CloseProcesses:
CreateRestorePoint:
C:\Program Files\groover250820151255
C:\Program Files\Konklight
C:\Windows\msqy.exe
C:\ProgramData\Saophase
C:\Windows\sqy.exe
C:\Users\Stevan\AppData\Local\Citytech.exe
C:\ProgramData\Ufhnaeskuek
HKLM\...\Run: [groover250820151255] => C:\Program Files\groover250820151255\Ijateo.exe [429224 2015-08-25] ()
HKLM\...\Run: [groover25082015125564] => C:\Program Files\groover250820151255\Ijateo64.exe [460456 2015-08-25] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_us_005010074] => [X]
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\Run: [Bubble Dock] => "C:\Users\Stevan\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
C:\Users\Stevan\AppData\Roaming\Nosibay
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\Run: [GoogleChromeAutoLaunch_371A0487FC476B04C111CD7F9EF56B46] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
AppInit_DLLs: C:\ProgramData\Saophase\K-eco.dll => C:\ProgramData\Saophase\K-eco.dll [212992 2015-08-30] ()
AppInit_DLLs-x32: C:\ProgramData\Saophase\Tipstrong.dll => C:\ProgramData\Saophase\Tipstrong.dll [194560 2015-08-30] ()
Startup: C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk [2014-05-25]
Startup: C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk [2014-05-25]
ShortcutTarget: StormAlerts.lnk -> C:\Users\DanaZ\AppData\Local\StormAlerts\StormAlertsApp.exe ()
Startup: C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-08-28]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
GroupPolicyUsers\S-1-5-21-3094508777-2562355391-1898814638-1004\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3094508777-2562355391-1898814638-1001\User: Restriction detected <======= ATTENTION
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
C:\WINDOWS\system32\Kufnemgawj64.dll
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
earchScopes: HKLM-x32 -> {EE51F551-5AD2-49F8-9E69-EB809495726A} URL = hxxp://www.globasearch.com/?serie=209&installkey=As4G5dDDQXkL6om6EwXe&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3094508777-2562355391-1898814638-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=b61f3012c03066e79077d587555400fc&text=
SearchScopes: HKU\S-1-5-21-3094508777-2562355391-1898814638-1004 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
BHO: groover250820151255 -> {B02524C5-EF2E-45ED-801E-33E9AB705B45} -> C:\Program Files\groover250820151255\Sysvovva64.dll [2015-08-25] ()
BHO-x32: groover250820151255 -> {B02524C5-EF2E-45ED-801E-33E9AB705B45} -> C:\Program Files\groover250820151255\Sysvovva.dll [2015-08-25] ()
DefaultPrefix-x32: => http://yamdex.net/?s...7555400fc&text=<==== ATTENTION
FF NewTab: C:\\ProgramData\\Saophases\\ff.NT
FF Homepage: C:\\ProgramData\\Saophases\\ff.HP
FF user.js: detected! => C:\Users\Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\lq5d9h76.default-1440832493828\user.js [2015-08-30]
FF HKLM\...\Firefox\Extensions: [{B02524C5-EF2E-45ED-801E-33E9AB705B45}] - C:\Program Files\groover250820151255\Firefox
FF Extension: groover250820151255 - C:\Program Files\groover250820151255\Firefox [2015-08-29]
FF HKLM-x32\...\Firefox\Extensions: [{B02524C5-EF2E-45ED-801E-33E9AB705B45}] - C:\Program Files\groover250820151255\Firefox
CHR Extension: (No Name) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-08-28]
R3 032E4D9E-99D1-47E4-8608-82244BD88146; C:\Program Files\groover250820151255\Exuinke.exe [281256 2015-08-25] ()
R3 csrcc; C:\Program Files\groover250820151255\csrcc.exe [1444520 2015-08-25] ()
R2 DaljiaEkuivu; C:\Program Files\groover250820151255\TocbYsebre.exe [171856 2015-08-25] ()
R2 groover250820151255 Updater; C:\Program Files\groover250820151255\Ekoij.exe [171176 2015-08-25] ()
R2 iosnload; C:\Users\Stevan\AppData\Local\Citytech.exe [52736 2015-08-30] () [File not signed]
R2 Konklight; C:\Program Files\Konklight\Konklight.exe [379904 2015-08-27] () [File not signed]
R3 Kufnemgawj; C:\Program Files\groover250820151255\Kufnemgawj.exe [2044240 2015-08-25] ()
R2 msqy; c:\windows\msqy.exe [408576 2015-08-28] () [File not signed]
R2 Saophase; C:\ProgramData\Saophase\Saophase.exe [33792 2015-08-27] () [File not signed]
R2 sqy; c:\windows\sqy.exe [417792 2015-08-28] () [File not signed]
S1 ppfd_vw_1_10_0_21; system32\drivers\ppfd_vw_1_10_0_21.sys [X]
S1 wsafd_1_10_0_19; system32\drivers\wsafd_1_10_0_19.sys [X]
2015-08-30 15:22 - 2015-08-30 15:22 - 00000000 ____D C:\ProgramData\Saophases
2015-08-30 15:21 - 2015-08-30 21:28 - 00000000 ____D C:\ProgramData\Saophase
2015-08-30 15:19 - 2015-08-30 15:19 - 04241742 _____ (Bycatch) C:\Program Files\Common Files\vzhlectj.exe
2015-08-30 15:04 - 2015-08-30 15:04 - 00003156 _____ C:\WINDOWS\System32\Tasks\pn4le0nv
2015-08-30 15:03 - 2015-08-30 15:03 - 00000000 ____D C:\Program Files\Common Files\zmn5cqnr
2015-08-30 13:53 - 2015-08-30 14:53 - 00000000 ____D C:\Program Files\Konklight
2015-08-30 13:52 - 2015-08-30 13:42 - 00052736 _____ C:\Users\Stevan\AppData\Local\Citytech.exe
2015-08-29 23:02 - 2015-08-29 23:11 - 00000000 ____D C:\ProgramData\Ebonmedia
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56736 2015-08-20] (Windows ® Win 7 DDK provider)
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2015-08-29] ()
2015-08-29 15:54 - 2015-08-29 15:54 - 00034720 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2015-08-29 15:52 - 2015-08-30 21:25 - 00004744 _____ C:\WINDOWS\SysWOW64\Kufnemgawj.ini
2015-08-29 15:52 - 2015-08-30 21:25 - 00002456 _____ C:\WINDOWS\SysWOW64\KufnemgawjOff.ini
2015-08-29 15:52 - 2015-08-30 21:25 - 00002456 _____ C:\WINDOWS\system32\KufnemgawjOff.ini
2015-08-29 15:52 - 2015-08-25 04:57 - 00353616 _____ C:\WINDOWS\system32\Kufnemgawj64.dll
2015-08-29 15:52 - 2015-08-25 04:57 - 00283472 _____ C:\WINDOWS\SysWOW64\Kufnemgawj.dll
2015-08-29 15:51 - 2015-08-29 15:51 - 00003644 _____ C:\WINDOWS\System32\Tasks\Radqyvm
2015-08-29 15:51 - 2015-08-29 15:51 - 00000000 ____D C:\WINDOWS\system32\abis
2015-08-29 15:49 - 2015-08-29 15:54 - 00000000 ____D C:\Program Files\groover250820151255
2015-08-29 15:49 - 2015-08-20 11:46 - 00056736 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys
2015-08-28 22:35 - 2015-08-30 22:35 - 00001078 _____ C:\WINDOWS\Tasks\Crossbrowse.job
2015-08-28 22:35 - 2015-08-28 22:35 - 00004082 _____ C:\WINDOWS\System32\Tasks\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\Stevan\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\Ryan Stevan\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\Guest\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\DanaZ\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\Branko\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-08-28 22:31 - 2015-08-29 00:43 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-28 22:30 - 2015-08-29 00:55 - 00000000 ____D C:\Program Files (x86)\CinePlus-1.44V28.08
2015-08-28 22:29 - 2015-08-30 13:28 - 00000000 ___HD C:\ProgramData\sqy
2015-08-28 22:26 - 2015-08-28 22:26 - 00631808 _____ C:\WINDOWS\sqy.dat
2015-08-28 22:25 - 2015-08-28 22:26 - 00408576 _____ C:\WINDOWS\msqy.exe
2015-08-28 22:25 - 2015-08-28 22:25 - 00417792 _____ C:\WINDOWS\sqy.exe
2015-08-28 22:25 - 2015-08-28 22:25 - 00000000 ____D C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
2015-08-28 22:25 - 2015-08-28 22:25 - 00000000 ____D C:\Program Files (x86)\GUPlayer
2015-08-28 21:20 - 2015-08-28 21:20 - 00003234 _____ C:\WINDOWS\System32\Tasks\PROPCCleanerSoftware_Start
2015-08-28 21:19 - 2015-08-28 21:19 - 00000000 ____D C:\Users\Stevan\AppData\Local\Rainmaker_Software_Group_
2015-08-28 21:15 - 2015-08-28 21:15 - 00000000 ____D C:\Users\Stevan\AppData\Local\IsolatedStorage
2015-08-28 21:14 - 2015-08-28 22:19 - 00000000 ____D C:\Users\Stevan\Documents\PROPCCleanerSoftware
2015-08-28 21:12 - 2015-08-28 21:12 - 00000000 ____D C:\Users\Stevan\AppData\Local\Setup242812
2015-08-28 18:22 - 2015-08-28 18:22 - 00000000 ____D C:\Program Files (x86)\Crossbrowse
2015-08-28 18:20 - 2015-08-28 18:20 - 00000000 ____D C:\Users\Stevan\Documents\DailyPCClean
2015-08-28 18:05 - 2015-08-29 01:00 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support
2015-08-28 17:58 - 2015-08-30 20:47 - 00000000 ____D C:\ProgramData\MSNetCore
2015-08-28 17:58 - 2015-08-28 17:58 - 00000000 ____D C:\ProgramData\Ufhnaeskuek
2015-08-28 17:56 - 2015-07-25 14:13 - 00000854 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-28 17:55 - 2015-08-28 17:55 - 00002030 _____ C:\Users\Guest\Desktop\Real Desktop Pool.lnk
2015-08-28 17:55 - 2015-08-28 17:55 - 00002030 _____ C:\Users\DanaZ\Desktop\Real Desktop Pool.lnk
2015-08-28 17:55 - 2015-08-28 17:55 - 00002030 _____ C:\Users\Branko\Desktop\Real Desktop Pool.lnk
2015-08-28 17:55 - 2015-08-28 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Desktop Pool
2015-08-28 17:54 - 2015-08-29 22:24 - 00000000 ____D C:\Program Files (x86)\9088868A-1440802479-E111-A182-00266C2D634D
2015-08-28 17:52 - 2015-08-28 22:18 - 00000000 ____D C:\Users\Stevan\Documents\ProPCCleaner
2015-08-28 17:52 - 2015-08-28 17:52 - 00003200 _____ C:\WINDOWS\System32\Tasks\ProPCCleaner_Start
2015-08-28 17:52 - 2015-08-28 17:52 - 00000000 ____D C:\Users\Stevan\AppData\Local\Pro_PC_Cleaner
2015-08-30 15:19 - 2015-08-30 15:19 - 4241742 _____ (Bycatch) C:\Program Files\Common Files\vzhlectj.exe
2015-08-30 13:52 - 2015-08-30 13:42 - 0052736 _____ () C:\Users\Stevan\AppData\Local\Citytech.exe
2015-08-30 13:52 - 2015-08-30 13:42 - 0000187 _____ () C:\Users\Stevan\AppData\Local\Citytech.exe.config
Task: {06A7A42B-BF09-446F-A415-A22844688A81} - System32\Tasks\{7D801F0F-ECB4-4A66-A79D-7951B37DFE50} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {10890A8C-DDA7-4780-972D-0E464D30735E} - System32\Tasks\{A933A2FA-82F8-435E-A170-EFA1A7D021F1} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {1453710B-D6F4-4B64-957E-D9CD74F707BE} - System32\Tasks\{B7A60EE3-C2D9-477D-99C0-AB8CF1F8712E} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {190FF3A5-9FF4-4C18-A0E1-D446176E157F} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-08-28] () <==== ATTENTION
Task: {1E1BA39F-6C27-4432-B1CF-FDC661337B86} - \Ufhnaeskuek -> No File <==== ATTENTION
Task: {29863619-2D27-4729-B1F8-0B97055061A7} - System32\Tasks\{177B11F1-600B-4488-82A3-E6E65AF27102} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {2DF546B0-7F16-4D15-A6DA-45CC868166BE} - System32\Tasks\_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {2EE866EC-8758-44B9-9494-1C06C41B0324} - System32\Tasks\_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {44E530AF-1A6A-4F8B-9F0D-F7FD5FE22D2B} - System32\Tasks\{F9C615D6-0839-45B2-A9E4-9BE2C0762775} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {4E23FAC7-4304-43C0-8A4E-6349C755ADE9} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {5DE9BCCF-817C-4D42-9324-7A77A5C273A0} - \RegClean Pro_DEFAULT -> No File <==== ATTENTION
Task: {6CA8EF9A-AA05-403A-AD73-2247B967BF94} - System32\Tasks\{6A2C056C-BE5D-4732-A9F0-F872F4EF6785} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {7559B2D3-36D2-4406-8722-B839D85A5AE5} - System32\Tasks\{1C7A89C0-E10D-4D0E-8F45-FF021F113A51} => pcalua.exe -a D:\start_ca.exe -d D:\
Task: {802E23C6-B296-4818-A9BD-45B4332A07CD} - \Advanced System~Protector -> No File <==== ATTENTION
Task: {88F51287-7CDD-4411-9319-3C50046D1C6C} - System32\Tasks\PROPCCleanerSoftware_Start => C:\Program Files (x86)\PRO PC Cleaner Software\PROPCCleanerSoftware.exe <==== ATTENTION
Task: {98104618-F0D0-4731-A6D3-57D39853342C} - System32\Tasks\Update Mozilla Firefox => C:\Program Files\Konklight\packages\4d476283-cc5e-4596-965d-35d07905e087\zathplus.exe [2015-08-30] ()
Task: {9DF0FC7E-428E-4481-9F1D-202E6BF8B4F4} - System32\Tasks\pn4le0nv => C:\Program Files\Common Files\zmn5cqnr\dd5fbc1fjiaiz.exe [2015-08-18] ()
C:\Program Files\Common Files\zmn5cqnr
Task: {B9398A4A-E963-42EA-B061-C74F2BFB8654} - System32\Tasks\{98B64D1D-0D56-468C-B8C2-D287ED658A34} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {C3827B87-74BB-49D5-9886-5759C8ED7BF8} - \RegClean Pro -> No File <==== ATTENTION
Task: {C68ECD44-2082-4A97-904A-E971AAEAE619} - System32\Tasks\{53C3728E-69FB-402B-87C7-F01A8960CB68} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {C852877A-C27B-4F95-B288-846E2936F609} - System32\Tasks\Radqyvm => C:\Program Files\groover250820151255\Janmo.bat [2015-08-25] ()
Task: {D34C2561-B185-4931-8893-D739F43C523B} - \EbonmediaUpdater -> No File <==== ATTENTION
Task: {E49DFC95-33C7-43D5-A5C8-462CEEC517D1} - System32\Tasks\PaintTool SAI => C:\Users\Stevan\AppData\Local\Temp\is-EC15A.tmp\prsetup.exe <==== ATTENTION
Task: {F0AF2BA8-0AAD-4E0B-8DB7-A57C328C0010} - \Advanced System~Protector_startup -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
2015-08-29 15:52 - 2015-08-25 04:57 - 00353616 _____ () C:\WINDOWS\system32\Kufnemgawj64.dll
2015-08-25 04:57 - 2015-08-25 04:57 - 00171856 _____ () C:\Program Files\groover250820151255\TocbYsebre.exe
2015-08-29 15:50 - 2015-08-25 13:00 - 00171176 _____ () C:\Program Files\groover250820151255\Ekoij.exe
2015-08-27 03:22 - 2015-08-27 03:22 - 00379904 _____ () C:\Program Files\Konklight\Konklight.exe
2015-08-28 22:25 - 2015-08-28 22:26 - 00408576 _____ () c:\windows\msqy.exe
2015-08-27 03:20 - 2015-08-27 03:20 - 00033792 _____ () C:\ProgramData\Saophase\Saophase.exe
2015-08-28 22:25 - 2015-08-28 22:25 - 00417792 _____ () c:\windows\sqy.exe
2015-08-25 04:57 - 2015-08-25 04:57 - 02044240 _____ () C:\Program Files\groover250820151255\Kufnemgawj.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 00293544 _____ () C:\Program Files\groover250820151255\Mooxl64.DLL
2015-08-29 15:49 - 2015-08-25 13:00 - 00429224 _____ () C:\Program Files\groover250820151255\Ijateo.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 00460456 _____ () C:\Program Files\groover250820151255\Ijateo64.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 00281256 _____ () C:\Program Files\groover250820151255\Exuinke.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 01444520 _____ () C:\Program Files\groover250820151255\csrcc.exe
2015-08-30 13:52 - 2015-08-30 13:42 - 00052736 _____ () C:\Users\Stevan\AppData\Local\Citytech.exe
2015-08-28 17:58 - 2015-08-28 17:58 - 00157696 _____ () C:\ProgramData\Ufhnaeskuek\1.0.4.1\idepaase.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 00287400 _____ () C:\Program Files\groover250820151255\Mooxl.DLL
2015-08-30 15:22 - 2015-08-30 15:22 - 00194560 _____ () C:\ProgramData\Saophase\Tipstrong.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Kufnemgawj => ""="service"
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\StartupApproved\StartupFolder: => "crossbrowse.lnk"
2015-08-28 18:22 - 2013-10-31 16:28 - 00002071 ____R C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
2015-08-28 18:21 - 2014-04-09 20:11 - 00001986 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2015-08-28 18:18 - 2014-04-09 20:11 - 00001974 ____R C:\Users\Public\Desktop\Моzillа Firеfох.lnk
FirewallRules: [{2A3E90B2-7FE8-4CC1-861C-1565F133C626}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶楜敮灴屣湩瑥捰攮數
FirewallRules: [{4F664E03-1090-4C43-9572-3AEB861E80E2}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶楜敮灴屣敲瑳湩灴⹣硥e
FirewallRules: [{532C276B-C85D-41F6-8C7F-CCC625B4221F}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll 
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset