CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\Setup_wm.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Google\Chrome\Application\chrome.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpsideshowgadget.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Sidebar <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpnetwk.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\More Games\MoreGames.dll <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows NT\Accessories\wordpad.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\FreeCell\freecell.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmprph.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Solitaire\solitaire.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpconfig.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpnscfg.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Hearts\hearts.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Minesweeper\minesweeper.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Chess\chess.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmlaunch.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpnscfg.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Defender <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\SpiderSolitaire\spidersolitaire.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Internet Explorer <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpshare.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpenc.exe <====== ATTENTION
ShortcutTarget: Clash of Clans.lnk -> C:\ProgramData\{a8a5e82a-2384-b140-a8a5-5e82a238a0a8}\Clash of Clans.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2276093219-456965671-1327668654-1004\User: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKU\S-1-5-21-2276093219-456965671-1327668654-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKU\S-1-5-21-2276093219-456965671-1327668654-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
Toolbar: HKU\S-1-5-21-2276093219-456965671-1327668654-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Hosts: 54.225.95.126 alnbbbmmheedjelgjiljibhlicildiae
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-07-15 16:24 - 2015-07-15 16:24 - 00000000 ____D C:\Users\User\AppData\Roaming\AVG2015
2015-07-15 16:24 - 2015-07-15 16:24 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-15 16:23 - 2015-07-15 16:23 - 00000935 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-07-15 16:23 - 2015-07-15 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-15 16:21 - 2015-07-15 16:24 - 00000000 ____D C:\ProgramData\AVG2015
2015-07-15 16:21 - 2015-07-15 16:21 - 00000000 ___HD C:\$AVG
2015-07-15 16:17 - 2015-07-15 16:17 - 05021528 _____ (AVG Technologies) C:\Users\User\Downloads\avg_free_stb_all_6086p1_177.exe
2015-07-15 16:39 - 2014-10-17 21:03 - 00000000 ____D C:\Users\User\AppData\Local\Avg2015
2015-07-15 16:20 - 2014-09-20 15:41 - 00000000 ____D C:\Program Files\AVG
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\User\AppData\Local\Temp\310\temp\6912981914866206677b.exe No File
Task: {38CA1FCC-0AC7-40C1-8DC6-355BE60B1E56} - System32\Tasks\Bidaily Synchronize Task => C:\ProgramData\{0ed61fee-fd99-b10e-0ed6-61feefd97fbb}\Clash of Clans.exe <==== ATTENTION
C:\ProgramData\{0ed61fee-fd99-b10e-0ed6-61feefd97fbb}
Task: {ABA79391-E23F-43A3-9B4A-59CB002C5331} - System32\Tasks\ReactorAppend => c:\programdata\{843ad804-ee2d-9cfb-843a-ad804ee26013}\6912981914866206677b.exe <==== ATTENTION
c:\programdata\{843ad804-ee2d-9cfb-843a-ad804ee26013}
Task: C:\Windows\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{0ed61fee-fd99-b10e-0ed6-61feefd97fbb}\Clash of Clans.exe <==== ATTENTION
Task: C:\Windows\Tasks\ReactorAppend.job => c:\programdata\{843ad804-ee2d-9cfb-843a-ad804ee26013}\6912981914866206677b.exe <==== ATTENTION
2015-07-15 21:42 - 2015-06-04 15:42 - 00000352 _____ C:\Windows\Tasks\ReactorAppend.job
FirewallRules: [{07142C0E-BBE2-4AA9-B240-0C09260DE057}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{41647469-6336-4E7D-BF4B-B38348EB6B47}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{3C83732F-B853-4CA3-975C-9E9C43BF930C}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{10FF07BF-35E7-4A1E-8949-7ADF0E26C329}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{02E867DB-130F-437B-99E4-90A9754FB239}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{80802F30-C554-4FC5-9A72-461624BF2761}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E819292B-A2DD-4F61-B41B-02276EACB033}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{4A0BE214-6167-4CD4-A641-5599EC57AB1B}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp: