a10580e71ca55b],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7B3EE7C2-17B5-480D-A8F4-17B131CA55AE}, , [13c748591e6d0f2782657e0738cb718f],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7BF47FF5-211B-4FAB-A118-2BAD15268F2C}, , [4b8f8e13b1dafd3904e46c196d9636ca],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7BFBCEE9-3E6B-4820-AFB8-3531B676C98A}, , [24b66140fa9164d2499f9ce9b54e9c64],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D0E0C6D-552E-4D76-A6AE-9D5E20264EFE}, , [9c3eeeb357341f1746a2cbba29da4bb5],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8376A995-D083-41CE-9BF1-5F49090C7C03}, , [efebc4dd414aa78f53952560000337c9],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8AAE9491-B51F-4293-8C37-B1222449AC8E}, , [2dad1d84216aaf875a8ec8bd63a07789],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E5CBAD7-1FDA-4312-B47A-3A2F5EBC3CEB}, , [c812bee3a8e3b383cc1c760f8a7913ed],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8EDB0BFA-3622-4112-82D2-8BB61A3CAB61}, , [32a8b4ed8efdc96dac3b05803dc6916f],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{902C0052-3791-4775-8372-71EA20CE5F72}, , [d4069011414a96a07870770eff044bb5],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{91D821A5-5AE6-43F5-952B-FBE470F399D3}, , [6179d2cfa5e676c034b3f49144bfdb25],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9257C3C1-711E-4BB7-8777-D78D63FC3176}, , [8e4c297828631c1a96522065ea19c53b],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{925D5161-E710-4084-9C80-164CD0B9FE96}, , [8951cdd419723006e1077c09ca3948b8],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9515A320-2B00-473D-B398-F67B182B3FC9}, , [8f4bced3c2c9fc3a36b2ef962ad90bf5],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CACCF5A-F1AD-44A6-B2C1-4FB64B6388FB}, , [8555bae7e7a4251112d55134be45d030],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9D6C776E-E1E9-4511-ADA8-A41767D0E922}, , [dbff1c85e7a4a88e4e98c5c0a261ef11],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9F478F92-2076-4B81-8216-475E3D45C380}, , [eded2d743e4d58de5791364fe0237f81],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A18E81D0-1285-432D-9982-4BE61479E9D8}, , [23b7940d1f6cda5cf4f3afd6f80b4cb4],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A2F2CA97-9CA0-4458-98E6-3254ED58E3C4}, , [14c6138e513a9c9a8563384d5ca7c43c],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B26A7642-8034-45D3-936F-EE7529946BBE}, , [706a40614f3c73c333b5850015eebf41],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B61CDADA-BF17-46B2-8947-D7FA24A09DE2}, , [c01a307155361a1c86611b6aea1927d9],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B67EF26F-9DD2-4D91-9166-F35D173A2A39}, , [fcdee9b8543796a033b5afd663a007f9],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BA166A92-CA69-41D5-9D22-90E56ADA524B}, , [29b1435e068543f39f488afbb94a29d7],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BD3BF342-B30D-4811-856D-A2277852E5B4}, , [a2384b5692f961d55196d9ac6b98c33d],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BF375241-3549-481E-A255-508D47C4A4B8}, , [bf1bc1e0810a6ec806e121640cf760a0],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BF81F2EB-F7D0-4D1F-94CD-A1DA452087BA}, , [f0eafea3cfbc082ed4143c4947bcaf51],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C126BFF9-23EF-44E5-AF49-6757FAB93B5F}, , [eded2b76642780b6e8ff5530e41f6799],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C12CB5CF-E220-4FFC-ACD3-312F63F1A7FF}, , [ab2f8120246791a56780d2b3d330b64a],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C3DC5170-C1B6-4C64-82F7-A5DDD3D0377B}, , [f7e3960b7a1168ceae3997ee9d66e41c],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C5634CFD-65BC-4652-BD1B-C8B13A7B5456}, , [ffdb128fd8b3e94d8a5d404512f19b65],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7404F08-DC89-40D1-802B-D26A59B563B8}, , [c5158d146a211f17da0d8ff6dc27946c],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7C7F898-CC8B-4CCE-9EBE-7FD98AB14D75}, , [01d9920f9fec54e20addc5c08d7601ff],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C9065DE9-CAC7-4CA2-BAC6-67EA2A71BA33}, , [19c14958484346f0b830dda808fb827e],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C9C42549-B627-475C-B689-CA6BC58A21C0}, , [ae2c336e335849edf8f0a4e1fa097888],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CB76BCC7-97F8-4E3D-8C19-3C8580E4BD39}, , [c317247de4a7ae884f986c193cc7ba46],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CC39D390-A794-4D4B-B776-7F7EAB2913F4}, , [a436e1c0a7e4330326c2dca9d62da65a],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CF8CE724-DE84-441C-A413-27BF18474CE1}, , [b02a475a1477b97d67816b1aa26115eb],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D37DFDCC-5948-4237-A2EA-FC2B784975D5}, , [a634346d3754b284b730bfc613f0ba46],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D5AEB584-4A89-4D0B-BCC8-4F65B73E4431}, , [16c44b561972ee48cc1bfe87f50e2cd4],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D62C7611-4ACC-4DA0-BC65-DE94B3837B7F}, , [97438b16692240f6588e5b2aa75c16ea],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D8310754-6C2D-404E-9AEB-2AA9237B1225}, , [7e5cc5dcfe8d6acca542d0b508fb639d],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DACB7EF7-16BC-467D-A1BC-D35A46894B80}, , [7466b3ee2b60152136b1c1c4c53eb947],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DAD6BEB3-79D7-41DB-9FE5-D7E38479BCE3}, , [af2b069bccbf082e9f4997eed82b17e9],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E5E31503-17F4-49B4-A810-9DE4198D1A76}, , [6179673a6b2043f3a146770ebb4814ec],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E76314EC-D9FE-4AAE-9FA1-8B741954527E}, , [499128791b708aac50984243fa09fa06],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ED447DFC-A35C-40F4-8046-51C87F7D4ABC}, , [25b5148d642796a09f486d1832d12ed2],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EE30D7DB-A23D-4813-8566-8AFBA7E585C5}, , [01d94b56eaa1dd59f6f1f194d72c659b],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EFBA99FD-788A-4AB5-BC1B-C75C60B9E35D}, , [8753326f5635cd699b4cb2d3a95a6e92],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5043379-A5A4-4AEB-8FB2-8263E4EDAA46}, , [c317f9a86526fb3b866191f41be8e31d],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F52B184E-E029-49F0-B92E-E887EA79B7BA}, , [4793b0f1d9b2b2846781ed985da62fd1],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F7FF696C-7F42-407C-BBFC-40BC72E1C393}, , [4892950ced9e87af43a5e89de61de21e],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F9E682B0-1DC9-49C6-9DCE-CCB445E4B8D7}, , [6872b5ecdbb00e285a8ec9bcf90a15eb],
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FBC7E9E5-DF22-4C68-BCFD-E2C7C7576CA0}, , [558518897c0f310517d0473e996a8b75],

Hodnoty registru: 99
PUP.Optional.HomeTab, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{8B617B00-279E-42FF-BEAC-1F7A8F41CA13}, , [d406c9d85e2d0c2a644d9dadb9496799],
PUP.Optional.HomeTab, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{8b617b00-279e-42ff-beac-1f7a8f41ca13}, , [5882a00194f70f279e132426867c738d],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9d6c776e-e1e9-4511-ada8-a41767d0e922}|AppName, video MediaPlayer-bg.exe, , [4f8badf4d2b9b48259ae2462ca39847c]
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [c01a732e7417e74f346544aa7e85639d]
PUP.Optional.GoSearchMe, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, https://gosearch.me/?u=7515b657f8993adb ... 1433273861, , [cb0fc5dce7a4ca6c8b8a216e768d2ed2]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11A81C10-C1C2-4396-B9E3-2B39EFDA3C89}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [637788195b30023433b4295cbd469868]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{15ADC0E8-6C31-42D0-B542-9437D19BC32F}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [5a80c7da0388290d6f786e17a360dd23]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{16CABD3E-31C8-4D49-9716-694D902A14C4}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [7d5d643dfa9143f37572325343c07c84]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1BD53651-F529-418A-983C-56FB1DCCBDBE}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [4a907f22b9d242f4f7f1790c34cffe02]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{23BDD1B3-3761-4961-AE7B-23BB673A4FE9}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [3c9e059c04875cdab6327c09cf34d62a]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{25470D05-64B0-4E49-9281-592588DDFDD7}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [4694643d6a213402db0d4f36e2215ca4]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{272706A2-DB83-4900-AD22-1C3BFB3CD2AD}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [36a4455c3a51b2843fa8e69fa95a01ff]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{298D762F-A036-40D4-AA24-3272F3B8BB1C}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [bf1b960b6f1caf876e7a4441ac57bd43]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2A6907A5-DE65-44BE-A82F-7432DC92891B}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [1fbb8e1308831026d710790c1fe4659b]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2DFBA13D-E414-4C0B-BF11-16D4C3E35C84}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [a931564bbecdd2644e9986ff04ff33cd]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E074D60-7C23-4AB7-B934-CE93803BE7F2}|AppName, c8470bad-6418-48e6-9c78-c736c9cf9191-2.exe-codedownloader.exe, , [aa30bbe6dfac92a49d4b1c6934cfe31d]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36425656-B2C1-4F28-AA18-905FEC616241}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [d8021190830814226a7d6e173ec5f10f]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A9B01A4-78B4-4FA3-B89E-437CE4B14FA5}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [9c3e0c950784320444a4b7ceca393cc4]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3AE5F546-9A88-45C8-85C5-668CB857CED8}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [ba200e933f4c51e56285c6bf5da6f20e]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B67C060-B6A9-428A-835E-7FDE76781637}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [6a70e7ba8803b185f1f7256013f00df3]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3DA03F08-2D24-4BC0-A6B1-B4C72D991589}|AppName, ebe1f1cd-d467-40a4-a1cd-5890e1281b53-2.exe-codedownloader.exe, , [fcdeadf496f52f07cb1deb9a91720000]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3FC6CCF1-B764-4DC2-907B-7F5F8976A3CF}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [2ab0653c8ffc5ed83fa9dca90af926da]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3FE567C2-ECFF-49C1-BB9C-B9C8D2CFD453}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [cd0dd9c8018ae35341a7a9dcf21154ac]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{425E303A-D8D5-4512-B0F4-A631D07FBC95}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [b327079ad8b36fc7df08dea73dc6de22]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{42CE7DFD-EDBB-45D8-ABF8-9B445EA23533}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [47934e53800b59dd20c793f220e38878]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4481828C-80BD-44D1-861F-C11BD28F72CF}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [f3e72b76e0abd5614b9de79e2dd6f40c]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{448A3CB4-8AF7-40A2-B33F-112250C884CC}|AppName, c8470bad-6418-48e6-9c78-c736c9cf9191-2.exe-buttonutil.exe, , [5f7b8a1754370c2a44a34c3925dea25e]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{46B57809-E47F-4F34-94D7-49B4EEA3CC61}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [ce0c2978c1ca49ed3ea97e0729da03fd]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4A6978B9-3BCE-43C6-A9A5-46BB73A8854C}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [19c1564bf398ef47dc0c3b4ae41fda26]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4ADDF608-7152-42C7-9A87-13E459E85989}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [1bbfc2df72190f276385127334cff40c]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{525DA31F-91A1-442B-B0AA-4CB1375C3A5B}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [1ebc237ee2a9ff37c424aadbe12232ce]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{56D18D73-D5C0-4A2B-875D-C260F6D2B3FE}|AppName, c8470bad-6418-48e6-9c78-c736c9cf9191-2.exe-codedownloader.exe, , [419919884e3d3ef85296077e6b98a759]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{58BEF6F7-1794-4DD4-9A69-BF39EF86771B}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [6971762b14770a2ce800275e35ce619f]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{593C7E07-72C7-407F-928C-7E8CE11EC571}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [0dcd7a27bad191a57f68b7ce679c37c9]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5BAABB59-2F5A-4E8C-84D7-EDA56F6F28F5}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [34a6158c5833d561eefa8cf9fb088080]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5BC088F6-5DCE-44D3-93CB-2360BE726489}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [5684aff2c1ca2313eef9394c6a99ce32]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5BFE8C6B-DFB2-4112-BD9B-9B50A4F2B0B8}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [8d4d5a476e1d8aac7276d9ac56adba46]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{666BEE14-C89E-4CAF-9776-F2C42CA76543}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [6971e4bd5635a6909a4dc0c556ad7b85]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{679C45B8-ECDA-4566-B159-6ED7A74B2EA7}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [3d9d049dbad17bbb8a5ed0b5679c0ef2]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{699D441D-8B14-45A0-A897-7F96A77FC6E7}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [59816b368b00c17508e08df80ff44bb5]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6DAA5B97-1DA5-4FEB-9B9B-621E4D80C6CF}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [17c3b2ef95f6a49280674b3aa85bd32d]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7191A0AA-9134-4A53-AFB1-65D76528C81C}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [e1f99d04c0cbac8a18cf7a0b7f84e21e]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73F3A9AC-1D01-467B-9B75-49974648595F}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [0fcb742d22692d091acde5a0847f0cf4]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{77352CAF-7B53-4ECE-896E-C94C30462E1A}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [c6148f12f299f3437375364f010250b0]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{77A8B51C-941D-4870-A2BD-61FC681DFDB9}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [16c43d641a71bc7a8d5bb0d58d76837d]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7B13E9E9-D903-44E3-9594-60D5F948F9C1}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [3b9f831e7615c67046a10580e71ca55b]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7B3EE7C2-17B5-480D-A8F4-17B131CA55AE}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [13c748591e6d0f2782657e0738cb718f]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7BF47FF5-211B-4FAB-A118-2BAD15268F2C}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [4b8f8e13b1dafd3904e46c196d9636ca]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7BFBCEE9-3E6B-4820-AFB8-3531B676C98A}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [24b66140fa9164d2499f9ce9b54e9c64]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D0E0C6D-552E-4D76-A6AE-9D5E20264EFE}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [9c3eeeb357341f1746a2cbba29da4bb5]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8376a995-d083-41ce-9bf1-5f49090c7c03}|AppName, Plus-HD-V1.1-codedownloader.exe, , [efebc4dd414aa78f53952560000337c9]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8AAE9491-B51F-4293-8C37-B1222449AC8E}|AppName, c8470bad-6418-48e6-9c78-c736c9cf9191-2.exe-codedownloader.exe, , [2dad1d84216aaf875a8ec8bd63a07789]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E5CBAD7-1FDA-4312-B47A-3A2F5EBC3CEB}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [c812bee3a8e3b383cc1c760f8a7913ed]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8EDB0BFA-3622-4112-82D2-8BB61A3CAB61}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [32a8b4ed8efdc96dac3b05803dc6916f]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{902C0052-3791-4775-8372-71EA20CE5F72}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [d4069011414a96a07870770eff044bb5]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{91D821A5-5AE6-43F5-952B-FBE470F399D3}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [6179d2cfa5e676c034b3f49144bfdb25]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9257C3C1-711E-4BB7-8777-D78D63FC3176}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [8e4c297828631c1a96522065ea19c53b]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{925D5161-E710-4084-9C80-164CD0B9FE96}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [8951cdd419723006e1077c09ca3948b8]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9515A320-2B00-473D-B398-F67B182B3FC9}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [8f4bced3c2c9fc3a36b2ef962ad90bf5]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CACCF5A-F1AD-44A6-B2C1-4FB64B6388FB}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [8555bae7e7a4251112d55134be45d030]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9d6c776e-e1e9-4511-ada8-a41767d0e922}|AppName, video MediaPlayer-bg.exe, , [dbff1c85e7a4a88e4e98c5c0a261ef11]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9F478F92-2076-4B81-8216-475E3D45C380}|AppName, c8470bad-6418-48e6-9c78-c736c9cf9191-2.exe-codedownloader.exe, , [eded2d743e4d58de5791364fe0237f81]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A18E81D0-1285-432D-9982-4BE61479E9D8}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [23b7940d1f6cda5cf4f3afd6f80b4cb4]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A2F2CA97-9CA0-4458-98E6-3254ED58E3C4}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [14c6138e513a9c9a8563384d5ca7c43c]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B26A7642-8034-45D3-936F-EE7529946BBE}|AppName, c8470bad-6418-48e6-9c78-c736c9cf9191-2.exe-codedownloader.exe, , [706a40614f3c73c333b5850015eebf41]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B61CDADA-BF17-46B2-8947-D7FA24A09DE2}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [c01a307155361a1c86611b6aea1927d9]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B67EF26F-9DD2-4D91-9166-F35D173A2A39}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [fcdee9b8543796a033b5afd663a007f9]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BA166A92-CA69-41D5-9D22-90E56ADA524B}|AppName, c8470bad-6418-48e6-9c78-c736c9cf9191-2.exe-buttonutil.exe, , [29b1435e068543f39f488afbb94a29d7]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BD3BF342-B30D-4811-856D-A2277852E5B4}|AppName, c8470bad-6418-48e6-9c78-c736c9cf9191-2.exe-buttonutil.exe, , [a2384b5692f961d55196d9ac6b98c33d]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BF375241-3549-481E-A255-508D47C4A4B8}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [bf1bc1e0810a6ec806e121640cf760a0]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BF81F2EB-F7D0-4D1F-94CD-A1DA452087BA}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [f0eafea3cfbc082ed4143c4947bcaf51]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C126BFF9-23EF-44E5-AF49-6757FAB93B5F}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [eded2b76642780b6e8ff5530e41f6799]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C12CB5CF-E220-4FFC-ACD3-312F63F1A7FF}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [ab2f8120246791a56780d2b3d330b64a]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C3DC5170-C1B6-4C64-82F7-A5DDD3D0377B}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [f7e3960b7a1168ceae3997ee9d66e41c]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C5634CFD-65BC-4652-BD1B-C8B13A7B5456}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [ffdb128fd8b3e94d8a5d404512f19b65]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7404F08-DC89-40D1-802B-D26A59B563B8}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [c5158d146a211f17da0d8ff6dc27946c]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7C7F898-CC8B-4CCE-9EBE-7FD98AB14D75}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [01d9920f9fec54e20addc5c08d7601ff]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C9065DE9-CAC7-4CA2-BAC6-67EA2A71BA33}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [19c14958484346f0b830dda808fb827e]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C9C42549-B627-475C-B689-CA6BC58A21C0}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [ae2c336e335849edf8f0a4e1fa097888]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CB76BCC7-97F8-4E3D-8C19-3C8580E4BD39}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [c317247de4a7ae884f986c193cc7ba46]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CC39D390-A794-4D4B-B776-7F7EAB2913F4}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [a436e1c0a7e4330326c2dca9d62da65a]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CF8CE724-DE84-441C-A413-27BF18474CE1}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [b02a475a1477b97d67816b1aa26115eb]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D37DFDCC-5948-4237-A2EA-FC2B784975D5}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [a634346d3754b284b730bfc613f0ba46]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D5AEB584-4A89-4D0B-BCC8-4F65B73E4431}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [16c44b561972ee48cc1bfe87f50e2cd4]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d62c7611-4acc-4da0-bc65-de94b3837b7f}|AppName, Plus-HD-V1.1-bg.exe, , [97438b16692240f6588e5b2aa75c16ea]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D8310754-6C2D-404E-9AEB-2AA9237B1225}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [7e5cc5dcfe8d6acca542d0b508fb639d]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DACB7EF7-16BC-467D-A1BC-D35A46894B80}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [7466b3ee2b60152136b1c1c4c53eb947]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DAD6BEB3-79D7-41DB-9FE5-D7E38479BCE3}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [af2b069bccbf082e9f4997eed82b17e9]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E5E31503-17F4-49B4-A810-9DE4198D1A76}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [6179673a6b2043f3a146770ebb4814ec]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E76314EC-D9FE-4AAE-9FA1-8B741954527E}|AppName, c8470bad-6418-48e6-9c78-c736c9cf9191-2.exe-codedownloader.exe, , [499128791b708aac50984243fa09fa06]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ED447DFC-A35C-40F4-8046-51C87F7D4ABC}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [25b5148d642796a09f486d1832d12ed2]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EE30D7DB-A23D-4813-8566-8AFBA7E585C5}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [01d94b56eaa1dd59f6f1f194d72c659b]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EFBA99FD-788A-4AB5-BC1B-C75C60B9E35D}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [8753326f5635cd699b4cb2d3a95a6e92]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5043379-A5A4-4AEB-8FB2-8263E4EDAA46}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [c317f9a86526fb3b866191f41be8e31d]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F52B184E-E029-49F0-B92E-E887EA79B7BA}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [4793b0f1d9b2b2846781ed985da62fd1]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F7FF696C-7F42-407C-BBFC-40BC72E1C393}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-codedownloader.exe, , [4892950ced9e87af43a5e89de61de21e]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F9E682B0-1DC9-49C6-9DCE-CCB445E4B8D7}|AppName, 29d60d4b-a334-43b8-9595-2ed8fe9244fb-2.exe-codedownloader.exe, , [6872b5ecdbb00e285a8ec9bcf90a15eb]
PUP.Optional.CrossRider, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FBC7E9E5-DF22-4C68-BCFD-E2C7C7576CA0}|AppName, ae1bdec7-5297-4fff-8af5-15ea0181919f-2.exe-buttonutil.exe, , [558518897c0f310517d0473e996a8b75]
PUM.Optional.ProxyHijacker, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, , [2caef1b06427ae886b09a834c83bcd33]

Data registru: 1
PUP.Optional.SimplyTech, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|newtab, %appdata%\SimplyTech\home\home.htm, Dobré: (www.google.com), Špatné: (%appdata%\SimplyTech\home\home.htm),,[ffdb119096f5c76fabf4eb8b05ff11ef]

Složky: 5
PUP.Optional.NewPlayer, C:\Users\roman\AppData\Local\com\NewPlayer.exe_Url_wmgtxqntq5fklrr4bpxvxljadclrhvq0, , [00da4b56cfbcd26468cd6624768c9d63],
PUP.Optional.NewPlayer, C:\Users\roman\AppData\Local\com\NewPlayer.exe_Url_wmgtxqntq5fklrr4bpxvxljadclrhvq0\2.1.1.9, , [00da4b56cfbcd26468cd6624768c9d63],
PUP.Optional.ProtectedSearch, C:\Windows\System32\Tasks\ProtectedSearch, , [f5e5f5acef9c9c9ab1021e6e1be7b947],
PUP.Optional.Gomita, C:\Program Files\Mozilla Firefox\distribution\bundles\7515b657f8993adb64907010a190347b, , [7b5ff3ae94f7a59174656e2fbb4955ab],
PUP.Optional.Gomita, C:\Program Files\Mozilla Firefox\distribution\bundles\7515b657f8993adb64907010a190347b\content, , [7b5ff3ae94f7a59174656e2fbb4955ab],

Soubory: 6
Trojan.Agent, C:\Program Files\DuckDuckGo for Chrome\DuckDuckGo for Chrome.exe, , [9743f1b05833082efdf83f98c53b23dd],
PUP.Optional.NewPlayer, C:\Users\roman\AppData\Local\com\NewPlayer.exe_Url_wmgtxqntq5fklrr4bpxvxljadclrhvq0\2.1.1.9\user.config, , [00da4b56cfbcd26468cd6624768c9d63],
PUP.Optional.Gomita, C:\Program Files\Mozilla Firefox\distribution\bundles\7515b657f8993adb64907010a190347b\install.rdf, , [7b5ff3ae94f7a59174656e2fbb4955ab],
PUP.Optional.Gomita, C:\Program Files\Mozilla Firefox\distribution\bundles\7515b657f8993adb64907010a190347b\chrome.manifest, , [7b5ff3ae94f7a59174656e2fbb4955ab],
PUP.Optional.Gomita, C:\Program Files\Mozilla Firefox\distribution\bundles\7515b657f8993adb64907010a190347b\content\load.js, , [7b5ff3ae94f7a59174656e2fbb4955ab],
PUP.Optional.Gomita, C:\Program Files\Mozilla Firefox\distribution\bundles\7515b657f8993adb64907010a190347b\content\overlay.xul, , [7b5ff3ae94f7a59174656e2fbb4955ab],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end) # AdwCleaner v5.023 - Logfile created 06/12/2015 at 12:57:43
# Updated 30/11/2015 by Xplode
# Database : 2015-12-03.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : roman - ROMAN-PC
# Running from : C:\Users\roman\Downloads\adwcleaner_5.023.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File Deleted : C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\hrpuqyjr.default\user.js

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

***** [ Web browsers ] *****

[-] [C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\hrpuqyjr.default\prefs.js] [Preference] Deleted : user_pref("network.hxxp.request.max-start-delay", 0);

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C9].txt - [1172 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x86
Ran by roman (Administrator) on 06/12/2015 at 13:32:05.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 17

Failed to delete: C:\Users\roman\AppData\Local\com (Folder)
Failed to delete: C:\Program Files\iobit\driver booster (Folder)
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\driver booster 2 (Folder)
Successfully deleted: C:\Users\roman\AppData\Roaming\iobit\driver booster (Folder)
Successfully deleted: C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\hrpuqyjr.default\extensions\iobitascsurfingprotection@iobit.com (Folder)
Successfully deleted: C:\Users\roman\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Windows\System32\${logfile} (File)
Successfully deleted: C:\Windows\System32\Tasks\Driver Booster Scan (Task)
Successfully deleted: C:\Windows\System32\Tasks\Driver Booster SkipUAC (roman) (Task)
Successfully deleted: C:\Windows\System32\Tasks\Driver Booster Update (Task)
Successfully deleted: C:\Windows\System32\Tasks\SmartDefrag4_Startup (Task)
Successfully deleted: C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator (Task)
Successfully deleted: C:\Windows\System32\Tasks\Uninstaller_SkipUac_roman (Task)
Successfully deleted: C:\Users\roman\AppData\Roaming\appdataFr3.bin (File)

Deleted the following from C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\hrpuqyjr.default\prefs.js
user_pref(extensions.xpiState, {\app-profile\:{\iobitascsurfingprotection@iobit.com\:{\d\:\C:\\\\Users\\\\roman\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profil

Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b617b00-279e-42ff-beac-1f7a8f41ca13} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{8b617b00-279e-42ff-beac-1f7a8f41ca13} (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/12/2015 at 13:35:34.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Příspěvekod **jerabina** » 06 pro 2015 18:01

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

roman m · Příspěvekod **roman m** » 06 pro 2015 20:38

# AdwCleaner v5.023 - Logfile created 06/12/2015 at 18:35:18
# Updated 30/11/2015 by Xplode
# Database : 2015-12-06.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : roman - ROMAN-PC
# Running from : C:\Users\roman\Desktop\adwcleaner_5.023.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C10].txt - [680 bytes] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 06/12/2015
Cas skenování: 18:43
Protokol: malwarebytes2.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.12.06.05
Databáze rootkitu: v2015.11.26.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: roman

Typ skenu: Sken hrozeb
Výsledek: Dokonceno
Prohledaných objektu: 337626
Uplynulý cas: 15 min, 38 sek

Pamet: Zapnuto
Po spuštení: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíce registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 1
PUM.Optional.ProxyHijacker, HKU\S-1-5-21-152358991-480044871-770115782-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Do karantény, [3da03a67bdce191d758f7964f112bf41]

Data registru: 1
PUP.Optional.SimplyTech, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|newtab, %appdata%\SimplyTech\home\home.htm, Dobré: (www.google.com), Špatné: (%appdata%\SimplyTech\home\home.htm),Nahrazeno,[e3fabee3f59650e63205caad7d877b85]

Složky: 4
PUP.Optional.NewPlayer, C:\Users\roman\AppData\Local\com\NewPlayer.exe_Url_wmgtxqntq5fklrr4bpxvxljadclrhvq0, Do karantény, [825bddc45d2e0c2afe9c800a9a68817f],
PUP.Optional.ProtectedSearch, C:\Windows\System32\Tasks\ProtectedSearch, Do karantény, [cf0eced34546c6708a8e870612f021df],
PUP.Optional.Gomita, C:\Program Files\Mozilla Firefox\distribution\bundles\7515b657f8993adb64907010a190347b, Do karantény, [37a6178ae6a56cca00742d71b0543bc5],
PUP.Optional.Gomita, C:\Program Files\Mozilla Firefox\distribution\bundles\7515b657f8993adb64907010a190347b\content, Do karantény, [37a6178ae6a56cca00742d71b0543bc5],

Soubory: 6
Trojan.Agent, C:\Program Files\DuckDuckGo for Chrome\DuckDuckGo for Chrome.exe, Do karantény, [3aa361405a31e155ec1c9d3bd62a53ad],
RiskWare.Tool.HCK, C:\$Recycle.Bin\S-1-5-21-152358991-480044871-770115782-1000\$RDLXBT1\Keygen.rar, Do karantény, [11cc4f52b7d460d67ceb3bcc5fa2ec14],
PUP.Optional.Gomita, C:\Program Files\Mozilla Firefox\distribution\bundles\7515b657f8993adb64907010a190347b\install.rdf, Do karantény, [37a6178ae6a56cca00742d71b0543bc5],
PUP.Optional.Gomita, C:\Program Files\Mozilla Firefox\distribution\bundles\7515b657f8993adb64907010a190347b\chrome.manifest, Do karantény, [37a6178ae6a56cca00742d71b0543bc5],
PUP.Optional.Gomita, C:\Program Files\Mozilla Firefox\distribution\bundles\7515b657f8993adb64907010a190347b\content\load.js, Do karantény, [37a6178ae6a56cca00742d71b0543bc5],
PUP.Optional.Gomita, C:\Program Files\Mozilla Firefox\distribution\bundles\7515b657f8993adb64907010a190347b\content\overlay.xul, Do karantény, [37a6178ae6a56cca00742d71b0543bc5],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)RogueKiller V11.0.0.0 [Nov 27 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : roman [Práva správce]
Started from : C:\Users\roman\Desktop\RogueKiller.exe
Mód : Prohledat -- Datum : 12/06/2015 19:31:14

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:54091;https=127.0.0.1:54091 -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:54091;https=127.0.0.1:54091 -> Found

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 6 ¤¤¤
[PUP][Složka] C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} -> Found
[PUP][Složka] C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} -> Found
[PUP][Složka] C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F} -> Found
[PUP][Složka] C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} -> Found
[PUP][Složka] C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B} -> Found
[PUP][Složka] C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD} -> Found

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Maxtor 6Y080M0 ATA Device +++++
--- User ---
[MBR] bbc808a52175b07c3f1f26248e7b1c56
[BSP] e3abf37c56215b554f233cd99aa53d57 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 5403 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 11067392 | Size: 70888 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Příspěvekod **Orcus** » 06 pro 2015 20:52

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

====================================================

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Pokud budou problémy , spusť v nouz. režimu.

roman m · Příspěvekod **roman m** » 06 pro 2015 23:27

RogueKiller V11.0.0.0 [Nov 27 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : roman [Práva správce]
Started from : C:\Users\roman\Desktop\RogueKiller.exe
Mód : Smazat -- Datum : 12/06/2015 20:30:58

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Nahrazeno (0)
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Nahrazeno (0)
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:54091;https=127.0.0.1:54091 -> Smazáno
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:54091;https=127.0.0.1:54091 -> ERROR [2]

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 6 ¤¤¤
[PUP][Složka] C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} -> Smazáno
[PUP][Soubor] C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi -> Smazáno
[PUP][Složka] C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} -> Smazáno
[PUP][Složka] C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F} -> Smazáno
[PUP][Soubor] C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}\instance.dat -> Smazáno
[PUP][Soubor] C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}\mia.lib -> Smazáno
[PUP][Soubor] C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}\Traktor 2 Setup PC.dat -> Smazáno
[PUP][Soubor] C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}\Traktor 2 Setup PC.exe -> Smazáno
[PUP][Soubor] C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}\Traktor 2 Setup PC.msi -> Smazáno
[PUP][Soubor] C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}\Traktor 2 Setup PC.par -> Smazáno
[PUP][Soubor] C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}\Traktor 2 Setup PC.res -> Smazáno
[PUP][Složka] C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} -> Smazáno
[PUP][Složka] C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B} -> Smazáno
[PUP][Soubor] C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}\instance.dat -> Smazáno
[PUP][Soubor] C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}\mia.lib -> Smazáno
[PUP][Soubor] C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}\Service Center Setup PC.dat -> Smazáno
[PUP][Soubor] C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}\Service Center Setup PC.exe -> Smazáno
[PUP][Soubor] C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}\Service Center Setup PC.msi -> Smazáno
[PUP][Soubor] C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}\Service Center Setup PC.par -> Smazáno
[PUP][Soubor] C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}\Service Center Setup PC.res -> Smazáno
[PUP][Složka] C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD} -> Odstraněno při restartu [91]
[PUP][Soubor] C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\instance.dat -> Smazáno
[PUP][Soubor] C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\Massive Setup PC.dat -> Smazáno
[PUP][Soubor] C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\Massive Setup PC.exe -> Odstraněno při restartu [5]
[PUP][Soubor] C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\Massive Setup PC.msi -> Odstraněno při restartu [5]
[PUP][Soubor] C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\Massive Setup PC.par -> Smazáno
[PUP][Soubor] C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\Massive Setup PC.res -> Odstraněno při restartu [5]
[PUP][Soubor] C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\mia.lib -> Odstraněno při restartu [5]

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[FIREFX:Addon] hrpuqyjr.default : Disable Anti-Adblock [{d49a148e-817e-4025-bee3-5d541376de3b}] -> Smazáno
[FIREFX:Addon] hrpuqyjr.default : Avast Online Security [wrc@avast.com] -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Maxtor 6Y080M0 ATA Device +++++
--- User ---
[MBR] bbc808a52175b07c3f1f26248e7b1c56
[BSP] e3abf37c56215b554f233cd99aa53d57 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 5403 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 11067392 | Size: 70888 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

roman m · Příspěvekod **roman m** » 06 pro 2015 23:27

Zoek.exe v5.0.0.1 Updated 05-December-2015
Tool run by roman on 06/12/2015 at 20:43:15.59.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\roman\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

06/12/2015 20:46:11 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\Origin Games deleted successfully
C:\Users\roman\AppData\Roaming\MPC-HC deleted successfully
C:\Users\roman\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\roman\AppData\Local\com deleted successfully
C:\Users\roman\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\roman\AppData\Local\EmieSiteList deleted successfully
C:\Users\roman\AppData\Local\EmieUserList deleted successfully
C:\Users\roman\AppData\Local\pangu deleted successfully
C:\Users\roman\AppData\Local\TomTom deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BBD2E6-EF2C-4650-B74-11127857BEC} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1268231D-7EE8-4858-89F7-5C3851EBE7DC} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12D1477A-39F0-4348-A028-94A2134FBBEE} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15EB56B4-BEF7-4DB7-BDDE-5081D276756} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{170B87D-32D4-4168-A6EB-D665B638A73} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1918866A-1180-4F69-9928-EFF6D1D47566} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{192C61CA-2C6E-44A2-A07A-AF71BC18736} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19D8EEA7-8B75-4306-9F77-378B684ADDF0} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A7D47AD-7E19-4FD1-BD82-35D8F7B07E0} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1AADC73F-C6E4-45E3-83FD-8544F8E76C58} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1EA66849-6598-4D53-88EF-74177E465} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F07C97-2E12-41F1-8F6D-A278E1B3C35A} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F43BB9C-8972-4792-819D-38D8A98B1264} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{215C0C34-D7DD-4BF5-8BDB-4B5AFACBF89B} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21A45599-98BD-43EB-81B4-ECAFDA9CC2D} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21D5816F-4DA4-40BD-BD16-FE10DE4345} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{229AD328-16D-4B46-954E-81EFDC6A43A9} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{237F75CA-C26E-47D2-8549-CD9B8CF8C04A} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23C682F8-D566-47E2-AA4E-9D26DE7FD90} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24B8CA6D-E5C4-4A9B-BE8C-1948CF3394D} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24E46262-5C9C-4D82-B038-5725CEF0809} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27DE588-E97F-4F39-A870-704CB1374011} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28C0E62-25DD-47E1-A3C7-3ECDFEBEA4CF} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28C1DC3D-9EEB-4E0B-9A67-E9FEC7A8575B} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28EECC0E-D2D7-402D-9980-5767A39F57E3} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B688EC8-49DA-406B-B2FF-F5428AE25AE} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E3EC4D7-C364-4705-A02B-14EF2F304B66} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EE7FFDC-411B-478D-B6DA-7BD76FF92592} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{319380C4-8F5-4924-B7EF-1F993EE33524} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{323BC50-DD82-4992-BA79-DC6D253B67C4} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{327582E6-9084-403A-A11-C74F31EF6935} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{332909F-BBEA-466C-A714-2AB5A13BD8D1} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35F7316B-748-44B8-AA37-864838348978} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36BCB6EA-8339-4D1D-963C-39D9A930D7B5} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37C88994-D9F9-462D-BF63-2C1E9CCFEE4} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A0AEE8C-A40A-4BF1-9B3A-4E74F31B8915} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BEB7155-7334-4FE8-927F-67583BAAF38} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C694BA0-B17C-435F-B7F-6F10F0915373} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CE88B14-F7AC-4F7B-958D-A66A40F4E2F2} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D039540-8AF2-4D51-A6B1-964128617F7F} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D70369D-2495-4C03-B731-B4BB862B1D48} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D9E1B3E-A50-4497-81DE-B0481E939F} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EAF96CB-83F7-42C6-9EF-0646EAE133E} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{403D087B-4F65-4D49-91CF-961ACAF697B7} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4131E8D1-24E-4945-926D-C0B0255FDDA} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4230ED74-1629-4749-9229-1C593831E136} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45916E1D-D8F9-407E-8B12-3622436644} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{469F9EE4-2875-4F59-838E-1D175F1CC140} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{472894A8-3A8E-4F99-B2C7-F54F99B68B8A} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4809B8DE-8C1D-4EE5-99D7-D7B0675C315C} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{480D912F-8B18-43DE-9E8-CCE8CC9C9B60} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{492006C1-8CA-4F91-9B17-A871ECE64CA} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A3F3C93-7EEA-4A55-85C9-CB95E7F1F870} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A59929E-1A75-40DF-B333-FD989BBB34F} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B11B27B-4A51-4C24-B57D-6B9BCDCD714} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B752853-73D7-4C96-BECF-457138226CA1} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F6B8A06-A052-4527-B8DA-F1812C97B24} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F8E8760-D6BC-494C-A13-ED18E2DFC81D} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51B2222A-7B53-4FEE-A011-68A2E8F1EB6B} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53234988-7E22-409A-8B5-AA4DC18CF42C} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{540F0DE3-371E-48FE-86DF-153E20601EF0} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54325260-E594-4E28-A3BE-B39A53359FC4} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54804EE9-B123-48D4-BD35-DFD129FF3A4D} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56C15E7-7DC8-4A91-BC71-2932E4264FC} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57B475B9-186E-4298-AD5B-37B740478526} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{585E4687-590A-44E2-AD17-EB79BE8D7B40} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{588EC773-158D-40C9-A796-7634AF2091E6} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59D706F4-E52A-402C-A16-3548D2C6D249} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A2970C3-DC96-4892-A85-695654D75064} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A721C6F-DB3D-441F-A928-C563D79947D} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C86F1B0-A9D8-4EFF-A319-BE2BF7FD3BF} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E60FCDF-463-42AA-A064-8B48E7781A10} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F3D4702-180C-4756-B739-A72B0C5537C} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{619FB7B-2902-441F-8D88-EB8B87345483} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63D166F3-9B8B-4D74-B0E8-E2F6E4A7739} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63DF3EDD-2FE9-412A-86A3-C6DFE7D46D6} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{676C73FC-DE7A-4967-B662-16F3C68EFD20} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69AAD88E-9D53-4C8A-891A-55C9D5CF063} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A6CE5AC-B4AB-41C1-9296-A5D5306A9D60} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B3DCE13-DFA8-4B17-8DCB-EA53B12B55B4} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C344636-341F-4665-A792-A81110CCB79F} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C66D3AC-5C1D-40FC-B317-254DFBB3FF3B} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E47F885-AEBA-4E68-A7B2-6569546E2E1} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E784B48-6A1-4751-914-BA94CE8FEECE} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E7D2D38-E263-49E9-903A-7C9C1A2AACC} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E87D05D-FD08-4BC6-A08B-F0C5ACF876} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EDA47F6-3973-4504-AC44-907064FC6BC7} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F483398-F50E-4CA3-9DAE-9BF738984B} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FD0D2B6-98B8-40AE-80B6-727023113} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70C72252-1EC0-4A41-A4E0-A675FBBEEBCC} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{711B5073-6F0-4BAE-B841-5411E346EF} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7304F490-ECD6-4F06-988B-E9ABBF55F9E7} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74D923E-A536-4581-BC48-E4AF8016BC5} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{763FCA3-C4C7-4AAA-822F-D52678797A17} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76EE3FFA-87B7-487F-A34E-157BCA51B631} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77B8A75C-E608-4639-807-16948E16ECDB} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77FC4869-1339-49DA-B3AB-82B6972DBC3} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7883EDF-D5B6-4540-99E5-199AE38673CE} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78C6AA8A-8FD6-48E4-8E47-5B3518E1D541} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{797A5436-EBEF-4B49-A271-123A8E98ECE} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{79B429-3E1-44F5-AC2A-752B199B702A} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7CA19420-1CE9-4520-B289-7FA96CDBF6} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DD4B9A9-3869-4DEC-AFD4-CFC350A6E8A3} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E3DF441-87DD-410E-A3D0-52819A9041A} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E8B52F9-7571-4334-916F-68DD8ECA14C9} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8208DC0F-F65A-47FB-A3C2-5E7609CB732} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82D05896-4568-48DC-B8F8-B3E046B5ED6} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{830DA977-42E4-43E6-B5A6-1B39BA3B1ED} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83134C37-2252-463A-AD3E-D6DC33FFE2B} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84C949DD-A219-48B1-BAD6-1DF544D5213} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86461BE0-B22C-4CE5-90C4-DCC75B55E94} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87456404-A54D-49BA-8CE4-22B5E6634D0} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87778586-1734-425F-BC63-E2227B201ECE} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A70E49-3CA2-45FF-89DD-A5532AFD99B} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88FD696F-EE29-4416-B01C-8233AAEFC8F9} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B3D58C2-F2BC-4BBE-8E45-3C47996DE8F} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C1C7355-19F2-4DD0-96A9-718266428C2} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C5EFF0E-ACFF-40A8-8A42-5C4BB7647938} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8CBB36BE-4EBA-42E1-994-2FCA1D6D4555} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D393241-C9CA-439F-9970-B6DD4945933} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E7962DC-2B3E-473B-B94A-9F10733DEC95} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8FEBE4FA-7D17-4F72-BBE9-CA2BC9592B} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9063FC79-3313-4EFC-AF4-763193CFC331} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91279371-8254-49E6-B4F2-7922376384} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{937231A6-B16D-4A50-9B20-2A5CFC19E1C} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94279D95-2164-4785-A4CA-7C34716B2D7} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9568E85E-5646-4C4A-A7BF-254BE4B9F9D} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95E3A796-9677-4337-BD4C-AC80C3B338B} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9696E686-604A-4CA7-B54-DB6E29EBA4F5} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{971166E7-12DD-4078-A91B-8C2B327A10AD} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A4594A3-6BE2-4741-B73A-539BA812287} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A85D7EB-46F7-4F63-895-B8FDB556BA69} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9AECA2DE-DA54-45FB-8B25-18525D62876} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C0499F8-5243-4433-BEDB-59518EAE956} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CCD51AC-9B72-4669-954D-F48582E5AE2C} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DD9B603-8142-432A-A58D-19DBC615638} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E37C4E6-F12E-41FF-A0AD-681A1BB6EF} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F7E16F8-5FE1-4B85-98C5-F06CE3221C6} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FFD5A2-9520-488C-8FD2-BC88B374207A} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A39833BD-868F-4D62-8F0-6713DEC4CAE} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3F5D168-C02C-4E06-9B31-2CAC9D7B4B55} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A66470E9-2AAB-464B-B841-CB1F3C2F6D5A} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6AB59-4851-4782-8277-FC62B8981AB3} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A71BCAF4-86BE-4391-BEC-EF815D247926} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A72C0686-5C21-417A-BD12-96D3836C403} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A732FB16-F26E-4DE0-B58D-3785C84E76E4} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A75BF9C-DC6B-4617-8D75-96A48EC794D2} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8109C14-58E-47A5-B72E-CD2AEB72B570} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A93F4462-F275-4DA4-BBA0-7E92A85E6555} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9EC68B7-7EE-4BF0-B5BD-FA61FA3C649} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD408C7-41FD-4D5B-95C6-7491694BA788} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC4DDAE5-BDF-467E-B021-DB6DA0B2BCE4} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF432D86-ECB6-424A-8A16-A41F8F8E8B4} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF479065-92E4-4DE0-B9B1-E5EE1EBF96E} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF9E783E-8C3F-44F4-AC22-F89BF79EE0E3} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1E44887-7F04-481C-9C1A-8816E2958351} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B31D613F-CE5E-4CDA-ABB5-41174C1718D1} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B34B5DE4-515D-40CA-A49C-7A1E1A5DD79} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B39ADA95-5AF0-4398-84EB-D8F658FB2E60} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B72CEDB0-947C-4A16-9739-3D8BEC4B1A7} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7D388ED-D79B-448E-86AE-8BB814D422AA} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9C694E7-4A95-4EF1-BB4F-1860641D813} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA6163B3-778-4BA5-B8E5-5540ED1EE0AD} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB4432CA-70BF-4C96-9540-BD4E87611519} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C00AE209-2855-484D-8123-E18A5E29AE94} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0853365-EC8C-4324-841-98A84CBBCE5B} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2FA615C-6CE6-4B61-96D4-69AF7C17250} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C38EC1A9-9F3F-4E47-9C0-F932A2304F43} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3F01096-E79-4780-A7F4-7EBC1192FD} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C77C0BEB-A81B-457B-90CC-2DEC8D23614} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8AC147-5D89-4ACC-B99D-BDE94139DABE} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9C3A76C-72E8-4CF8-9852-688EB9A0E23} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA154B4-40BA-43CE-8489-3ADCF191F7C} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBB807D1-9B0E-4CE2-85D0-C51445D1C347} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBFE3D6B-A82B-4A56-8A28-30C614FEA6C7} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC6D8134-D46F-4A90-85ED-DE52245E7C12} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CDA7F82F-AE67-4456-972-75FFD771BDF6} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF026553-49E1-4FA7-B9E1-6E8F82DC236} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D07A0A03-C2E3-41D3-AEA8-05F70CC4B2D} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D15034F3-217D-4E7B-BB13-2E143FFFC75C} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1635C85-F165-449C-81C6-7BB4617688A6} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1C3BDDD-6FB8-4875-8AF3-E188DE5C1FC} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2C852B7-F6C2-4CFA-87F1-495EAB0DD61} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D428B690-495E-4DE0-BF26-225C7B229DD} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D51C4DAD-F3AA-4FE5-8632-CDC1C5C9FD8} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6445386-91CB-4238-BD9C-13A32290DD87} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D686CC81-C19A-47FF-BD13-4C5AD0B3F0CD} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D751B924-CDF4-4A4B-AC65-0B47378DE0} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D83A556A-AE8-4169-A916-21FC607D29F2} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D92081B6-6765-44AD-B957-22DAA68BB3F} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB74D6C4-72C-4E4D-B77B-451CAB258D30} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCFCC7AC-57A-4835-89CE-FB2BAC92384B} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3593C63-769B-4EDF-8799-034036A292} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3DCFAB-A255-4414-AC2C-C12EE37A7396} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3F06B4C-1D58-4877-A1A1-0216ACA3ED9} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E40690CF-BCA-4541-8DF4-EEB08D799476} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E59A865A-44A1-42FB-958D-DFBFE5D7AF5} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5AD8612-A0E2-4230-AEBF-665C401D2D4} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E79EAD32-2C3F-4E7A-8FD7-ABCC7446C544} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E834A802-6FE9-481C-9E5B-F4C96E81B24} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E974571A-A79C-4BEA-9F8F-69DE6C47B435} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EAA5C253-BECD-4496-92FD-F492291FC7E} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB0825C6-7A-46ED-92DB-19F537667FC1} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB980972-7D6A-4E2E-9B74-4153BD476AE} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EBFF167-266D-43F0-BD6E-B16C44F3437A} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECAE7E91-241-4E2D-A713-6F121D593080} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDAC9BD1-4242-40A1-923D-F993424A6A9} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF42D07B-B797-4175-95B6-3D51CA7E20A4} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFD11786-41DB-4465-B29-46776D25C977} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0EBEEFB-5FA8-4A4B-B481-D63A0CE59FD} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1705ABE-F01A-4B21-A21A-2F79F8E31464} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3746CBA-6D54-4217-8E13-62F462D18BB8} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5DACB7C-41BE-4036-B5CA-EB61A5D4F170} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F66E47AA-E31A-419F-BD81-7D903F578494} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F74AD8E1-CFE6-40E6-ACBD-9B401DEE41EF} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F83FE4BB-C0D9-43BC-8A70-DE335C8B22E4} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA8B6626-51FF-4DC9-B267-6EA057B26836} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB266092-C8D1-4369-BCCF-D726ABDC64A} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC4DAF3E-3F0C-49E8-957E-D734519544F5} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FDE68366-3BD3-462A-BE13-A2A0CD191D7C} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE77B58D-1ED9-43F9-994C-C15AEF3CDD5} deleted successfully
HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE8CCA8-FC60-4152-9D8F-1E723F0C63E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\hrpuqyjr.default\prefs.js:

Added to C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\hrpuqyjr.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Program Files\Origin Games not found
C:\Program Files\DuckDuckGo for Chrome deleted
C:\Program Files\Handy maps deleted
C:\Program Files\TransferBigFilescom Gmail Extension deleted
C:\Users\roman\AppData\LocalLow\{2299757C-FF2E-F6E1-D8D0-61D3157EA344} deleted
C:\Users\roman\AppData\Roaming\ProductData deleted
C:\PROGRA~2\{E26B3878-7CEC-469C-B449-5CAA336DF8CD} deleted
C:\PROGRA~2\Package Cache deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\hrpuqyjr.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [12/10/2015 11:12]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\hrpuqyjr.default
2EB30FA328771AEF1DB534D29B5645C1 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
AC7A02A828C74F55AF678033495280AA - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
52CE0DBFD9738AE528CF525A0367EBEB - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
F40E8C944675BF87E605E8E02FA76EDA - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
F114FBA6246530B89DD1E04351E0EAC5 - C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll - Shockwave Flash

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\roman\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\roman\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08/09/2015 09:35]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[12/10/2015 08:31]

AdBlock - roman\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj

==== Chromium Startpages ======================

C:\Users\roman\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "https://gosearch.me/?u=7515b657f8993adb64907010a190347b&c=up1&src=hp&inst=1433273861" ],
"homepage": "https://www.google.com/?trackid=sp-006",
"startup_urls": [ "https://www.google.com/?trackid=sp-006" ],

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://uk.yahoo.com/?fr=hp-avast&type=agc511"
"Search Page"="https://uk.search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}"
"Search Bar"="https://uk.yahoo.com/?fr=hp-avast&type=agc511"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="https://uk.search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}"
"Search Bar"="https://uk.yahoo.com/?fr=hp-avast&type=agc511"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{9CB96984-43C3-4D44-90EF-01466EFCF7BB}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\roman\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\roman\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\roman\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\roman\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\roman\AppData\Local\Google\Chrome\User Data\Default\Web Data.ReadOnly was reset successfully
C:\Users\roman\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\roman\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{51417852-174C-88D4-34A0-D0FE7858BE47} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 8 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YourFile DownloaderInstaller Starter deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\roman\AppData\Local\Mozilla\Firefox\Profiles\hrpuqyjr.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\roman\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\roman\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=26 folders=22 76150300 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\roman\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\roman\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 06/12/2015 at 21:38:03.56 ======================

roman m · Příspěvekod **roman m** » 06 pro 2015 23:28

ComboFix 15-12-07.01 - roman 06/12/2015 21:56:30.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.2135 [GMT 0:00]
Running from: c:\users\roman\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
.
.
((((((((((((((((((((((((( Files Created from 2015-11-06 to 2015-12-06 )))))))))))))))))))))))))))))))
.
.
2040-02-01 21:48 . 2040-02-01 21:48 2892 ----a-w- c:\windows\system32\audcon.sys
2040-02-01 21:48 . 2040-02-01 21:48 -------- d-----w- c:\programdata\Syncrosoft
2040-02-01 21:47 . 2040-02-01 21:47 -------- d-----w- c:\program files\Syncrosoft
2040-02-01 21:47 . 2011-12-14 19:21 86016 ----a-w- c:\windows\system32\SYNSOPOS.exe
2040-02-01 21:46 . 2012-12-07 15:48 1277952 ----a-w- c:\windows\system32\SYNSOACC.dll
2040-02-01 21:46 . 2040-02-01 21:48 -------- d-----w- c:\programdata\eLicenser
2040-02-01 21:46 . 2040-02-01 21:47 -------- d-----w- c:\program files\eLicenser
2015-12-06 21:38 . 2015-12-06 21:38 -------- d-----w- c:\users\roman\AppData\Roaming\ProductData
2015-12-06 21:35 . 2015-12-06 20:42 24064 ----a-w- c:\windows\zoek-delete.exe
2015-12-06 21:35 . 2015-12-06 22:12 -------- d-----w- c:\users\roman\AppData\Local\Temp
2015-12-06 21:34 . 2015-12-06 21:34 -------- d-----w- c:\programdata\ProductData
2015-12-06 20:42 . 2015-12-06 21:36 -------- d-----w- C:\zoek_backup
2015-12-06 19:12 . 2015-12-06 20:11 30848 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-12-06 19:12 . 2015-12-06 19:37 -------- d-----w- c:\programdata\RogueKiller
2015-12-05 09:27 . 2015-12-05 09:27 -------- d-----w- c:\program files\Common Files\AV
2015-12-04 12:29 . 2015-10-29 09:46 8991856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF661FAE-E680-498F-9511-15F2588BC2D6}\mpengine.dll
2015-11-27 18:25 . 2015-11-27 18:25 -------- d-----w- c:\users\roman\AppData\Local\Apple
2015-11-27 12:28 . 2015-11-27 12:28 -------- d-----w- c:\users\roman\AppData\Local\Adobe
2015-11-26 20:26 . 2015-12-06 18:43 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-26 20:26 . 2015-11-26 20:26 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-11-26 20:26 . 2015-10-05 09:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-11-26 20:26 . 2015-10-05 09:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-26 20:26 . 2015-10-05 09:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-11-26 19:57 . 2015-11-26 19:57 -------- d-----w- c:\programdata\Malwarebytes
2015-11-23 00:09 . 2015-11-23 00:09 -------- d-----w- c:\program files\MSECache
2015-11-12 18:18 . 2015-11-03 17:46 2386944 ----a-w- c:\windows\system32\win32k.sys
2015-11-12 18:18 . 2014-12-11 17:47 74240 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-11-12 18:18 . 2015-07-16 19:12 6131200 ----a-w- c:\windows\system32\mstscax.dll
2015-11-12 18:18 . 2015-07-16 19:12 856064 ----a-w- c:\windows\system32\rdvidcrl.dll
2015-11-12 18:18 . 2015-07-16 19:12 53248 ----a-w- c:\windows\system32\tsgqec.dll
2015-11-12 18:18 . 2015-07-16 15:14 355840 ----a-w- c:\windows\system32\wksprt.exe
2015-11-12 12:15 . 2015-11-12 12:15 -------- d-----w- C:\$WINDOWS.~BT
2015-11-12 12:12 . 2015-11-12 12:12 -------- d-----w- C:\$Windows.~WS
2015-11-11 21:29 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2015-11-11 21:29 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-11-11 21:29 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2015-11-11 21:29 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-11-11 21:29 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2015-11-11 21:29 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2015-11-11 21:29 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe
2015-11-11 18:33 . 2015-10-29 17:50 5120 ----a-w- c:\windows\system32\shimeng.dll
2015-11-11 18:33 . 2015-10-29 17:49 295936 ----a-w- c:\windows\system32\apphelp.dll
2015-11-11 18:33 . 2015-10-29 17:49 62464 ----a-w- c:\windows\system32\aelupsvc.dll
2015-11-11 18:33 . 2015-10-29 17:49 20992 ----a-w- c:\windows\system32\sdbinst.exe
2015-11-11 18:30 . 2015-09-23 13:09 371920 ----a-w- c:\windows\system32\drivers\cng.sys
2015-11-11 18:10 . 2015-11-11 18:10 93696 ----a-w- c:\windows\system32\wudriver.dll
2015-11-11 18:10 . 2015-11-11 18:10 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-11-11 18:10 . 2015-11-11 18:10 35840 ----a-w- c:\windows\system32\wups2.dll
2015-11-11 18:10 . 2015-11-11 18:10 35328 ----a-w- c:\windows\system32\wuapp.exe
2015-11-11 18:10 . 2015-11-11 18:10 30208 ----a-w- c:\windows\system32\wups.dll
2015-11-11 18:10 . 2015-11-11 18:10 2061824 ----a-w- c:\windows\system32\wuaueng.dll
2015-11-11 18:10 . 2015-11-11 18:10 174080 ----a-w- c:\windows\system32\wuwebv.dll
2015-11-11 18:10 . 2015-11-11 18:10 136192 ----a-w- c:\windows\system32\wuauclt.exe
2015-11-11 18:10 . 2015-11-11 18:10 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-11-11 18:10 . 2015-11-11 18:10 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-11-11 18:10 . 2015-11-11 18:10 2955776 ----a-w- c:\windows\system32\wucltux.dll
2015-11-11 18:08 . 2015-11-11 18:08 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2015-11-11 18:08 . 2015-11-11 18:08 15872 ----a-w- c:\windows\system32\icaapi.dll
2015-11-08 15:39 . 2015-11-08 15:39 -------- d-----w- c:\program files\iPod
2015-11-08 15:39 . 2015-11-08 15:41 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-19 20:59 . 2014-04-30 00:14 796872 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-19 20:59 . 2014-04-30 00:14 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-11-06 23:13 . 2014-04-29 14:54 794952 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-11-06 23:13 . 2014-04-29 14:54 435464 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-10-29 17:49 . 2015-11-11 18:33 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-11 18:33 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-11 18:33 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-11 18:33 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39 . 2015-11-11 18:33 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-13 01:29 . 2015-10-13 01:29 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-12 11:12 . 2014-04-29 14:54 115640 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-10-12 11:12 . 2014-04-29 14:54 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-10-12 11:12 . 2014-04-29 14:54 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-10-12 11:12 . 2014-04-29 14:54 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-10-12 11:12 . 2014-04-29 14:54 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-10-12 11:12 . 2014-04-29 14:54 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-10-12 11:12 . 2015-10-12 11:12 313472 ----a-w- c:\windows\system32\aswBoot.exe
2015-10-12 11:12 . 2015-10-12 11:12 43112 ----a-w- c:\windows\avastSS.scr
2015-10-12 11:12 . 2015-09-08 09:36 107984 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-10-01 17:50 . 2015-10-13 19:16 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 17:50 . 2015-10-13 19:16 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 17:50 . 2015-10-13 19:16 28160 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 17:50 . 2015-10-13 19:16 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 17:50 . 2015-10-13 19:16 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 16:53 . 2015-10-13 19:16 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-18 17:47 . 2015-10-15 11:47 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-09-18 17:44 . 2015-10-15 11:47 587776 ----a-w- c:\windows\system32\invagent.dll
2015-09-18 17:44 . 2015-10-15 11:47 615936 ----a-w- c:\windows\system32\generaltel.dll
2015-09-18 17:44 . 2015-10-15 11:47 423936 ----a-w- c:\windows\system32\devinv.dll
2015-09-18 17:44 . 2015-10-15 11:47 1120768 ----a-w- c:\windows\system32\appraiser.dll
2015-09-18 17:44 . 2015-10-15 11:47 62976 ----a-w- c:\windows\system32\acmigration.dll
2015-09-18 17:35 . 2015-10-15 11:47 999936 ----a-w- c:\windows\system32\aeinv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-20 12:58 223432 ----a-w- c:\users\roman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-20 12:58 223432 ----a-w- c:\users\roman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-20 12:58 223432 ----a-w- c:\users\roman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-10-12 11:12 696120 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"uTorrent"="c:\users\roman\AppData\Roaming\uTorrent\uTorrent.exe" [2015-12-06 2026520]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\tray.exe" [2015-04-08 1010008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-06 6133520]
"M-Audio Panel Launcher"="c:\progra~1\M-Audio\M-Track\MAPanel.exe" [2013-04-24 1190096]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-10-16 157456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Users^roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameRanger.lnk]
path=c:\users\roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk
backup=c:\windows\pss\GameRanger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk]
path=c:\users\roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk
backup=c:\windows\pss\Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2015-10-28 18:49 1067736 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2012-04-13 00:05 1163072 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2015-08-24 15:27 3632112 ----a-w- c:\program files\Origin\Origin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Photosmart 5520 series (NET)]
2012-10-17 11:05 1837672 ----a-w- c:\program files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-10-16 03:47 157456 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-06-30 12:15 53288576 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2015-12-06 13:07 2026520 ----a-w- c:\users\roman\AppData\Roaming\uTorrent\uTorrent.exe
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2015-11-10 2934048]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-06-03 327296]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-10-30 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-05 51928]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 99400]
R3 Origin Client Service;Origin Client Service;c:\program files\Origin\OriginClientService.exe [2015-08-24 2007048]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-03-14 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2015-03-14 27136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-04-30 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2015-04-30 20256]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 ngvss;ngvss; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2014-06-04 18624]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-11-06 794952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-11-06 435464]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-05-24 242240]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2014-12-22 23840]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2015-03-21 212992]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-10-12 24016]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-10-12 76000]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-10-12 115640]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files\Garmin\Device Interaction Service\GarminService.exe [2015-04-08 708616]
S2 MTrackAudioDevMon;M-Track Audio Device Monitor;c:\program files\M-Audio\M-Track\AudioDevMon.exe [2013-04-24 546816]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-10-12 220752]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2014-12-22 77824]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-10-12 3219136]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-05 23256]
S3 MTRACK;Service for M-Audio M-Track;c:\windows\system32\DRIVERS\MAudioMTrack.sys [2013-04-24 446720]
S3 netr28u;RT2870 USB Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2015-03-21 1321568]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 22:56 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-30 20:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\roman\AppData\Roaming\Mozilla\Firefox\Profiles\hrpuqyjr.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Driver Booster_is1 - c:\program files\IObit\Driver Booster\unins000.exe
AddRemove-Native Instruments Massive - c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\Massive Setup PC.exe
AddRemove-Native Instruments Service Center - c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}\Service Center Setup PC.exe
AddRemove-Native Instruments Traktor 2 - c:\programdata\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}\Traktor 2 Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}\Service Center Setup PC.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9} - c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\Massive Setup PC.exe
AddRemove-{50755d67-ae60-4e47-b3d6-ce44d01b5a95} - c:\programdata\Package Cache\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}\GarminExpressInstaller.exe
AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}\Traktor 2 Setup PC.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\M-Audio\M-Track\MAPanel.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\IObit\IObit Uninstaller\UninstallMonitor.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2015-12-06 22:17:36 - machine was rebooted
ComboFix-quarantined-files.txt 2015-12-06 22:17
.
Pre-Run: 9,525,047,296 bytes free
Post-Run: 9,278,152,704 bytes free
.
- - End Of File - - 1F85A0A1530D54D64406A8A8746DE2CF
A36C5E4F47E84449FF07ED3517B43A31

Příspěvekod **jaro3** » 07 pro 2015 09:18

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaChache::
KillAll::
File::
c:\windows\Tasks\Adobe Flash Player Updater.job

Folder::
c:\program files\Skype\Updater

Driver::
SkypeUpdate

RegLock::
[HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-152358991-480044871-770115782-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online