HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6BCC5539-643F-485D-94A5-C6C89F48B37D} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO-x32: Toolbar BHO -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> C:\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll No File
BHO-x32: IEExtension.VDownloaderBHO -> {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-774167087-3708585068-1396899783-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-774167087-3708585068-1396899783-1000 -> No Name - {0734D757-FEA6-4637-A7E4-2BD40A7FD8DA} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin HKU\S-1-5-21-774167087-3708585068-1396899783-1000: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll No File
FF HKLM\...\Firefox\Extensions: [support@vdownloader.com] - C:\Program Files\VDownloader\Addons\FireFox
CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx []
C:\Users\Gisele\AppData\Roaming\WiseUpdate
C:\Users\Gisele\Desktop\BearShare.lnk
C:\Users\Gisele\Downloads\VDownloaderSetup.exe
C:\Users\Gisele\Downloads\VDownloaderIC.exe
C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader
C:\Windows\Tasks\Update Service YourFileDownloader.job
C:\Program Files\VDownloader
C:\Users\Gisele\AppData\Local\BearShare
Task: C:\Windows\Tasks\SH.job => C:\Users\Gisele\AppData\Roaming\SH.exe <==== ATTENTION
Task: C:\Windows\Tasks\Update Service YourFileDownloader.job => C:\Program Files (x86)\YourFileDownloaderUpdater\YourFileDownloaderUpdater.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZOJPJJ.job => C:\Users\Gisele\AppData\Roaming\ZOJPJJ.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
C:\Users\Gisele\AppData\Roaming\ZOJPJJ.exe
C:\Users\Gisele\AppData\Roaming\SH.exe
C:\Program Files (x86)\YourFileDownloaderUpdater
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
EmptyTemp: