prosim o kontrolu logu Vyřešeno

[bill.da]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:36:18, on 28.2.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
když zapnu internet tak mam domovskou stranku seznam ale před ni me tam naskoci nejaky vyhledavac OMNIBOXES v programech na odinstalovani ho mam ale nejde odinstalovat

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\top\AppData\Roaming\Seznam.cz\szninstall.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\top\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Cyti Web\bin\CytiWeb.BrowserAdapter.exe
C:\Users\top\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type= ... 3300633&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hppp&ts= ... 0063300633
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... 3300633&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... 3300633&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hppp&ts= ... 0063300633
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\top\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\top\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IHProtect Service - XTab system - C:\Program Files (x86)\XTab\ProtectService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Cyti Web - Unknown owner - C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe
O23 - Service: Util Cyti Web - Unknown owner - C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - SysTool PasSame LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8616 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[bill.da]

# AdwCleaner v4.111 - Logfile created 28/02/2015 at 12:24:09
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : top - TOP-PC
# Running from : C:\Users\top\Desktop\adwcleaner_4.111.exe
# Option : Scan

***** [ Services ] *****

Service Found : WindowsMangerProtect
Service Found : IHProtect Service
Service Found : iSafeKrnlMon
Service Found : Update Cyti Web
Service Found : Util Cyti Web
Service Found : {1a7531da-31ad-48c5-8d60-be70ecfbab93}Gw64
Service Found : {bab3007b-75f3-4020-8eee-4c923fdcb91b}Gw64

***** [ Files / Folders ] *****

File Found : C:\Windows\System32\drivers\{1a7531da-31ad-48c5-8d60-be70ecfbab93}Gw64.sys
File Found : C:\Windows\System32\drivers\{bab3007b-75f3-4020-8eee-4c923fdcb91b}Gw64.sys
File Found : C:\Windows\System32\log\iSafeKrnlCall.log
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Cyti Web
Folder Found : C:\Program Files (x86)\Cyti Web
Folder Found : C:\Program Files (x86)\XTab
Folder Found : C:\ProgramData\IHProtectUpDate
Folder Found : C:\ProgramData\WindowsMangerProtect
Folder Found : C:\Users\top\AppData\LocalLow\Conduit

***** [ Scheduled tasks ] *****

Task Found : LaunchSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\simplytech
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\simplytech
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Cyti Web
Key Found : HKLM\SOFTWARE\IHProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\SupTab
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Cyti Web
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Cyti Web
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type= ... 3300633&q={searchTerms}
*************************

AdwCleaner[R0].txt - [4245 bytes] - [28/02/2015 12:24:09]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4304 bytes] ##########

[bill.da]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28.2.2015
Scan Time: 12:36:25
Logfile: anti-malware.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.28.02
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: top

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334338
Time Elapsed: 9 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 9
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1720, , [d2003de6d6b4d4625c7443238d7326da]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 2292, , [ece6fb2879111323856575979a6808f8]
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe, 2540, , [22b0eb389bef5ed85b5f0102e91924dc]
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe, 2648, , [2ba7bf648ffb47ef01b9c73c79898b75]
PUP.Optional.Girafarri, C:\Program Files (x86)\Cyti Web\bin\CytiWeb.BrowserAdapter.exe, 2924, , [8d45a77c69215bdb841e1e1aeb1a5da3]
PUP.Optional.Girafarri, C:\Program Files (x86)\Cyti Web\bin\CytiWeb.BrowserAdapter64.exe, 3188, , [02d033f02e5c6fc7dbc8f84042c37090]
PUP.Optional.CytiWeb, C:\Program Files (x86)\Cyti Web\bin\CytiWeb.PurBrowse64.exe, 5892, , [567cbe653f4b1f17772dd464df2656aa]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, 3396, , [b51d3ae9701a74c26a7ff4b036cdca36]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\HPNotify.exe, 4304, , [b51d3ae9701a74c26a7ff4b036cdca36]

Modules: 9
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\bab3007b75f340208eee4c923fdcb91b.dll, , [62700f14bbcf0d29d885deb4ae554cb4],

Registry Keys: 34
PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, , [d2003de6d6b4d4625c7443238d7326da],
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, , [ece6fb2879111323856575979a6808f8],
PUP.Optional.CytiWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Cyti Web, , [22b0eb389bef5ed85b5f0102e91924dc],
PUP.Optional.CytiWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Cyti Web, , [2ba7bf648ffb47ef01b9c73c79898b75],
PUP.Optional.Girafarri, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{1a7531da-31ad-48c5-8d60-be70ecfbab93}Gw64, , [5e747da6a7e3171fed1878ad4fb33fc1],
PUP.Optional.Girafarri, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{bab3007b-75f3-4020-8eee-4c923fdcb91b}Gw64, , [e7ebbd66bbcf59dd2ed74fd6788a03fd],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [6171a083632765d113b5e92e6a999e62],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [6171a083632765d113b5e92e6a999e62],
PUP.Optional.SupTab.A, HKU\S-1-5-21-2748151026-3510737685-103085729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [6171a083632765d113b5e92e6a999e62],
PUP.Optional.SupTab.A, HKU\S-1-5-21-2748151026-3510737685-103085729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [6171a083632765d113b5e92e6a999e62],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [5c76d251a5e59c9aeacd25e5976edd23],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\Cyti Web, , [2ca651d25b2fa096ff78bfe82bd80af6],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, , [f4decd566b1fa393cf193c68a45f8f71],
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\omniboxesSoftware, , [884a70b3b7d395a1abe4c9d318eb2cd4],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, , [f6dc28fb9af047efc12c968862a3cb35],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [765c77ac672390a6cdea7b8fc63fff01],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, , [80529291c4c6d16521679409669d9a66],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, , [854de0434a405bdb2e59c8d5a75c53ad],
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, , [3d95f72ce1a942f4cc6858557a89eb15],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, , [874b0b183d4dab8b82035a4346bd34cc],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [21b177ac6e1cad89e9c0c9f1fe052bd5],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [89499291464455e1de06cee1e3205ea2],
PUP.Optional.Softonic.A, HKU\S-1-5-21-2748151026-3510737685-103085729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, , [844edd46dcae8caabea3adfcf40f7c84],
PUP.Optional.Qone8, HKU\S-1-5-21-2748151026-3510737685-103085729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [c60ce0430783ca6c575fff0b0bfa857b],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2748151026-3510737685-103085729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, , [a32fe63d5436092d7b0b9eff22e1d42c],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\omniboxes uninstall, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],

Registry Values: 1
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, obw, , [21b177ac6e1cad89e9c0c9f1fe052bd5]

Registry Data: 8
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.omniboxes.com/?type=hppp&ts= ... 0063300633, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hppp&ts= ... 0063300633),,[577b93909befc27416ac0fc62cd960a0]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[9f3366bd404a4ceafab3a3300bfa8e72]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.omniboxes.com/web/?type=ds&t ... 3300633&q={searchTerms}, Good: (www.google.com), Bad: (http://www.omniboxes.com/web/?type=ds&t ... 3300633&q={searchTerms}),,[27ab1d061476f4428939fbda13f2f60a]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.omniboxes.com/?type=hppp&ts= ... 0063300633, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hppp&ts= ... 0063300633),,[00d2e63d107a5dd9329004d17f86a25e]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.omniboxes.com/?type=hppp&ts= ... 0063300633, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hppp&ts= ... 0063300633),,[bd15fa29008abf77d5ed35a06a9bb64a]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.omniboxes.com/web/?type=ds&t ... 3300633&q={searchTerms}, Good: (www.google.com), Bad: (http://www.omniboxes.com/web/?type=ds&t ... 3300633&q={searchTerms}),,[a62c0a19296194a2c9f94a8b8580fc04]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[fed463c0880282b487266a699b6a8a76]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2748151026-3510737685-103085729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?type= ... 3300633&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type= ... 3300633&q={searchTerms}),,[825060c32b5fa29483935b6c21e4847c]

Folders: 38
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [ede58a99385295a1807cb6c18380ca36],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [ede58a99385295a1807cb6c18380ca36],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\plugins, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\TEMP, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, , [fcd6f92a692144f25340a4f00cf77090],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, , [fcd6f92a692144f25340a4f00cf77090],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\code, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],

Files: 134
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, , [d2003de6d6b4d4625c7443238d7326da],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, , [ece6fb2879111323856575979a6808f8],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe, , [22b0eb389bef5ed85b5f0102e91924dc],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe, , [2ba7bf648ffb47ef01b9c73c79898b75],
PUP.Optional.Girafarri, C:\Program Files (x86)\Cyti Web\bin\CytiWeb.BrowserAdapter.exe, , [8d45a77c69215bdb841e1e1aeb1a5da3],
PUP.Optional.Girafarri, C:\Program Files (x86)\Cyti Web\bin\CytiWeb.BrowserAdapter64.exe, , [02d033f02e5c6fc7dbc8f84042c37090],
PUP.Optional.CytiWeb, C:\Program Files (x86)\Cyti Web\bin\CytiWeb.PurBrowse64.exe, , [567cbe653f4b1f17772dd464df2656aa],
PUP.Optional.Girafarri, C:\Windows\System32\drivers\{1a7531da-31ad-48c5-8d60-be70ecfbab93}Gw64.sys, , [5e747da6a7e3171fed1878ad4fb33fc1],
PUP.Optional.Girafarri, C:\Windows\System32\drivers\{bab3007b-75f3-4020-8eee-4c923fdcb91b}Gw64.sys, , [e7ebbd66bbcf59dd2ed74fd6788a03fd],
PUP.Optional.SupTab.A, C:\Program Files (x86)\XTab\SupTab.dll, , [6171a083632765d113b5e92e6a999e62],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\HPNotify.exe, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, , [b51d3ae9701a74c26a7ff4b036cdca36],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [ede58a99385295a1807cb6c18380ca36],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\ihoainikahpmookibeibjhpginclnain.crx, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\updateCytiWeb.InstallState, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\BrowserAdapter.7z, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\1a7531da31ad48c58d60.dll, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\1a7531da31ad48c58d6064.dll, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\1a7531da31ad48c58d60be70ecfbab93.dll, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\1a7531da31ad48c58d60be70ecfbab9364.dll, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\7za.exe, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\bab3007b75f340208eee.dll, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\bab3007b75f340208eee4c923fdcb91b.dll, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\bab3007b75f340208eee4c923fdcb91b64.dll, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\bab3007b75f340208eee64.dll, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\CytiWeb.PurBrowseG.zip, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\eula.txt, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\sqlite3.dll, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.InstallState, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.BrowserAdapter.dll, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.CompatibilityChecker.dll, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.ExpExt.dll, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.FFUpdate.dll, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.GCUpdate.dll, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.PurBrowseG.dll, , [62700f14bbcf0d29d885deb4ae554cb4],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, , [fcd6f92a692144f25340a4f00cf77090],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\469.json, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\MessageBox.xml, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\uninstallDlg2.xml, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\UninstallManager.exe, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\bg.png, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\bg1.png, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\bk_shadow.png, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\button.png, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\button1.png, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\checkbox.png, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\checkbox_select.png, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\checked.png, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\close.png, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\loading_bg.png, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\loading_light.png, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\min.png, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\scrollbar.bmp, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\Thumbs.db, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\unchecked.png, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\code\code1.jpg, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\code\code2.jpg, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\code\code3.jpg, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\code\code4.jpg, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\code\code5.jpg, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\code\code6.jpg, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\code\Thumbs.db, , [d8fa3ee5bcce37ff7ed0e9b007fc9070],

Physical Sectors: 0
(No malicious items detected)


(end)

[Orcus]

Znovu spusť MbAM a dej Skenovat nyní
Po proběhnutí programu se ti objeví hláška, tak klikni na „Vše do karantény“ -> „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a ulož na Plochu.
Zkopíruj sem celý obsah toho logu.

====================================================

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

===

[bill.da]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 28.2.2015
Čas skenování: 15:46:01
Protokol: PC HELP.txt
Správce: Ano

Verze: 2.00.4.1028
Databáze malwaru: v2015.02.28.03
Databáze rootkitů: v2015.02.25.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: top

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 334533
Uplynulý čas: 9 min, 42 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 9
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1676, Smazat při restartu, [c50eac7777132e08f7d94323966a7f81]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 2328, Smazat při restartu, [a52e8a99dbafef47d01d13f9dc2650b0]
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe, 2568, Smazat při restartu, [a82b2300afdb0c2a5766f310e31f718f]
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe, 2796, Smazat při restartu, [2da6869d6228eb4b6954be45a2600ff1]
PUP.Optional.CytiWeb, C:\Program Files (x86)\Cyti Web\bin\CytiWeb.PurBrowse64.exe, 5076, Smazat při restartu, [bb18968dc5c5bd79736cb385a0654db3]
PUP.Optional.Girafarri, C:\Program Files (x86)\Cyti Web\bin\CytiWeb.BrowserAdapter64.exe, 4704, Smazat při restartu, [973c44df305a8aac9f3fcc6ca46139c7]
PUP.Optional.Girafarri, C:\Program Files (x86)\Cyti Web\bin\CytiWeb.BrowserAdapter.exe, 3436, Smazat při restartu, [5d7681a2eb9f91a5736acc6cc5408779]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, 2748, Smazat při restartu, [ae25ec37a3e7cf67bc68772ee71cf40c]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\HPNotify.exe, 3316, Smazat při restartu, [ae25ec37a3e7cf67bc68772ee71cf40c]

Moduly: 9
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, Smazat při restartu, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, Smazat při restartu, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Smazat při restartu, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Smazat při restartu, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Smazat při restartu, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Smazat při restartu, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Smazat při restartu, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Smazat při restartu, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\bab3007b75f340208eee4c923fdcb91b.dll, Smazat při restartu, [f6ddf52e8a00ae8892fca0f20201ea16],

Klíče registru: 34
PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, Do karantény, [c50eac7777132e08f7d94323966a7f81],
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, Do karantény, [a52e8a99dbafef47d01d13f9dc2650b0],
PUP.Optional.CytiWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Cyti Web, Do karantény, [a82b2300afdb0c2a5766f310e31f718f],
PUP.Optional.CytiWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Cyti Web, Do karantény, [2da6869d6228eb4b6954be45a2600ff1],
PUP.Optional.Girafarri, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{1a7531da-31ad-48c5-8d60-be70ecfbab93}Gw64, Do karantény, [9e35dd46197196a051b7f72e986a37c9],
PUP.Optional.Girafarri, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{bab3007b-75f3-4020-8eee-4c923fdcb91b}Gw64, Do karantény, [6d66d2514743999d36d26abbd72b2ed2],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Do karantény, [0ec527fc8802fb3b7b7ef91e748f44bc],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Do karantény, [0ec527fc8802fb3b7b7ef91e748f44bc],
PUP.Optional.SupTab.A, HKU\S-1-5-21-2748151026-3510737685-103085729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Do karantény, [0ec527fc8802fb3b7b7ef91e748f44bc],
PUP.Optional.SupTab.A, HKU\S-1-5-21-2748151026-3510737685-103085729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Do karantény, [0ec527fc8802fb3b7b7ef91e748f44bc],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Do karantény, [567d5ac92e5c75c1a052ff0bf60f0df3],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\Cyti Web, Do karantény, [b3201c077812c571387afcab768db54b],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Do karantény, [528142e1b7d3270f42e1bce9867dcc34],
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\omniboxesSoftware, Do karantény, [71628d965d2de155ba10950708fbea16],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Do karantény, [ebe8f62da2e883b3cf598897ce37d828],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Do karantény, [22b16fb4f89284b227cb38d215f0758b],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Do karantény, [ac2733f0cebc1026a221128b57ac669a],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Do karantény, [d1027ba88ffb8da9883a8f0e798abb45],
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, Do karantény, [ba1950d3ec9e52e4551a7835956ec23e],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Do karantény, [ddf6fc2716746dc9dee298058b782fd1],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Do karantény, [825102211b6f77bf44a0d7e3ac5723dd],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Do karantény, [61728e95286284b2eb34ae02986b1ce4],
PUP.Optional.Softonic.A, HKU\S-1-5-21-2748151026-3510737685-103085729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, Do karantény, [bf14c85b6f1bb97d1b81fbae847f6c94],
PUP.Optional.Qone8, HKU\S-1-5-21-2748151026-3510737685-103085729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Do karantény, [c50e978c0c7e05310be6fe0ce71e58a8],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2748151026-3510737685-103085729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, Do karantény, [6f64ed366822fe384d74d6c7f1125ba5],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\omniboxes uninstall, Do karantény, [2fa4a47f64269e9868177326729121df],

Hodnoty registru: 1
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, obw, Do karantény, [825102211b6f77bf44a0d7e3ac5723dd]

Data registru: 8
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.omniboxes.com/?type=hppp&ts= ... 0063300633, Dobré: (www.google.com), Špatné: (http://www.omniboxes.com/?type=hppp&ts= ... 0063300633),Nahrazeno,[0dc6fd26eaa0e452ed1109ccf90cc739]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Nahrazeno,[587bda49098181b518d1ab28b253cd33]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.omniboxes.com/web/?type=ds&t ... 3300633&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://www.omniboxes.com/web/?type=ds&t ... 3300633&q={searchTerms}),Nahrazeno,[63705cc76723f93d5ba3ece9b74e13ed]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.omniboxes.com/?type=hppp&ts= ... 0063300633, Dobré: (www.google.com), Špatné: (http://www.omniboxes.com/?type=hppp&ts= ... 0063300633),Nahrazeno,[1fb4150e2b5f3ff743bb5c7981843dc3]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.omniboxes.com/?type=hppp&ts= ... 0063300633, Dobré: (www.google.com), Špatné: (http://www.omniboxes.com/?type=hppp&ts= ... 0063300633),Nahrazeno,[a82b9291fa903bfb9668e0f549bccf31]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.omniboxes.com/web/?type=ds&t ... 3300633&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://www.omniboxes.com/web/?type=ds&t ... 3300633&q={searchTerms}),Nahrazeno,[597af62da2e895a129d56f668e77af51]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Nahrazeno,[b71cc55e3a502b0b78712aa928dd827e]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2748151026-3510737685-103085729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?type= ... 3300633&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://www.mystartsearch.com/web/?type= ... 3300633&q={searchTerms}),Nahrazeno,[f3e092911f6b9b9b8cc60dbad035b54b]

Složky: 38
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, Smazat při restartu, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Smazat při restartu, [666d121125654ee879b4c7b1649fbc44],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Do karantény, [666d121125654ee879b4c7b1649fbc44],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web, Smazat při restartu, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin, Smazat při restartu, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\plugins, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\TEMP, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, Do karantény, [f8db9390593148eef1d33361da29b44c],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, Do karantény, [f8db9390593148eef1d33361da29b44c],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\code, Do karantény, [2fa4a47f64269e9868177326729121df],

Soubory: 134
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Smazat při restartu, [c50eac7777132e08f7d94323966a7f81],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, Smazat při restartu, [a52e8a99dbafef47d01d13f9dc2650b0],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe, Smazat při restartu, [a82b2300afdb0c2a5766f310e31f718f],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe, Smazat při restartu, [2da6869d6228eb4b6954be45a2600ff1],
PUP.Optional.CytiWeb, C:\Program Files (x86)\Cyti Web\bin\CytiWeb.PurBrowse64.exe, Smazat při restartu, [bb18968dc5c5bd79736cb385a0654db3],
PUP.Optional.Girafarri, C:\Program Files (x86)\Cyti Web\bin\CytiWeb.BrowserAdapter64.exe, Smazat při restartu, [973c44df305a8aac9f3fcc6ca46139c7],
PUP.Optional.Girafarri, C:\Program Files (x86)\Cyti Web\bin\CytiWeb.BrowserAdapter.exe, Smazat při restartu, [5d7681a2eb9f91a5736acc6cc5408779],
PUP.Optional.Girafarri, C:\Windows\System32\drivers\{1a7531da-31ad-48c5-8d60-be70ecfbab93}Gw64.sys, Do karantény, [9e35dd46197196a051b7f72e986a37c9],
PUP.Optional.Girafarri, C:\Windows\System32\drivers\{bab3007b-75f3-4020-8eee-4c923fdcb91b}Gw64.sys, Do karantény, [6d66d2514743999d36d26abbd72b2ed2],
PUP.Optional.SupTab.A, C:\Program Files (x86)\XTab\SupTab.dll, Do karantény, [0ec527fc8802fb3b7b7ef91e748f44bc],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, Smazat při restartu, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, Smazat při restartu, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\HPNotify.exe, Smazat při restartu, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, Smazat při restartu, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Smazat při restartu, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Smazat při restartu, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, Do karantény, [ae25ec37a3e7cf67bc68772ee71cf40c],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Do karantény, [666d121125654ee879b4c7b1649fbc44],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\ihoainikahpmookibeibjhpginclnain.crx, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\updateCytiWeb.InstallState, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\1a7531da31ad48c58d60.dll, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\1a7531da31ad48c58d6064.dll, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\1a7531da31ad48c58d60be70ecfbab93.dll, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\1a7531da31ad48c58d60be70ecfbab9364.dll, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\7za.exe, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\bab3007b75f340208eee.dll, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\bab3007b75f340208eee4c923fdcb91b.dll, Smazat při restartu, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\bab3007b75f340208eee4c923fdcb91b64.dll, Smazat při restartu, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\bab3007b75f340208eee64.dll, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\BrowserAdapter.7z, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\CytiWeb.PurBrowseG.zip, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\eula.txt, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\sqlite3.dll, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.InstallState, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.BrowserAdapter.dll, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.CompatibilityChecker.dll, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.ExpExt.dll, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.FFUpdate.dll, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.GCUpdate.dll, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.CytiWeb.A, C:\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.PurBrowseG.dll, Do karantény, [f6ddf52e8a00ae8892fca0f20201ea16],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, Do karantény, [f8db9390593148eef1d33361da29b44c],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\469.json, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\MessageBox.xml, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\uninstallDlg2.xml, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\UninstallManager.exe, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\bg.png, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\bg1.png, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\bk_shadow.png, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\button.png, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\button1.png, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\checkbox.png, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\checkbox_select.png, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\checked.png, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\close.png, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\loading_bg.png, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\loading_light.png, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\min.png, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\scrollbar.bmp, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\Thumbs.db, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\unchecked.png, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\code\code1.jpg, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\code\code2.jpg, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\code\code3.jpg, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\code\code4.jpg, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\code\code5.jpg, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\code\code6.jpg, Do karantény, [2fa4a47f64269e9868177326729121df],
PUP.Optional.Omniboxes.A, C:\Users\top\AppData\Roaming\omniboxes\images\code\Thumbs.db, Do karantény, [2fa4a47f64269e9868177326729121df],

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)


(end)

[bill.da]

# AdwCleaner v4.111 - Logfile created 28/02/2015 at 16:04:55
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : top - TOP-PC
# Running from : C:\Users\top\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : WindowsMangerProtect
Service Deleted : IHProtect Service
[#] Service Deleted : iSafeKrnlMon
[#] Service Deleted : Update Cyti Web
[#] Service Deleted : Util Cyti Web

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\Cyti Web
Folder Deleted : C:\Program Files (x86)\XTab
[!] Folder Deleted : C:\Program Files (x86)\Cyti Web
Folder Deleted : C:\Users\top\AppData\LocalLow\Conduit
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log

***** [ Scheduled tasks ] *****

Task Deleted : LaunchSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Cyti Web
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Cyti Web
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


*************************

AdwCleaner[R0].txt - [4411 bytes] - [28/02/2015 12:24:09]
AdwCleaner[R1].txt - [2814 bytes] - [28/02/2015 16:03:19]
AdwCleaner[S0].txt - [2511 bytes] - [28/02/2015 16:04:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2570 bytes] ##########

[bill.da]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by top on so 28.02.2015 at 16:11:05,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 28.02.2015 at 16:14:19,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[bill.da]

RogueKiller V10.4.3.0 (x64) [Feb 23 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : top [Práva správce]
Mód : Prohledat -- Datum : 02/28/2015 16:34:05

¤¤¤ Procesy : 1 ¤¤¤
[Suspicious.Path] szndesktop.exe(3700) -- C:\Users\top\AppData\Roaming\Seznam.cz\bin\szndesktop.exe[7] -> Zastaveno [TermProc]

¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2748151026-3510737685-103085729-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\top\AppData\Roaming\Seznam.cz\szninstall.exe" -c -> Nalezeno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2748151026-3510737685-103085729-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\top\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2748151026-3510737685-103085729-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\top\AppData\Roaming\Seznam.cz\szninstall.exe" -c -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2748151026-3510737685-103085729-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\top\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2748151026-3510737685-103085729-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2748151026-3510737685-103085729-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD800JB-00JJC0 ATA Device +++++
--- User ---
[MBR] 0551257f0fb1d647b5003065929b0c64
[BSP] bc0806a5187bb02ad33d88e2144735ad : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HD403LJ SCSI Disk Device +++++
--- User ---
[MBR] 4d8cc1087efa52035c64681850ead9ed
[BSP] 50c3ee920d1adb40d8b65f928e1a3bb9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 120134 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 246051533 | Size: 261409 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )

+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

[Orcus]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

====================================================

Co problémy? + nový log z HJT

[bill.da]

RogueKiller V10.4.3.0 (x64) [Feb 23 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : top [Práva správce]
Mód : Smazat -- Datum : 02/28/2015 21:50:49

¤¤¤ Procesy : 1 ¤¤¤
[Suspicious.Path] szndesktop.exe(1184) -- C:\Users\top\AppData\Roaming\Seznam.cz\bin\szndesktop.exe[7] -> Zastaveno [TermProc]

¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2748151026-3510737685-103085729-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\top\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7][x] -> Smazáno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2748151026-3510737685-103085729-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\top\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7][x] -> Smazáno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2748151026-3510737685-103085729-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\top\AppData\Roaming\Seznam.cz\szninstall.exe" -c -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2748151026-3510737685-103085729-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\top\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2748151026-3510737685-103085729-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nevybráno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2748151026-3510737685-103085729-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nevybráno
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2748151026-3510737685-103085729-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nevybráno
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2748151026-3510737685-103085729-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nevybráno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nevybráno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nevybráno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nevybráno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nevybráno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD800JB-00JJC0 ATA Device +++++
--- User ---
[MBR] 0551257f0fb1d647b5003065929b0c64
[BSP] bc0806a5187bb02ad33d88e2144735ad : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HD403LJ SCSI Disk Device +++++
--- User ---
[MBR] 4d8cc1087efa52035c64681850ead9ed
[BSP] 50c3ee920d1adb40d8b65f928e1a3bb9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 120134 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 246051533 | Size: 261409 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )

+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )


============================================
RKreport_SCN_02282015_163400.log - RKreport_SCN_02282015_214756.log

[bill.da]

Zoek.exe v5.0.0.0 Updated 26-February-2015
Tool run by top on so 28.02.2015 at 22:26:51,32.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\top\Desktop\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]

==== Older Logs ======================

C:\zoek-results2015-02-28-211847.log 297507 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-02-27 23:02:03 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2015-02-27 23:02:03 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2015-02-27 23:02:03 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2015-02-27 23:02:03 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2015-02-27 23:02:02 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2015-02-23 19:45:12 9C661A2CD2CD5B074A46616C94627923 432128 ----a-w- C:\Windows\bink2w64.dll
2015-02-22 12:59:36 332FEAB1435662FC6C672E25BEB37BE3 2871808 ----a-w- C:\Windows\explorer.exe
2015-02-22 12:59:18 127AA81343A7C6F665C22CB1293B0A90 67072 ----a-w- C:\Windows\splwow64.exe
2015-02-22 08:42:58 DB20465389EB05512EFCDA13AFA8B3C3 579 ----a-w- C:\Windows\ka.ini
2015-02-21 18:28:27 A4378F2180E5281DB853A8D2EF0391CB 77824 ----a-w- C:\Windows\xinput1_3.dll
2015-02-21 17:50:00 2A7B78F4CFA0F1A5655891DDAACEFAD9 1706640 ----a-w- C:\Windows\RtlExUpd.dll
2015-02-21 15:00:08 163A95975E1D8819E653AA3E961371CA 51200 ----a-w- C:\Windows\twain_32.dll
2015-02-21 15:00:06 317CD1CE327B6520BF4EE007BCD39E61 71168 ----a-w- C:\Windows\bfsvc.exe
====== C:\Users\top\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-02-27 18:12:18 A09B87198FFB8075358AB1466E5C7E29 14232 ----a-w- C:\Windows\SysWOW64\sh4native.exe
2015-02-26 21:47:40 DC7A3BC0FC185CD68848DC6F7D7B026B 40960 --s-a-w- C:\Windows\SysWOW64\SSubTmr6.dll
2015-02-26 21:47:40 CFF867572B44212B01B711C1FA009537 101888 --s-a-w- C:\Windows\SysWOW64\VB6STKIT.DLL
2015-02-26 21:47:40 4C6F2D2CE86330335801F2982B26223E 89360 --s-a-w- C:\Windows\SysWOW64\VB5DB.DLL
2015-02-26 21:47:39 ECC7D7F0D3446DE36045D1D9E964FAFE 1081616 --s-a-w- C:\Windows\SysWOW64\MSCOMCTL.OCX
2015-02-26 21:47:39 EB4A8F35A70A887FE32F43A3AA7D4E9A 203976 --s-a-w- C:\Windows\SysWOW64\RICHTX32.OCX
2015-02-26 21:47:39 E8A2190A9E8EE5E5D2E0B599BBF9DDA6 124688 --s-a-w- C:\Windows\SysWOW64\MSWINSCK.OCX
2015-02-26 21:47:39 E370CF000FE8A20E565198AF97D49D7C 561179 --s-a-w- C:\Windows\SysWOW64\dao360.dll
2015-02-26 21:47:39 B73809A916E6D7C1AE56F182A2E8F7E2 140488 --s-a-w- C:\Windows\SysWOW64\comdlg32.ocx
2015-02-26 21:47:39 90A39346E9B67F132EF133725C487FF6 132880 --s-a-w- C:\Windows\SysWOW64\MSINET.OCX
2015-02-23 21:08:35 11996C1FD2D437347654E660DE9144A7 609240 ----a-w- C:\Windows\SysWOW64\nvStreaming.exe
2015-02-22 12:59:36 8B88EBBB05A0E56B7DCC708498C02B3E 2616320 ----a-w- C:\Windows\SysWOW64\explorer.exe
2015-02-22 12:59:29 0C9988BDA3CEC3C421B773982C5E2EC6 5703168 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2015-02-22 11:30:16 6C4B2E1A25841077084EB9F76FF6FFA7 11410432 ----a-w- C:\Windows\SysWOW64\wmp.dll
2015-02-22 11:30:16 02DF0628BE8B64B84D50FBE53549AA3B 12625408 ----a-w- C:\Windows\SysWOW64\wmploc.DLL
2015-02-22 11:27:27 AB5EFB103DB01C1912C9D2F545EA5621 17920 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll
2015-02-22 11:27:27 8DEEE20D8D30E9B0FBDCA31E58A027BD 53248 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
2015-02-22 11:27:27 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2015-02-22 11:27:27 2EFB1279E7BEA7D12D9F4D6508D27880 50176 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-02-22 11:27:26 5E676B296B762E211D83B87635F2C330 855552 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll
2015-02-22 11:24:04 1CAC942CA7BF565FF01084056F71F0F8 1557208 ----a-w- C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-22 11:18:03 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\Windows\SysWOW64\rdpendp_winip.dll
2015-02-22 11:14:44 D17954CA6343F43B62637F51996B4E95 23040 ----a-w- C:\Windows\SysWOW64\mfpmp.exe
2015-02-22 11:14:44 60FBCF033FF42A40C916C01A962A8802 50176 ----a-w- C:\Windows\SysWOW64\rrinstaller.exe
2015-02-22 11:14:44 52096F5F476733F2E2725CF346FF373B 2048 ----a-w- C:\Windows\SysWOW64\mferror.dll
2015-02-22 11:14:44 20257A0BFB824B49055A6EEC29C72C03 103424 ----a-w- C:\Windows\SysWOW64\mfps.dll
2015-02-22 11:14:43 FF0A6E76FAE624AC74780AB008752F98 3209728 ----a-w- C:\Windows\SysWOW64\mf.dll
2015-02-22 11:10:41 2413D2216D08FAF7D7178D9E0B481AEB 2285056 ----a-w- C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-02-22 11:06:39 50C73E54062BA252350F3F29580E28DA 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll
2015-02-22 11:06:28 E01D2AC63453534DB8AD1EA97DEE9C3A 594944 ----a-w- C:\Windows\SysWOW64\RMActivate_isv.exe
2015-02-22 11:06:27 BBCE3E9E74C7CEA47FA4115B360AC2C6 423936 ----a-w- C:\Windows\SysWOW64\secproc_isv.dll
2015-02-22 11:06:27 6142C5540C8D2764D59CBC11AF4A5900 572416 ----a-w- C:\Windows\SysWOW64\RMActivate.exe
2015-02-22 11:06:27 0F5FEF37588AF457E02125674F171A4F 508928 ----a-w- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-02-22 11:06:27 08D323750350A8A29611D1004C0CF319 510976 ----a-w- C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-02-22 11:06:26 9158DBE2F8483434FC72F320690C9DB8 87040 ----a-w- C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-02-22 11:06:26 7FA485555BF802FE3DB5598004DBDFAC 390144 ----a-w- C:\Windows\SysWOW64\msdrm.dll
2015-02-22 11:06:26 58712A48D31B40EBCB35B47205F87771 87040 ----a-w- C:\Windows\SysWOW64\secproc_ssp.dll
2015-02-22 11:06:26 12A9F24DC9F465DA79AC2272D829A81E 428032 ----a-w- C:\Windows\SysWOW64\secproc.dll
2015-02-22 11:06:19 ED59143843560B5EDB543C2A48CB9E4B 45568 ----a-w- C:\Windows\SysWOW64\oflc-nz.rs
2015-02-22 11:06:19 A704E750245D5D4EE4A23E99A00F27D5 46592 ----a-w- C:\Windows\SysWOW64\fpb.rs
2015-02-22 11:06:19 A067A19A91C2AA0198F9BD01A5CEF5C6 21504 ----a-w- C:\Windows\SysWOW64\grb.rs
2015-02-22 11:06:19 9EDCFA23CC081E38C86CA309D0F7E3DC 30720 ----a-w- C:\Windows\SysWOW64\usk.rs
2015-02-22 11:06:19 9B7D7F4D1F79E8B7D727BE94B1630D59 44544 ----a-w- C:\Windows\SysWOW64\pegibbfc.rs
2015-02-22 11:06:19 6EC618588447B82EA8D88719EE46F725 43520 ----a-w- C:\Windows\SysWOW64\csrr.rs
2015-02-22 11:06:19 5109C45498BC709C8A7E016D5FFCCAC2 20480 ----a-w- C:\Windows\SysWOW64\pegi.rs
2015-02-22 11:06:19 4F5C56DBF076D5BBB1D22B37BF281396 20480 ----a-w- C:\Windows\SysWOW64\pegi-pt.rs
2015-02-22 11:06:19 41CE7975CAD7BCF92538D2C452239523 40960 ----a-w- C:\Windows\SysWOW64\cob-au.rs
2015-02-22 11:06:19 27828AAA24AA46F11036954ADE355C1C 15360 ----a-w- C:\Windows\SysWOW64\djctq.rs
2015-02-22 11:06:18 64E211E0FDFCE4D186DF58BB7D0503BC 2576384 ----a-w- C:\Windows\SysWOW64\gameux.dll
2015-02-22 11:06:17 DDD1C4AB9A9DAE6D4092C4C95E714650 51712 ----a-w- C:\Windows\SysWOW64\esrb.rs
2015-02-22 11:06:17 CBC69A055EF410CBD65593E4808B6DB4 23552 ----a-w- C:\Windows\SysWOW64\oflc.rs
2015-02-22 11:06:17 72035C97983745E742D71E9A8EF70BBB 20480 ----a-w- C:\Windows\SysWOW64\pegi-fi.rs
2015-02-22 11:06:17 43C9CF6825CEA58F1815B7C3DBBB385C 308736 ----a-w- C:\Windows\SysWOW64\Wpc.dll
2015-02-22 11:06:16 7752619457598CF057C4CC02A0867029 55296 ----a-w- C:\Windows\SysWOW64\cero.rs
2015-02-22 11:06:08 5D1BFF0FCE80F9E2E539F436710D4A79 31232 ----a-w- C:\Windows\SysWOW64\prevhost.exe
2015-02-22 11:05:59 5C3F9DBA818CD93379D1A0F215270374 1699328 ----a-w- C:\Windows\SysWOW64\esent.dll
2015-02-22 11:05:58 B4834F08230A2EB7F498DE4E5B6AB814 74240 ----a-w- C:\Windows\SysWOW64\fsutil.exe
2015-02-22 11:05:52 06FC8A93A4FA1F42A3D1D06694F2B339 419992 ----a-w- C:\Windows\SysWOW64\locale.nls
2015-02-22 11:05:51 C7673B3F8BB35221B42D67BF7ADAFDFD 7168 ----a-w- C:\Windows\SysWOW64\KBDYAK.DLL
2015-02-22 11:05:51 730B7C639957EA0BF37C1459831A1E19 6656 ----a-w- C:\Windows\SysWOW64\KBDRU1.DLL
2015-02-22 11:05:51 72222991598E173BBE1429426926C020 7168 ----a-w- C:\Windows\SysWOW64\KBDTAT.DLL
2015-02-22 11:05:51 45B308F20FEF040BD7321E85F69DF5E2 6656 ----a-w- C:\Windows\SysWOW64\KBDRU.DLL
2015-02-22 11:05:50 2BD0519015E899A2FF52210CC5875F88 6656 ----a-w- C:\Windows\SysWOW64\KBDBASH.DLL
2015-02-22 11:05:47 465DBF63A5049E4DB4BC5C12FFE781CB 1549312 ----a-w- C:\Windows\SysWOW64\tquery.dll
2015-02-22 11:05:47 0241CB16136B9A4939CA0395768AE286 1401344 ----a-w- C:\Windows\SysWOW64\mssrch.dll
2015-02-22 11:05:46 E1AC89F6C5252057E6062843E36A6701 164352 ----a-w- C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-02-22 11:05:46 DB67C7C62038BDE813CB6486581A7611 337408 ----a-w- C:\Windows\SysWOW64\mssph.dll
2015-02-22 11:05:46 236F286E103FD44BD85FDD93097FD5DD 427520 ----a-w- C:\Windows\SysWOW64\SearchIndexer.exe
2015-02-22 11:05:45 A6CD6B3F71E13E2E45B727FB8A47EA87 86528 ----a-w- C:\Windows\SysWOW64\SearchFilterHost.exe
2015-02-22 11:05:45 987323F0247D023AD1AE52195540ECE0 666624 ----a-w- C:\Windows\SysWOW64\mssvp.dll
2015-02-22 11:05:45 5BDF8B0B9A3EADE3A2A6F2ED8D44E36D 197120 ----a-w- C:\Windows\SysWOW64\mssphtb.dll
2015-02-22 11:05:44 2DC6285EC4F902BE08E7C5FA6D3FD017 59392 ----a-w- C:\Windows\SysWOW64\msscntrs.dll
2015-02-22 11:05:36 E9504E484076585F6DA3C59F0E20E122 417792 ----a-w- C:\Windows\SysWOW64\WMPhoto.dll
2015-02-22 11:05:36 03F3B770DFBED6131653CEDA8CA780F0 442880 ----a-w- C:\Windows\SysWOW64\ntshrui.dll
2015-02-22 11:05:34 2C28FEC61C4AC68480A99CB7AA197FA9 248832 ----a-w- C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-22 11:05:34 1DE9BD23AFA36150586C732D876D9B74 1177088 ----a-w- C:\Windows\SysWOW64\WsmSvc.dll
2015-02-22 11:05:33 B975C202F590BBC5AA63225FBD148791 198656 ----a-w- C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-02-22 11:05:33 B6AC69FFBAA159DD5CEED814245A286D 214016 ----a-w- C:\Windows\SysWOW64\WsmWmiPl.dll
2015-02-22 11:05:33 5D9A1A3E5824CECE65871C60E5A08A1A 145920 ----a-w- C:\Windows\SysWOW64\WsmAuto.dll
2015-02-22 11:05:30 5078492B9CAC9CB721698DB51F039035 175104 ----a-w- C:\Windows\SysWOW64\netcorehc.dll
2015-02-22 11:05:30 23FC8068953C9BE2D63AE4EF1129112A 18944 ----a-w- C:\Windows\SysWOW64\netevent.dll
2015-02-22 11:05:26 A8DDB7ACB122FC36FF0D7C9B3099A380 793600 ----a-w- C:\Windows\SysWOW64\TSWorkspace.dll
2015-02-22 11:05:22 EAF4712B706936C0B10D3B5319B37E81 81920 ----a-w- C:\Windows\SysWOW64\davclnt.dll
2015-02-22 11:05:22 75E8EBD7040CE238684333F97014762A 205824 ----a-w- C:\Windows\SysWOW64\WebClnt.dll
2015-02-22 11:05:12 386BF6FD9FC562B1A5558C49E1C3A6FB 12874240 ----a-w- C:\Windows\SysWOW64\shell32.dll
2015-02-22 11:05:09 7E9917D5309A90E7576653BFE39F80D8 478720 ----a-w- C:\Windows\SysWOW64\timedate.cpl
2015-02-22 11:05:05 8229618C90801E957BADC332CE32A6C5 2048 ----a-w- C:\Windows\SysWOW64\iologmsg.dll
2015-02-22 11:05:02 A208DAC2932649CFF82A6A684D8BB1F6 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll
2015-02-22 11:05:00 BBA80D3CAB22620A6AC9BB603386EE33 519680 ----a-w- C:\Windows\SysWOW64\qdvd.dll
2015-02-22 11:05:00 9EA3783672D21817B9DF1061B54C3B3C 155136 ----a-w- C:\Windows\SysWOW64\charmap.exe
2015-02-22 11:04:57 EF71BA5DF59034962B0C62314A71351A 193536 ----a-w- C:\Windows\SysWOW64\dhcpcore6.dll
2015-02-22 11:04:56 81F6C1AE23B1C493D9E996C3103915D7 44032 ----a-w- C:\Windows\SysWOW64\dhcpcsvc6.dll
2015-02-22 11:04:52 79896A78039C9A63C56197843CFBAD0B 1987584 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll
2015-02-22 11:04:50 AFA53BD631FB0509A91A99391209BB70 301568 ----a-w- C:\Windows\SysWOW64\msieftp.dll
2015-02-22 11:04:49 EDF2A5E96BEC469DA3F64E9BDD386111 180224 ----a-w- C:\Windows\SysWOW64\xmllite.dll
2015-02-22 11:04:39 45FBAFFA68CBC29AC2563985CEE72B9C 24576 ----a-w- C:\Windows\SysWOW64\cryptdlg.dll
2015-02-22 10:55:56 E9BB0CD09DA17C71FD1B9954D75AEEF7 168960 ----a-w- C:\Windows\SysWOW64\credui.dll
2015-02-22 10:55:56 4BCC63ED1C3D15B2635A8AE2B854B3EB 152576 ----a-w- C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-02-22 10:55:44 DDE994E9159497D0D5AB2CDF66D1EAD6 76800 ----a-w- C:\Windows\SysWOW64\wdi.dll
2015-02-22 10:55:41 0C96A745A76C7DD75C5503E86D968E49 1174528 ----a-w- C:\Windows\SysWOW64\crypt32.dll
2015-02-22 10:55:40 E365C7B3EBB96451D3C9DF6B6B6900C2 179200 ----a-w- C:\Windows\SysWOW64\wintrust.dll
2015-02-22 10:55:40 623E143F2DF17C0106A9988F5D7DC878 143872 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll
2015-02-22 10:53:32 CB55B9AAB060C803BE4AD229AA0FEC28 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll
2015-02-22 09:12:15 13D186FA6F19823C598335443CE233BC 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-22 08:56:55 01BD2653F2185218837CF4A175617F8A 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2015-02-22 08:56:54 4FD3763F3917201856B0CBCE310003EA 4300800 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2015-02-22 07:29:12 1377C84C1A0741F328068E95C5D881D7 18129584 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-22 07:17:17 E51B539FEC6A6485289F650E5E7D5156 701616 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-22 07:17:17 4713ED2510365E9102172816D2CFB832 71344 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-22 06:42:40 B63A6FF4339C9B701A93D3973C7FB6D2 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2015-02-22 06:42:40 7D94A9161E8432B8521E60E064B1D737 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll
2015-02-22 06:42:40 7C893DBA0A58855A99DA68B751FD223B 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll
2015-02-22 06:42:39 F3F6BE20A03215209B61CA85B4A83E1F 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2015-02-22 06:42:39 C256EFD3655EC782F8094E96094E8F9E 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2015-02-22 06:42:39 A12D64A94EC57079C2D96A741CB4FF53 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll
2015-02-22 06:42:39 3BB446DE24501FEA5FDB9A9DB23A22AE 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2015-02-22 06:42:26 E1A4D24281526DDFEA418F729CDA9DC6 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2015-02-22 06:42:26 D87759889FE7BCAE4461439139E62BAA 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2015-02-22 06:42:26 B0F7BD3492C2D60A70F15AEADCE1E2A6 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-22 06:42:25 94B1F7CE1AAA5542923E0AD63C4D0050 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-22 06:42:25 8E8137569741D3693F88DDF94CC38C20 1307136 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2015-02-22 06:42:25 74EA6C792F57E453261DA210C1BCEB53 342712 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2015-02-22 06:42:25 3B9EF1B8E154D202D32A7765E2F33554 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-22 06:42:24 8FBC9680719ACDA9351B67D906C682F4 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2015-02-22 06:42:24 6FA05244FD2E40A3DC08337146B3C425 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2015-02-22 06:42:23 61C74D794C14E9FC94D93F5F0F72A3F9 19740160 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2015-02-22 06:42:22 47B26D89EF9973E2DD586D0C827F61A9 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2015-02-22 06:42:21 FD6AF61AF029B9BC2CF4EFF57CDD5821 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2015-02-22 06:42:21 AD3F5926EC2C1F21FB45D1CDED6E2A47 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2015-02-22 06:42:21 5FB7E9786F70F4072663746072C9E6CE 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2015-02-22 06:42:20 9A91F9B5035F54C2D0BA92CF9B16EE34 2277888 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2015-02-22 06:42:20 55A84600EAAF8F1D3F0E6206E2EF6D48 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2015-02-22 06:42:20 28B2D3CB1B4306D476200D80AF7D87AD 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2015-02-22 06:42:19 EF05E63ACC834470A07A2E73D519B5FA 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2015-02-22 06:42:19 994E7459260D315573DD72783D1B78A7 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll
2015-02-22 06:42:18 78A1A938D51D4F83A772123B93EE1612 12829184 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2015-02-22 06:42:16 180168942E4A133C55E7BBF17DA3C142 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-22 06:42:15 F285D499EC42969D963CA49EADA63218 1888256 ----a-w- C:\Windows\SysWOW64\wininet.dll
2015-02-22 06:42:15 9DEE691C8FDBC2DE6957F1AE873C78FC 503296 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2015-02-22 06:42:14 6F10743069DFFC56DEE079204960844E 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll
2015-02-22 06:32:51 867148EBF47E7E7E7B21C07B4A981929 581600 ----a-w- C:\Windows\SysWOW64\wuapi.dll
2015-02-22 06:32:51 372218B80DEF827063049EBEE76B7501 92672 ----a-w- C:\Windows\SysWOW64\wudriver.dll
2015-02-22 06:32:51 255F0417EC31C71585824269522EC8E9 36320 ----a-w- C:\Windows\SysWOW64\wups.dll
2015-02-22 06:32:44 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2015-02-22 06:32:44 5AA2CAD923E9E647276A61387E83DDD0 179656 ----a-w- C:\Windows\SysWOW64\wuwebv.dll
2015-02-21 22:50:43 AD27563BC16AB1EAACAE3033E99C2F78 194048 ----a-w- C:\Windows\SysWOW64\elshyph.dll
2015-02-21 22:50:39 C1A6E565B2782C09BC40AD749B46D9ED 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-02-21 22:50:39 9B8701A380CEE1B05D651B4ED4048C8F 645120 ----a-w- C:\Windows\SysWOW64\jsIntl.dll
2015-02-21 22:50:39 298FDE634538B62CEEEC266D8773B21A 182272 ----a-w- C:\Windows\SysWOW64\msls31.dll
2015-02-21 22:50:38 F862CD08F1AD4EE39BD506853F3C6103 16284 ----a-w- C:\Windows\SysWOW64\ieuinit.inf
2015-02-21 22:50:38 F7B6E341F4B1947BEC0E14EEBE3C627E 111616 ----a-w- C:\Windows\SysWOW64\IEAdvpack.dll
2015-02-21 22:50:38 EC7038154490E50ACD405A022F51B204 83456 ----a-w- C:\Windows\SysWOW64\inseng.dll
2015-02-21 22:50:38 D9F12F54E3B5A092F1D5F191F5286E53 337408 ----a-w- C:\Windows\SysWOW64\html.iec
2015-02-21 22:50:38 CFCE4EFF1D6D909EE2EA3AFCB8F1E677 233472 ----a-w- C:\Windows\SysWOW64\url.dll
2015-02-21 22:50:38 C17139EAF939964142C7A1AEEE02DC81 616104 ----a-w- C:\Windows\SysWOW64\ieapfltr.dat
2015-02-21 22:50:38 AE6A2C5ECD3E96556E22F12816842F60 48640 ----a-w- C:\Windows\SysWOW64\mshtmler.dll
2015-02-21 22:50:38 ABDFC692D9FE43E2BA8FE6CB5A8CB95A 13312 ----a-w- C:\Windows\SysWOW64\mshta.exe
2015-02-21 22:50:38 AB3B2CA52AFB695AFCDD2620A21E5B21 24576 ----a-w- C:\Windows\SysWOW64\licmgr10.dll
2015-02-21 22:50:38 9E170B0AF156B478BD2B1FD6A2250C9E 62464 ----a-w- C:\Windows\SysWOW64\tdc.ocx
2015-02-21 22:50:38 9A33FDDD687A836A1FD478B43C5A95FD 151552 ----a-w- C:\Windows\SysWOW64\iexpress.exe
2015-02-21 22:50:38 887055A3C8DD6C87D200D11EAFDBD45B 74240 ----a-w- C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-02-21 22:50:38 83F49FD1BC0A999B006D564C540C7258 86016 ----a-w- C:\Windows\SysWOW64\iesysprep.dll
2015-02-21 22:50:38 779E142FE2159935E78C0FA2E190FF1E 610304 ----a-w- C:\Windows\SysWOW64\jscript.dll
2015-02-21 22:50:38 6EB0B7301E00F717BD68A742D1391FAF 36352 ----a-w- C:\Windows\SysWOW64\imgutil.dll
2015-02-21 22:50:38 6A92CEC8532056791C6832B2725D170D 139264 ----a-w- C:\Windows\SysWOW64\wextract.exe
2015-02-21 22:50:38 55969AADF0210A614700F89B48976F68 43008 ----a-w- C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-21 22:50:38 53FC62C51CB18C9100A7DFAF2D2A6C47 12800 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe
2015-02-21 22:50:38 4F032F1FDEFEA5EC8EEA3562643B5EE8 69120 ----a-w- C:\Windows\SysWOW64\icardie.dll
2015-02-21 22:50:38 4BCC7EB5F20840DA67943BD86AE95735 56832 ----a-w- C:\Windows\SysWOW64\pngfilt.dll
2015-02-21 22:50:38 1AFBAA54BDF637F69B8E02A5578286B0 116736 ----a-w- C:\Windows\SysWOW64\iepeers.dll
2015-02-21 22:50:38 1200D9C7DB0ADC1B8143A0A9921BF7DA 127488 ----a-w- C:\Windows\SysWOW64\occache.dll
2015-02-21 22:50:38 03B3541AE6986602CF9CB5B3AD169C33 208384 ----a-w- C:\Windows\SysWOW64\webcheck.dll
2015-02-21 22:47:59 D67472125471784DE7147946EDA25FEB 640512 ----a-w- C:\Windows\SysWOW64\advapi32.dll
2015-02-21 22:47:59 A2B0924D50F4435FD389499047CE553A 1292192 ----a-w- C:\Windows\SysWOW64\ntdll.dll
2015-02-21 22:47:59 401D25136E26B237D77DA1BF1198B3BD 619520 ----a-w- C:\Windows\SysWOW64\tdh.dll
2015-02-21 22:46:26 E94C583CDE2348950155F2AF2876F34D 231424 ----a-w- C:\Windows\SysWOW64\mswsock.dll
2015-02-21 22:45:21 6DE66FE7C526637E74CD066461C7C871 1505280 ----a-w- C:\Windows\SysWOW64\d3d11.dll
2015-02-21 21:41:16 907281ED4AD35D41B29FFDC211EBAD80 5120 ----a-w- C:\Windows\SysWOW64\wmi.dll
2015-02-21 21:25:48 AF6655214DEBB2C8446DE843A02AAEBA 99480 ----a-w- C:\Windows\SysWOW64\infocardapi.dll
2015-02-21 21:25:47 8D466B36076BCD7997838C0DDB69764C 619672 ----a-w- C:\Windows\SysWOW64\icardagt.exe
2015-02-21 21:25:46 370FC4421ADE62FC89AC93B345570388 8856 ----a-w- C:\Windows\SysWOW64\icardres.dll
2015-02-21 21:25:35 28A8B99DE70F376B18709E6B07D6A352 35480 ----a-w- C:\Windows\SysWOW64\TsWpfWrp.exe
2015-02-21 19:19:07 B40420876B9288E0A1C8CCA8A84E5DC9 270336 ----a-w- C:\Windows\SysWOW64\dnsapi.dll
2015-02-21 19:19:06 ACBC1FB1950AC0C41944A6C8917032EF 28672 ----a-w- C:\Windows\SysWOW64\dnscacheugc.exe
2015-02-21 19:18:49 3FDB77D0BBEEB36AE35077ABC0BF80EC 319488 ----a-w- C:\Windows\SysWOW64\odbcjt32.dll
2015-02-21 19:18:48 EF37EDC20412A01DDD9A42E8D939A5A3 163840 ----a-w- C:\Windows\SysWOW64\odbctrac.dll
2015-02-21 19:18:48 E2D83DAA6A229CFDAF129189A9245889 86016 ----a-w- C:\Windows\SysWOW64\odbccu32.dll
2015-02-21 19:18:48 66ABBF38123D3113BB55EBAFCF37AB92 122880 ----a-w- C:\Windows\SysWOW64\odbccp32.dll
2015-02-21 19:18:48 534BF06B2DEE965A1389A9312545AE03 81920 ----a-w- C:\Windows\SysWOW64\odbccr32.dll
2015-02-21 19:18:45 75F5E1FE8D55CF8E577E0EC5F2290D3F 530432 ----a-w- C:\Windows\SysWOW64\comctl32.dll
2015-02-21 19:18:11 92FB57D9D865019D26346EB13E15CD75 642048 ----a-w- C:\Windows\SysWOW64\CPFilters.dll
2015-02-21 19:18:10 4D05D7A79E970398D8C687712E65A9B0 850944 ----a-w- C:\Windows\SysWOW64\sbe.dll
2015-02-21 19:18:10 246560C5B7995489F25BF9175F2B6380 199680 ----a-w- C:\Windows\SysWOW64\mpg2splt.ax
2015-02-21 19:18:06 0AE0C4955E1DE29CCDC9DA1B816FE5EE 1328128 ----a-w- C:\Windows\SysWOW64\quartz.dll
2015-02-21 19:17:35 A5F833506BF6A1B5D693E1499DEE2444 626688 ----a-w- C:\Windows\SysWOW64\usp10.dll
2015-02-21 19:17:32 FB19FC5951A88F3C523E35C2C98D23C0 314880 ----a-w- C:\Windows\SysWOW64\webio.dll
2015-02-21 19:17:09 D5D5BBF6AA45D820BAA0BD1303B8AAF6 81560 ----a-w- C:\Windows\SysWOW64\mscories.dll
2015-02-21 19:17:09 A139A5E6B34F136405B030EA04595A20 156824 ----a-w- C:\Windows\SysWOW64\mscorier.dll
2015-02-21 19:17:09 8580484193CE0A0788830FBAB97CF13B 1131664 ----a-w- C:\Windows\SysWOW64\dfshim.dll
2015-02-21 19:17:03 7B851A8018B1EA00A69707A390004884 103936 ----a-w- C:\Windows\SysWOW64\cryptnet.dll
2015-02-21 19:16:56 4F8CCD3E7D9F17A7C60FA0AE2466CACF 381440 ----a-w- C:\Windows\SysWOW64\wer.dll
2015-02-21 19:16:54 E7B9D5FF20FFDD4AAE2EF1D1B8C27A37 159232 ----a-w- C:\Windows\SysWOW64\imagehlp.dll
2015-02-21 19:16:23 FE48346938C1CDDDF4E4097DB9B99764 52224 ----a-w- C:\Windows\SysWOW64\nlaapi.dll
2015-02-21 19:16:23 92940397DFFB4D237EA5BB22FF912BDC 156672 ----a-w- C:\Windows\SysWOW64\ncsi.dll
2015-02-21 19:16:21 E227B810296AA27E6C69307A7B6456E5 1389056 ----a-w- C:\Windows\SysWOW64\msxml6.dll
2015-02-21 19:16:21 2E673E776136354ECFB57BFD62E7EC3D 2048 ----a-w- C:\Windows\SysWOW64\msxml6r.dll
2015-02-21 19:16:19 793F6658ED65839FDB2957A4884CB63C 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-21 19:16:08 C6A991D7DF17EBD8DE4739CD1F283133 646144 ----a-w- C:\Windows\SysWOW64\osk.exe
2015-02-21 19:16:02 5C6B44F9CAAC475B7B9EBBC29CB7F065 295424 ----a-w- C:\Windows\SysWOW64\atmfd.dll
2015-02-21 19:16:01 CC23295DA8F7B5C53F93804D2F5D30EB 25600 ----a-w- C:\Windows\SysWOW64\lpk.dll
2015-02-21 19:16:01 8CC4638FA7B5B921B9080CF962582C0B 70656 ----a-w- C:\Windows\SysWOW64\fontsub.dll
2015-02-21 19:16:01 7D27E63B54DB093BB0D9E95F81094D75 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll
2015-02-21 19:16:01 2342EC9254F4C60CA98441BD65C89E12 10240 ----a-w- C:\Windows\SysWOW64\dciman32.dll
2015-02-21 19:15:59 DC6612A9EE015A36BA2A27BC9CC12537 1137664 ----a-w- C:\Windows\SysWOW64\mfc42.dll
2015-02-21 19:15:59 24CAEDCD73B5B0E22226283B7B2468C7 1164288 ----a-w- C:\Windows\SysWOW64\mfc42u.dll
2015-02-21 19:15:52 F2A743912D404A8866362836CFE7A648 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll
2015-02-21 19:15:51 F312300F29620F74E3AF3AF018151935 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2015-02-21 19:15:51 F29BC66CE4A5507A49FB20744A056E61 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2015-02-21 19:15:51 4E6934926B4C923CC0FF61C6D77814EF 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe
2015-02-21 19:15:51 43791D2F736C4E9BE9FE0B33A1E92A5D 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll
2015-02-21 19:15:51 36F152AE2F64B12771A44EA77124332B 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll
2015-02-21 19:15:41 537184E7306E06BB22C5B93D2AFA4DF8 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll
2015-02-21 19:15:41 09FA271EE1F9AD68B2D1C1C210F4B71F 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll
2015-02-21 19:15:40 492FF9C530EC0352B3C904CE9898269D 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll
2015-02-21 19:15:39 0805487A6036A9F9C4E7AF7FEF835529 1620992 ----a-w- C:\Windows\SysWOW64\WMVDECOD.DLL
2015-02-21 19:14:35 310F6F492A3B4B1020ED9BF9CCBBE6B6 376832 ----a-w- C:\Windows\SysWOW64\dpnet.dll
2015-02-21 19:14:31 43CD23B65CBF04D6F8ACA984B0EF93FE 1805824 ----a-w- C:\Windows\SysWOW64\authui.dll
2015-02-21 19:14:30 9DA1CCDBBF8136AC2383C2624CA8CD14 337408 ----a-w- C:\Windows\SysWOW64\msihnd.dll
2015-02-21 18:42:14 995B39A08421C7725D1DF8DACEBBFC89 538112 ----a-w- C:\Windows\SysWOW64\objsel.dll
2015-02-21 18:42:14 461B713DE7F353C6447B744F1A049930 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
2015-02-21 18:42:13 FBC78B5D12A4F5A62D9C91E0E0E46D46 49664 ----a-w- C:\Windows\SysWOW64\adprovider.dll
2015-02-21 18:42:13 834A859BB331B0B2CCAE25BB1986F80D 47616 ----a-w- C:\Windows\SysWOW64\dpapiprovider.dll
2015-02-21 18:42:13 62C0798CC68EBF42F29C92E6CD6DC3D6 36864 ----a-w- C:\Windows\SysWOW64\dimsroam.dll
2015-02-21 18:42:13 38A30B8E4216BE24D30F766EF3BAC2C7 48128 ----a-w- C:\Windows\SysWOW64\capiprovider.dll
2015-02-21 18:42:13 335FA669FC952BC4888CEDBDB42607E2 51200 ----a-w- C:\Windows\SysWOW64\cngprovider.dll
2015-02-21 18:42:12 5E11C55CC4D9330E55CCB22B1F20BB33 35328 ----a-w- C:\Windows\SysWOW64\wincredprovider.dll
2015-02-21 18:41:40 5FDBDEECA34E73325D87C5ACD16A3EEC 701440 ----a-w- C:\Windows\SysWOW64\IMJP10K.DLL
2015-02-21 18:41:37 14800BD31701A5047AC3145BB1E698AE 3419136 ----a-w- C:\Windows\SysWOW64\d2d1.dll
2015-02-21 18:41:34 68DCA1777D7224A79A9DC3D47BED6D32 75776 ----a-w- C:\Windows\SysWOW64\psisrndr.ax
2015-02-21 18:41:34 00ADF21DE55AA97297FAC65E4F3A0256 465408 ----a-w- C:\Windows\SysWOW64\psisdecd.dll
2015-02-21 18:41:28 72910F1DEB838E6E08A9017BFB7D4F0B 41984 ----a-w- C:\Windows\SysWOW64\browcli.dll
2015-02-21 18:41:28 2FCA0D2C59A855C54BAFA22AA329DF0F 57344 ----a-w- C:\Windows\SysWOW64\netap