PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\background.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\manifest.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\images\drive-sync16.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\images\drive-sync256.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\images\drive-sync64.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\_metadata\computed_hashes.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\_metadata\verified_contents.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.7_0\background.html, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.7_0\manifest.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.7_0\settings.html, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.7_0\css\content.min.css, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.7_0\css\normalize.css, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.7_0\css\reader.min.css, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.7_0\css\settings.min.css, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.7_0\images\icon.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.7_0\images\icon_active.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.7_0\images\icon_default.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.7_0\images\icon_serial.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.7_0\images\icon_serial_grey.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.7_0\js\background.min.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.7_0\js\main.min.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.7_0\_locales\en-US\messages.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\makkfjljgghpdlhglacpbclabaennjeg\1.1.7_0\_locales\zh_CN\messages.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\manifest.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\wow_background.html, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\wow_browser_action.html, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\wow_content_frame.html, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\wow_page_action.html, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\7z.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\AchieveLib.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\ADBUtil.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\AdbWinApi.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\AdbWinUsbApi.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\conx64.exe, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\conx86.exe, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\DeviceHelper.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\DriverInstallerX64.exe, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\DriverInstallerX86.exe, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\monconfig.xml, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\monconfigapi.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\msvcp120.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\msvcr120.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\PPAdbServer.exe, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\pplog.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\setup.dat, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\trp2p.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\ucppahelper.exe, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\bin\PPHelper\ucppahelper.tra, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\images\wow_bubble_close.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\images\wow_connected.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\images\wow_kuaping_favicon_128.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\images\wow_kuaping_favicon_16.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\images\wow_kuaping_favicon_48.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\images\wow_kuaping_favicon_72.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\images\wow_mobile_helper_missing.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\images\wow_no_qrcode.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\images\wow_qr.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\images\wow_qrcode_icon.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\images\wow_qrcode_icon1.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\images\wow_send_result.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\scripts\md5-min.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\scripts\nut.ajax.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\scripts\nut.core.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\scripts\wow_background.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\scripts\wow_browser_action.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\scripts\wow_common.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\scripts\wow_content_frame.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\scripts\wow_page_action.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\scripts\wow_qrcode.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\styles\wow_browser_action.css, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\styles\wow_page_action.css, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\_locales\en\messages.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe\3.0.3_0\_locales\zh\messages.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\manifest.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\bg\bundle.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\price-recommend.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\DANMAKU.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\DANMAKU_WEBGL.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\flash-record.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\i18n-ebusiness-amazon.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\image-gallery-auto.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\image-gallery-force.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\image-gallery.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\injection-test.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\pageVisibility.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\retailer-auto-complete.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\retailer-install-QN.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\retailer-window.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\retailerMode.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\seller-assist.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\StringMeasure.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\video-download-youtube.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\video-download.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\injection\video-toolbar.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\lib\co.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\lib\Flip-fps.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\lib\flip.min.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\lib\flip_gl.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\lib\FPSMeter.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\lib\regenerator-runtime.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\lib\uglify.min.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\options\index.html, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\options\index.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\options\src\jasmine-core\boot.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\options\src\jasmine-core\core.py, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\options\src\jasmine-core\jasmine-html.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\options\src\jasmine-core\jasmine.css, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\options\src\jasmine-core\jasmine.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\pages\i18n-video-toolbar\index.css, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\pages\i18n-video-toolbar\index.html, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\pages\i18n-video-toolbar\img\adblock.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\pages\i18n-video-toolbar\img\cloud.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\pages\i18n-video-toolbar\img\down-arrow.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\pages\i18n-video-toolbar\img\get.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\pages\i18n-video-toolbar\img\main.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\pages\i18n-video-toolbar\img\mouse.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\pages\i18n-video-toolbar\img\one-click.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\pages\i18n-video-toolbar\img\toolbar-dark.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\pages\i18n-video-toolbar\img\toolbar.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\pages\i18n-video-toolbar\img\video-small.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\pages\i18n-video-toolbar\img\video.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\pages\i18n-video-toolbar\img\youtube.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\pages\i18n-video-toolbar\js\flip.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\pages\i18n-video-toolbar\js\index.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\pages\i18n-video-toolbar\js\statistic.js, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\font_9qmmi8b8jsxxbt9.ttf, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\font_9qmmi8b8jsxxbt9.woff, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\font_kcuuxxyze2hjjor.woff, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\wow_recorder_show_recording_btn.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\wow_recorder_start_recording_hover.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\wow_recorder_start_recording_normal.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\wow_recorder_stop_recording_hover.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\wow_recorder_stop_recording_normal.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\i18n-ebusiness-amazon\Britannic.ttf, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\i18n-ebusiness-amazon\cancel.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\i18n-ebusiness-amazon\card.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\i18n-ebusiness-amazon\close.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\i18n-ebusiness-amazon\fail-head.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\i18n-ebusiness-amazon\gift-box.gif, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\i18n-ebusiness-amazon\head.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\i18n-ebusiness-amazon\logo.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\i18n-ebusiness-amazon\voucher.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\res\i18n-ebusiness-amazon\win-head.png, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\style\i18n-ebusiness-amazon.css, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\style\price-recommend.css, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\style\retailer-window.css, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\style\retailerMode-icon.css, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\style\seller-assist-temp.css, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\style\video-download.css, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\util\sandbox.html, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\_locales\en\messages.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\_locales\es\messages.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\_locales\id\messages.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\_locales\pt_BR\messages.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\_locales\ru\messages.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\_locales\ru_RU\messages.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\_locales\zh_CN\messages.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.2_0\_locales\zh_TW\messages.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\GPUCache\data_0, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\GPUCache\data_1, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\GPUCache\data_2, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\GPUCache\data_3, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\Default\GPUCache\index, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\ShaderCache\GPUCache\data_0, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\ShaderCache\GPUCache\data_1, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\ShaderCache\GPUCache\data_2, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\ShaderCache\GPUCache\data_3, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\ShaderCache\GPUCache\index, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\acAuth.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\AegisI5.exe, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\d3dcompiler_47.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\HWID.ini, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\ICSDHCP.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\icudtl.dat, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\IpLib.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\libeay32.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\libEGL.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\libGLESv2.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\manifest.fingerprint, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\manifest.json, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\RaAPAPI.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\RtlIhvOid.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\RtlLib.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\RtlLib_xp.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\UCWiFi.exe, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\ucwifi_compat.dll, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\UCWiFi\resources.pak, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\UCWiFi\Locales\en-US.pak, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.UCBrowser, C:\Users\koryt_000\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\UCWiFi\Locales\zh-CN.pak, , [976f717ed7d17abc7f6c265d3ec3ca36],
PUP.Optional.Linkury.ACMB1, C:\Users\Romca\AppData\Roaming\Mozilla\Firefox\Profiles\xcprca21.default\prefs.js, Dobré: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Špatné: (user_pref("browser.startup.homepage", "C:\ProgramData\Hotfreshs\ff.HP), ,[d6306f80c8e0e25428c4fddf37cb22de]
PUP.Optional.Linkury.ACMB1, C:\Users\Romca\AppData\Roaming\Mozilla\Firefox\Profiles\xcprca21.default\prefs.js, Dobré: (), Špatné: (user_pref("browser.newtab.url", "C:\ProgramData\Hotfreshs\ff.NT");), ,[e52148a71395b48252997795fb08ee12]
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Vyskakující okna IE Vyřešeno
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Vyskakující okna IE
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Scan“, po prohledání klikni na „ Clean“
Program provede opravu, po automatickém restartu klikni na „Log Manager“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html
Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků
klikni na „Scan“, po prohledání klikni na „ Clean“
Program provede opravu, po automatickém restartu klikni na „Log Manager“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html
Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Vyskakující okna IE
Poslední chybějící
RogueKiller V12.10.3.0 (x64) [Apr 3 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 10 (10.0.10586) 64 bits version
Spuštěno : Normální režim
Uživatel : koryt_000 [Práva správce]
Started from : C:\Users\koryt_000\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 04/09/2017 13:53:27 (Duration : 00:51:41)
¤¤¤ Procesy : 3 ¤¤¤
[PUP.OnlineIO|PUP.Gen0|VT.TR/Trash.Gen] OnlineGuardian-v2.exe(3800) -- C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe[-] -> Zastaveno [TermProc]
[PUP.OnlineIO|PUP.Gen0|VT.TR/Trash.Gen] OnlineGuardian-v2.exe(3796) -- C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe[-] -> Zastaveno [TermProc]
[PUP.OnlineIO|PUP.Gen0|VT.TR/Trash.Gen] OnlineGuardian-v2.exe(3860) -- C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe[-] -> Zastaveno [TermProc]
¤¤¤ Registry : 6 ¤¤¤
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\UCBrowser -> Smazáno
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\UCBrowserPID -> Smazáno
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1560035657-911311260-1851593216-1002\Software\UCBrowserPID -> Smazáno
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1560035657-911311260-1851593216-1002\Software\UCBrowserPID -> Smazáno
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj | (default) : {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} -> Smazáno
[VT.Trojan.VBS.TZJ] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | mncngdvSrv : C:\WINDOWS\inf\mncngdv.vbe [-] -> Smazáno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 1 ¤¤¤
[PUP.OnlineIO|PUP.Gen0][Složka] C:\Program Files (x86)\Microleaves -> Smazáno
[PUP.OnlineIO|PUP.Gen0][Soubor] C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe -> Smazáno
[PUP.OnlineIO|PUP.Gen0][Složka] C:\Program Files (x86)\Microleaves\Traffic Exchange -> Smazáno
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUP.Gen2][Firefox:Addon] j0o9z1im.default : Seznam li?ti?ka [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Smazáno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 59ad4b678f2a99323db1dfd807292081
[BSP] 1c12862f62961117fd352e6a8dfd4f2e : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1697792 | Size: 694993 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1425045504 | Size: 498 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1426065408 | Size: 19083 MB
User = LL1 ... OK
User = LL2 ... OK
RogueKiller V12.10.3.0 (x64) [Apr 3 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 10 (10.0.10586) 64 bits version
Spuštěno : Normální režim
Uživatel : koryt_000 [Práva správce]
Started from : C:\Users\koryt_000\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 04/09/2017 13:53:27 (Duration : 00:51:41)
¤¤¤ Procesy : 3 ¤¤¤
[PUP.OnlineIO|PUP.Gen0|VT.TR/Trash.Gen] OnlineGuardian-v2.exe(3800) -- C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe[-] -> Zastaveno [TermProc]
[PUP.OnlineIO|PUP.Gen0|VT.TR/Trash.Gen] OnlineGuardian-v2.exe(3796) -- C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe[-] -> Zastaveno [TermProc]
[PUP.OnlineIO|PUP.Gen0|VT.TR/Trash.Gen] OnlineGuardian-v2.exe(3860) -- C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe[-] -> Zastaveno [TermProc]
¤¤¤ Registry : 6 ¤¤¤
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\UCBrowser -> Smazáno
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\UCBrowserPID -> Smazáno
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1560035657-911311260-1851593216-1002\Software\UCBrowserPID -> Smazáno
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1560035657-911311260-1851593216-1002\Software\UCBrowserPID -> Smazáno
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj | (default) : {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} -> Smazáno
[VT.Trojan.VBS.TZJ] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | mncngdvSrv : C:\WINDOWS\inf\mncngdv.vbe [-] -> Smazáno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 1 ¤¤¤
[PUP.OnlineIO|PUP.Gen0][Složka] C:\Program Files (x86)\Microleaves -> Smazáno
[PUP.OnlineIO|PUP.Gen0][Soubor] C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe -> Smazáno
[PUP.OnlineIO|PUP.Gen0][Složka] C:\Program Files (x86)\Microleaves\Traffic Exchange -> Smazáno
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUP.Gen2][Firefox:Addon] j0o9z1im.default : Seznam li?ti?ka [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Smazáno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 59ad4b678f2a99323db1dfd807292081
[BSP] 1c12862f62961117fd352e6a8dfd4f2e : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1697792 | Size: 694993 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1425045504 | Size: 498 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1426065408 | Size: 19083 MB
User = LL1 ... OK
User = LL2 ... OK
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Vyskakující okna IE
Adwcleaner , JRT , Mbam - vše smazáno?
Sophos něco našel?
RK , nepsal jsem hned mazat..
Vypni antivir i firewall.
Stáhni
Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
klik nahoře vpravo na .rar-file
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.
Vlož nový log z HJT + informuj o problémech
Sophos něco našel?
RK , nepsal jsem hned mazat..
Vypni antivir i firewall.
Stáhni
Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
klik nahoře vpravo na .rar-file
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.
Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Vyskakující okna IE
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by koryt_000 on 10.04.2017 at 10:07:35,08.
Microsoft Windows 10 Home 10.0.10586 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\koryt_000\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
10.04.2017 10:11:13 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\Seznam.cz deleted successfully
C:\Program Files\Code Industry deleted successfully
C:\Users\koryt_000\AppData\Local\ActiveSync deleted successfully
C:\Users\koryt_000\AppData\Local\GHISLER deleted successfully
C:\Users\koryt_000\AppData\Local\NetworkTiles deleted successfully
C:\Users\koryt_000\AppData\Local\PDFCreator deleted successfully
C:\Users\Romca\AppData\Local\ActiveSync deleted successfully
C:\Users\Romca\AppData\Local\GHISLER deleted successfully
C:\Users\Romca\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\SharedWiFi deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\pdf_architect_4_conv@pdfarchitect.org deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\KORYT_~1\AppData\Roaming\Mozilla\Firefox\Profiles\j0o9z1im.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Added to C:\Users\KORYT_~1\AppData\Roaming\Mozilla\Firefox\Profiles\j0o9z1im.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\KORYT_~1\AppData\Roaming\Thunderbird\Profiles\gjvvgmxu.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Added to C:\Users\KORYT_~1\AppData\Roaming\Thunderbird\Profiles\gjvvgmxu.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Romca\AppData\Roaming\Mozilla\Firefox\Profiles\xcprca21.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/");
Added to C:\Users\Romca\AppData\Roaming\Mozilla\Firefox\Profiles\xcprca21.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Romca\AppData\Roaming\Thunderbird\Profiles\78b6k248.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Added to C:\Users\Romca\AppData\Roaming\Thunderbird\Profiles\78b6k248.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\KORYT_~1\AppData\Roaming\Mozilla\Firefox\Profiles\j0o9z1im.default
user.js not found
---- Lines pdf_architect_4_conv@pdfarchitect.org removed from prefs.js ----
user_pref("extensions.xpiState", "{\"app-profile\":{\"{ea614400-e918-4741-9a97-7a972ff7c30b}\":{\"d\":\"C:\\\\Users\\\\koryt_000\\\\AppData\\\\Roaming
---- FireFox user.js and prefs.js backups ----
prefs__1033_.backup
prefs__1602_.backup
prefs__1742_.backup
prefs__1749_.backup
ProfilePath: C:\Users\KORYT_~1\AppData\Roaming\Thunderbird\Profiles\gjvvgmxu.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1033_.backup
prefs__1602_.backup
prefs__1742_.backup
prefs__1749_.backup
ProfilePath: C:\Users\Romca\AppData\Roaming\Mozilla\Firefox\Profiles\xcprca21.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1033_.backup
prefs__1602_.backup
prefs__1742_.backup
prefs__1749_.backup
ProfilePath: C:\Users\Romca\AppData\Roaming\Thunderbird\Profiles\78b6k248.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1033_.backup
prefs__1602_.backup
prefs__1742_.backup
prefs__1749_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Seznam.cz not found
C:\PROGRA~3\Package Cache deleted
C:\Users\koryt_000\AppData\Local\Wondershare deleted
"C:\WINDOWS\Installer\24c13b11.msi" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\KORYT_~1\AppData\Roaming\Mozilla\Firefox\Profiles\j0o9z1im.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\KORYT_~1\AppData\Roaming\Thunderbird\Profiles\gjvvgmxu.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Romca\AppData\Roaming\Mozilla\Firefox\Profiles\xcprca21.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Romca\AppData\Roaming\Thunderbird\Profiles\78b6k248.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
ProfilePath: C:\Users\KORYT_~1\AppData\Roaming\Thunderbird\Profiles\gjvvgmxu.default
- Provider for Google Calendar - C:\Users\koryt_000\AppData\Roaming\Thunderbird\Profiles\gjvvgmxu.default\extensions\{a62ef8ec-5fdc-40c2-873c-223b8a6925cc}
- Lightning - C:\Users\koryt_000\AppData\Roaming\Thunderbird\Profiles\gjvvgmxu.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- esk slovnk pro kontrolu pravopisu - %ProfilePath%\extensions\cs@dictionaries.addons.mozilla.org
- Provider for Google Calendar - %ProfilePath%\extensions\{a62ef8ec-5fdc-40c2-873c-223b8a6925cc}
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- gContactSync - %ProfilePath%\extensions\gContactSync@pirules.net.xpi
- Google Tasks Sync - %ProfilePath%\extensions\google_tasks_sync@tomasz.lewoc.xpi
- Czech CZ Language Pack - %ProfilePath%\extensions\langpack-cs@thunderbird.mozilla.org.xpi
- ThunderKeep - %ProfilePath%\extensions\thunderkeep@jensheuschkel.de.xpi
ProfilePath: C:\Users\Romca\AppData\Roaming\Thunderbird\Profiles\78b6k248.default
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
==== Firefox Plugins ======================
==== Fake Chromium Profiles Check ======================
Fake profile C:\Users\Default\AppData\Local\Google\Chrome deleted
==== Chromium Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\KORYT_~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx[11.09.2016 08:17]
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
Google Drive App Launcher - koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Chrome Media Router - koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Solitaire - Romca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkelcbhdkpcdiiancfjhjcpdinbbfolp
Chrome Media Router - Romca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
==== Chromium Fix ======================
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Romca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Romca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0B0895E0-84C5-4347-B38E-4723121138BD}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04"
{0B0895E0-84C5-4347-B38E-4723121138BD} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAPBJS"
==== Reset Google Chrome ======================
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Preferences.bak was reset successfully
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bak was reset successfully
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferencesgbak was reset successfully
C:\Users\Romca\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Romca\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Web Datagbak was reset successfully
C:\Users\Romca\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Romca\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\koryt_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\koryt_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Romca\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Romca\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\koryt_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Romca\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Romca\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\koryt_000\AppData\Local\Microsoft\Windows\INetCache\IE\9RX7KMFW will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\koryt_000\AppData\Local\Mozilla\Firefox\Profiles\j0o9z1im.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Romca\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=30 folders=10 11630772 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\KORYT_~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\koryt_000\AppData\Local\Microsoft\Windows\INetCache\IE\9RX7KMFW" not found
==== EOF on 10.04.2017 at 10:40:56,96 ======================
Na antiviru pracuju.
Tool run by koryt_000 on 10.04.2017 at 10:07:35,08.
Microsoft Windows 10 Home 10.0.10586 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\koryt_000\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
10.04.2017 10:11:13 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\Seznam.cz deleted successfully
C:\Program Files\Code Industry deleted successfully
C:\Users\koryt_000\AppData\Local\ActiveSync deleted successfully
C:\Users\koryt_000\AppData\Local\GHISLER deleted successfully
C:\Users\koryt_000\AppData\Local\NetworkTiles deleted successfully
C:\Users\koryt_000\AppData\Local\PDFCreator deleted successfully
C:\Users\Romca\AppData\Local\ActiveSync deleted successfully
C:\Users\Romca\AppData\Local\GHISLER deleted successfully
C:\Users\Romca\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\SharedWiFi deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\pdf_architect_4_conv@pdfarchitect.org deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\KORYT_~1\AppData\Roaming\Mozilla\Firefox\Profiles\j0o9z1im.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Added to C:\Users\KORYT_~1\AppData\Roaming\Mozilla\Firefox\Profiles\j0o9z1im.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\KORYT_~1\AppData\Roaming\Thunderbird\Profiles\gjvvgmxu.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Added to C:\Users\KORYT_~1\AppData\Roaming\Thunderbird\Profiles\gjvvgmxu.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Romca\AppData\Roaming\Mozilla\Firefox\Profiles\xcprca21.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/");
Added to C:\Users\Romca\AppData\Roaming\Mozilla\Firefox\Profiles\xcprca21.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Romca\AppData\Roaming\Thunderbird\Profiles\78b6k248.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Added to C:\Users\Romca\AppData\Roaming\Thunderbird\Profiles\78b6k248.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\KORYT_~1\AppData\Roaming\Mozilla\Firefox\Profiles\j0o9z1im.default
user.js not found
---- Lines pdf_architect_4_conv@pdfarchitect.org removed from prefs.js ----
user_pref("extensions.xpiState", "{\"app-profile\":{\"{ea614400-e918-4741-9a97-7a972ff7c30b}\":{\"d\":\"C:\\\\Users\\\\koryt_000\\\\AppData\\\\Roaming
---- FireFox user.js and prefs.js backups ----
prefs__1033_.backup
prefs__1602_.backup
prefs__1742_.backup
prefs__1749_.backup
ProfilePath: C:\Users\KORYT_~1\AppData\Roaming\Thunderbird\Profiles\gjvvgmxu.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1033_.backup
prefs__1602_.backup
prefs__1742_.backup
prefs__1749_.backup
ProfilePath: C:\Users\Romca\AppData\Roaming\Mozilla\Firefox\Profiles\xcprca21.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1033_.backup
prefs__1602_.backup
prefs__1742_.backup
prefs__1749_.backup
ProfilePath: C:\Users\Romca\AppData\Roaming\Thunderbird\Profiles\78b6k248.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1033_.backup
prefs__1602_.backup
prefs__1742_.backup
prefs__1749_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Seznam.cz not found
C:\PROGRA~3\Package Cache deleted
C:\Users\koryt_000\AppData\Local\Wondershare deleted
"C:\WINDOWS\Installer\24c13b11.msi" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\KORYT_~1\AppData\Roaming\Mozilla\Firefox\Profiles\j0o9z1im.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\KORYT_~1\AppData\Roaming\Thunderbird\Profiles\gjvvgmxu.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Romca\AppData\Roaming\Mozilla\Firefox\Profiles\xcprca21.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Romca\AppData\Roaming\Thunderbird\Profiles\78b6k248.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
ProfilePath: C:\Users\KORYT_~1\AppData\Roaming\Thunderbird\Profiles\gjvvgmxu.default
- Provider for Google Calendar - C:\Users\koryt_000\AppData\Roaming\Thunderbird\Profiles\gjvvgmxu.default\extensions\{a62ef8ec-5fdc-40c2-873c-223b8a6925cc}
- Lightning - C:\Users\koryt_000\AppData\Roaming\Thunderbird\Profiles\gjvvgmxu.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- esk slovnk pro kontrolu pravopisu - %ProfilePath%\extensions\cs@dictionaries.addons.mozilla.org
- Provider for Google Calendar - %ProfilePath%\extensions\{a62ef8ec-5fdc-40c2-873c-223b8a6925cc}
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- gContactSync - %ProfilePath%\extensions\gContactSync@pirules.net.xpi
- Google Tasks Sync - %ProfilePath%\extensions\google_tasks_sync@tomasz.lewoc.xpi
- Czech CZ Language Pack - %ProfilePath%\extensions\langpack-cs@thunderbird.mozilla.org.xpi
- ThunderKeep - %ProfilePath%\extensions\thunderkeep@jensheuschkel.de.xpi
ProfilePath: C:\Users\Romca\AppData\Roaming\Thunderbird\Profiles\78b6k248.default
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
==== Firefox Plugins ======================
==== Fake Chromium Profiles Check ======================
Fake profile C:\Users\Default\AppData\Local\Google\Chrome deleted
==== Chromium Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\KORYT_~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx[11.09.2016 08:17]
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
Google Drive App Launcher - koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Chrome Media Router - koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Solitaire - Romca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkelcbhdkpcdiiancfjhjcpdinbbfolp
Chrome Media Router - Romca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
==== Chromium Fix ======================
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Romca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Romca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0B0895E0-84C5-4347-B38E-4723121138BD}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04"
{0B0895E0-84C5-4347-B38E-4723121138BD} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAPBJS"
==== Reset Google Chrome ======================
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Preferences.bak was reset successfully
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bak was reset successfully
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferencesgbak was reset successfully
C:\Users\Romca\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Romca\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Web Datagbak was reset successfully
C:\Users\Romca\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Romca\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\koryt_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\koryt_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Romca\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Romca\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\koryt_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Romca\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Romca\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\koryt_000\AppData\Local\Microsoft\Windows\INetCache\IE\9RX7KMFW will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\koryt_000\AppData\Local\Mozilla\Firefox\Profiles\j0o9z1im.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Romca\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=30 folders=10 11630772 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\KORYT_~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\koryt_000\AppData\Local\Microsoft\Windows\INetCache\IE\9RX7KMFW" not found
==== EOF on 10.04.2017 at 10:40:56,96 ======================
Na antiviru pracuju.
Re: Vyskakující okna IE
Zemana AntiMalware 2.72.2.101 (instalační verze)
-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2017.4.10
Operating System : Windows 10 64-bit
Processor : 2X Intel(R) Pentium(R) CPU B960 @ 2.20GHz
BIOS Mode : UEFI
CUID : 12D4FD798B6152917A9B77
Scan Type : Skenování systému
Duration : 20m 23s
Scanned Objects : 104045
Detected Objects : 6
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
Chrome Startup Url
Status : Skenováno
Object : http://mail.ru/cnt/10445?gp=818404
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Chrome Startup Url
Chrome Startup Url
Status : Skenováno
Object : http://www.hohosearch.com/?mode=nnnb&pt ... 3YkBHMoBk..
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Chrome Startup Url
Chrome Startup Url
Status : Skenováno
Object : http://start.atarata.cz/
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Chrome Startup Url
Chrome Startup Url
Status : Skenováno
Object : http://istart.webssearches.com/?type=hp ... CXWD1600JS
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Chrome Startup Url
Chrome Startup Url
Status : Skenováno
Object : http://istart.webssearches.com/?type=hp ... 0221602216
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Chrome Startup Url
Chrome Homepage
Status : Skenováno
Object : http://search.babylon.com/?AF=109130&ba ... 1d9204516f
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Chrome Homepage
Cleaning Result
-------------------------------------------------------
Cleaned : 6
Reported as safe : 0
Failed : 0
-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2017.4.10
Operating System : Windows 10 64-bit
Processor : 2X Intel(R) Pentium(R) CPU B960 @ 2.20GHz
BIOS Mode : UEFI
CUID : 12D4FD798B6152917A9B77
Scan Type : Skenování systému
Duration : 20m 23s
Scanned Objects : 104045
Detected Objects : 6
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
Chrome Startup Url
Status : Skenováno
Object : http://mail.ru/cnt/10445?gp=818404
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Chrome Startup Url
Chrome Startup Url
Status : Skenováno
Object : http://www.hohosearch.com/?mode=nnnb&pt ... 3YkBHMoBk..
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Chrome Startup Url
Chrome Startup Url
Status : Skenováno
Object : http://start.atarata.cz/
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Chrome Startup Url
Chrome Startup Url
Status : Skenováno
Object : http://istart.webssearches.com/?type=hp ... CXWD1600JS
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Chrome Startup Url
Chrome Startup Url
Status : Skenováno
Object : http://istart.webssearches.com/?type=hp ... 0221602216
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Chrome Startup Url
Chrome Homepage
Status : Skenováno
Object : http://search.babylon.com/?AF=109130&ba ... 1d9204516f
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Chrome Homepage
Cleaning Result
-------------------------------------------------------
Cleaned : 6
Reported as safe : 0
Failed : 0
Re: Vyskakující okna IE
Nový Hijach:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:42, on 10.04.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0545)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Users\koryt_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EpmNews.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\CleanUpUI.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
C:\Users\koryt_000\Downloads\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: PDF Architect 4 Helper - {38279E1A-7019-40C1-B579-E99DFB3312E8} - C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EpmNews.exe
O4 - HKLM\..\Run: [EaseUS Cleanup] "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\CleanUpUI.exe" 10 300
O4 - HKLM\..\Run: [EaseUS EPM Tray Agent] "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe"
O4 - HKLM\..\Run: [MSStp] C:\WINDOWS\system32\msstp.vbe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\koryt_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS
U mě vše v pořádku. Ale druhý uživatel se trochu seká. Ještě to zkusíme a kdyžtak pak označím za uzavřené. Díky.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:42, on 10.04.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0545)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Users\koryt_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EpmNews.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\CleanUpUI.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
C:\Users\koryt_000\Downloads\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: PDF Architect 4 Helper - {38279E1A-7019-40C1-B579-E99DFB3312E8} - C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EpmNews.exe
O4 - HKLM\..\Run: [EaseUS Cleanup] "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\CleanUpUI.exe" 10 300
O4 - HKLM\..\Run: [EaseUS EPM Tray Agent] "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe"
O4 - HKLM\..\Run: [MSStp] C:\WINDOWS\system32\msstp.vbe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\koryt_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS
U mě vše v pořádku. Ale druhý uživatel se trochu seká. Ještě to zkusíme a kdyžtak pak označím za uzavřené. Díky.
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Vyskakující okna IE
OK.
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
C:\WINDOWS\system32\msstp.vbe -- tento soubor smaž!
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O4 - HKLM\..\Run: [MSStp] C:\WINDOWS\system32\msstp.vbe
C:\WINDOWS\system32\msstp.vbe -- tento soubor smaž!
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Vyskakující okna IE
C:\WINDOWS\system32\msstp.vb Tento soubor jsem nenašel. Byl jsem přímo ve složce, nepoužíval jsem vyhledavač.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by koryt_000 (13-04-2017 15:45:12)
Running from C:\Users\koryt_000\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-02 16:59:46)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1560035657-911311260-1851593216-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1560035657-911311260-1851593216-503 - Limited - Disabled)
Guest (S-1-5-21-1560035657-911311260-1851593216-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1560035657-911311260-1851593216-1006 - Limited - Enabled)
koryt_000 (S-1-5-21-1560035657-911311260-1851593216-1002 - Administrator - Enabled) => C:\Users\koryt_000
Romca (S-1-5-21-1560035657-911311260-1851593216-1001 - Administrator - Enabled) => C:\Users\Romca
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
9 stop 2: Uzavřené oddělení (HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\9 stop 2: Uzavřené oddělení) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.1.3 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AVS Screen Capture version 1.1.2 (HKLM-x32\...\AVS Screen Capture_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Editor 5 (HKLM-x32\...\AVS Video Editor_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Recorder 2.4 (HKLM-x32\...\AVS Video Recorder_is1) (Version: - Online Media Technologies Ltd.)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.20 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4220.52 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
EaseUS Partition Master 11.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Flash Memory Toolkit trial 2.01 (HKLM-x32\...\Flash Memory Toolkit trial_is1) (Version: - EFD Software)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.22.3 - Androxyde)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Packard Bell)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Packard Bell)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manager (x32 Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1560035657-911311260-1851593216-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 49.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 49.0.2 (x64 cs)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 cs)) (Version: 45.8.0 - Mozilla)
Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation)
Packard Bell Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Packard Bell)
Packard Bell Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Packard Bell)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.4.1 - pdfforge GmbH)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited)
Skype™ 7.34 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.34.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Tajemný park: Poslední představení (HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\Tajemný park: Poslední představení) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.76421 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.33 - VSO-Software SARL)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XnView 2.36 (HKLM-x32\...\XnView_is1) (Version: 2.36 - Gougelet Pierre-e)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.101 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1560035657-911311260-1851593216-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E68C2D0-CB0A-45F9-8C9B-0074EF712B2A} - System32\Tasks\Power Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {7DC8D2CE-D479-47B1-ABC8-6EC7E10E0DB3} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2016-07-06] ()
Task: {C7C492B4-2970-4B8B-995B-D04664BA80C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-07] (Piriform Ltd)
Task: {CC9628F6-DA4C-4C8B-BA1A-0BA217BE426A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {F44C64AD-B1E5-4D6B-AF6E-CAC2998874D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {FE1E1DF0-65D0-4F44-9FE4-5BD7D92B4BE2} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2016-07-06] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\koryt_000\Favorites\Packard Bell.lnk -> hxxp://www.packardbell.com
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 09:17 - 2015-10-30 09:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-13 06:53 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 06:53 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-12-01 18:57 - 2017-02-03 23:25 - 00154480 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-03-02 18:12 - 2016-03-02 18:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 06:57 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 06:54 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 06:53 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 06:54 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 06:54 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 22:00 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-10-09 05:09 - 2014-11-18 14:44 - 00255072 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-10-30 09:18 - 2015-10-30 09:18 - 02100064 _____ () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
2016-04-19 07:57 - 2016-04-19 07:58 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2017-02-28 10:51 - 2017-02-28 10:51 - 01937376 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2016-10-25 10:51 - 2016-10-25 10:51 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-10-09 05:10 - 2016-03-16 09:24 - 00877056 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\platforms\qwindows.dll
2016-10-09 05:09 - 2016-08-30 09:01 - 00307904 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\GarbageGather.dll
2016-10-09 05:09 - 2016-08-26 01:20 - 00118464 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\FHProcess.dll
2016-10-09 05:09 - 2016-06-24 01:00 - 00014336 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\fsclog.dll
2016-10-09 05:09 - 2016-08-26 01:20 - 00174784 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\BigFileGather.dll
2016-10-09 05:09 - 2016-08-26 01:20 - 00088256 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EnumVolumes.dll
2016-10-09 05:09 - 2016-08-26 01:20 - 00224960 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\FragAnalysis.dll
2016-10-09 05:10 - 2016-03-25 01:00 - 00024064 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\imageformats\qico.dll
2016-10-09 05:10 - 2016-03-25 01:00 - 00023552 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\imageformats\qgif.dll
2016-10-09 05:09 - 2014-02-13 15:27 - 00222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\traynet.dll
2016-10-09 05:09 - 2014-02-13 15:27 - 00275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\libcurl.dll
2016-10-09 05:09 - 2014-02-13 15:27 - 00113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\zlib1.dll
2016-10-09 05:09 - 2014-02-13 15:27 - 00249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\uexper.dll
2017-04-10 10:41 - 2017-04-10 10:41 - 00098816 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32api.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00110080 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\pywintypes27.dll
2017-04-10 10:41 - 2017-04-10 10:41 - 00364544 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\pythoncom27.dll
2017-04-10 10:41 - 2017-04-10 10:41 - 00320512 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32com.shell.shell.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00914432 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\_hashlib.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 01176576 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\wx._core_.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00806400 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\wx._gdi_.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00816128 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\wx._windows_.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 01067008 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\wx._controls_.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00733184 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\wx._misc_.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00682496 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\pysqlite2._sqlite.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00088064 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\_ctypes.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00686080 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\unicodedata.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00119808 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32file.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00108544 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32security.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00007168 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\hashobjs_ext.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00017920 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\thumbnails_ext.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00088064 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\usb_ext.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00012800 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\common.time34.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00018432 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32event.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00167936 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32gui.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00046080 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\_socket.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 01303552 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\_ssl.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00128512 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\_elementtree.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00127488 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\pyexpat.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00038912 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32inet.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00036864 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\_psutil_windows.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00524248 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\windows._lib_cacheinvalidation.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00011264 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32crypt.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00123392 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\wx._wizard.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00077312 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\wx._html2.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00027648 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\_multiprocessing.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00020480 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\_yappi.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00035840 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32process.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00078848 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\wx._animate.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00024064 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32pipe.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00010240 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\select.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00025600 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32pdh.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00017408 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32profile.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00022528 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32ts.pyd
2016-10-12 01:08 - 2016-10-12 01:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-25 10:49 - 2016-10-25 10:49 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2012-09-05 21:18 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2017-04-04 06:33 - 2017-03-29 04:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-04 06:33 - 2017-03-29 04:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2016-04-19 07:57 - 2016-04-19 07:58 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 07:57 - 2016-04-19 07:58 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2017-04-10 10:11 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1560035657-911311260-1851593216-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Romca\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{f9bdcdd3-64f7-40d7-aa12-54ccfb601baf}.jpg
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\koryt_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\plocha.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{524109DF-12E2-4562-93DF-5C4EA37A7C24}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{04A83471-9373-440E-A09C-D73FA30A98A0}] => (Allow) C:\Users\koryt_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{E65C53D0-94D4-4801-A4A6-304953382D28}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [UDP Query User{EB0E3A41-FE11-4998-920A-56F1731B46B5}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [TCP Query User{2412E68A-2CDC-41D8-8472-9EBD9DB48645}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{BA132AFF-B34E-41CD-AF27-404E44F06376}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{0E7BD844-6354-4F17-A3F4-C8041392A462}C:\users\koryt_000\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\koryt_000\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{68B4754B-1FFA-4345-9DB4-28C45745D8C4}C:\users\koryt_000\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\koryt_000\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{C4DCA82E-A1BF-41EE-8896-D683871B1762}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{FF907DC5-880C-453D-9F0E-FD03F494DF83}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [{3D5485F5-DDA7-4738-8617-E33CA7CEBB36}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{427E6102-1BEF-49B7-91DA-37431A25781E}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{256C8DCC-0595-4E44-8150-3CF74AB92030}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{EBC34346-0D5D-4F23-BCBE-42A7FCD32004}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{83C8F9CC-3C96-436C-AC1C-D71BBFE20F9E}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [TCP Query User{76910FD8-38D1-408D-B1A1-358351954E4E}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{66B7CE8C-AE3A-4FD8-B8B8-F730021CD8CE}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{6AF572E4-B30B-44BB-82FD-A27E1CBF3616}] => (Allow) C:\Program Files (x86)\Alawarhry.cz\9 Clues The Ward\Ward.exe
FirewallRules: [{093B37B2-E14E-467E-A77C-82735B8503B7}] => (Allow) C:\Program Files (x86)\Alawarhry.cz\9 Clues The Ward\F2PHttpDaemon.exe
FirewallRules: [{939C9820-FD20-4FB2-99DB-ADCE0B3E0116}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EE878802-1438-4FF8-A925-FE6CD843EC52}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CFD393E9-B0B7-495B-9C12-2011FD06F7B1}] => (Allow) C:\Program Files (x86)\Alawarhry.cz\Weird Park The Final Show\F2PHttpDaemon.exe
FirewallRules: [{1F8565E0-011C-408B-86F6-EB742F5EC3BD}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{056227FF-126D-4101-B414-3ED110559F37}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{1DACE105-4BEC-48C5-AC8A-B9FCD08E6961}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{054604BD-8953-4368-943B-142D8F80C115}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [TCP Query User{EA860053-EC3C-42C3-9E7A-B53F4964DA89}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{1A11F6D9-BA30-48EA-B9A0-C0FEC76ACDF8}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [TCP Query User{48722900-A37A-49EA-9878-5C7578E069E5}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [UDP Query User{181ED406-7073-47E5-9056-7D23F1F40455}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [{627387E2-958F-4902-97E9-BBAC005CE252}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{F6C5C424-CE11-4C4B-87CE-EF57968381A4}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{2404E4AD-C293-473F-B972-146504C9428D}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{5957A553-43A5-4373-99ED-085E3F34D3A2}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [TCP Query User{39081852-36F0-45C2-B244-485C443982B0}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{0B28CBF9-4FD1-43F9-A855-3A745F22BA8C}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{68F989E1-32D8-4D8A-A0D8-61D8F3148805}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{5E22F8EB-CE91-40FA-8335-BC34213A936D}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{BEA6D7B7-C762-4F7D-973F-17F3752CEB0F}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{238DF0C9-4D9A-49D4-9A9E-AA17CAA2B577}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{F7CBED1C-A2B6-4F11-A607-56D84EEE99B1}] => (Allow) C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe
FirewallRules: [{AAB5E19F-11B0-4F2F-A70F-CF4DD32628ED}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C8651379-CF94-41FA-90F5-0B34C9CD6637}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1D8A3ABE-1D47-44F6-848A-AE4D51D6FC6B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C65363CE-BF5A-45F8-9B4F-5484620163F9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{66EB2593-9662-4068-8E00-3E387D5B9177}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A273BFCE-493E-4B99-84C4-74F5F8439C11}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Restore Points =========================
15-03-2017 18:46:29 Nainstalováno: Microsoft Office FrontPage 2003
03-04-2017 14:51:19 Naplánovaný kontrolní bod
09-04-2017 10:21:51 JRT Pre-Junkware Removal
10-04-2017 10:10:32 zoek.exe restore point
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/13/2017 03:44:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Romca-PC)
Description: Aplikaci Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147024891. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (04/13/2017 03:13:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Romca-PC)
Description: Aplikaci Microsoft.Windows.Photos_8wekyb3d8bbwe!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (04/13/2017 12:45:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROMCA-PC)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2147024891. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (04/13/2017 12:45:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROMCA-PC)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2147023170. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (04/13/2017 12:45:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROMCA-PC)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2147023170. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (04/13/2017 11:19:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Romca-PC)
Description: Aplikaci Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (04/13/2017 11:19:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Romca-PC)
Description: Aplikaci Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (04/13/2017 11:19:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SkypeHost.exe verze 10.1.2123.36 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.
ID procesu: 2abc
Čas spuštění: 01d2b436b1f90a18
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
ID hlášení: 34b807ed-202a-11e7-befd-b888e3c04e13
Úplný název balíčku s chybou: Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe
ID aplikace související s balíčkem s chybou: ppleae38af2e007f4358a809ac99a64a67c1
Error: (04/13/2017 11:16:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Romca-PC)
Description: Aplikaci Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147024891. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (04/13/2017 11:00:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Romca-PC)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2147024891. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
System errors:
=============
Error: (04/13/2017 03:44:28 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:44:27 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
App.AppXtjcey7sh4wvcw7hy21b0nmp0bq18dyzd.mca
a APPID
Není k dispozici
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:29:44 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:24:01 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:24:00 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:24:00 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:24:00 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:23:59 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:23:59 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:23:58 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
CodeIntegrity:
===================================
Date: 2017-03-11 11:11:33.926
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-07 14:48:37.520
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-03 08:47:44.301
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-27 17:43:34.291
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-23 13:55:41.957
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-03 10:28:53.892
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-26 18:55:38.687
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-16 09:20:29.166
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-13 09:12:13.749
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-06 13:35:24.849
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 62%
Total physical RAM: 3909.28 MB
Available physical RAM: 1465.95 MB
Total Virtual: 7237.28 MB
Available Virtual: 4333.61 MB
==================== Drives ================================
Drive c: (Packard Bell) (Fixed) (Total:678.7 GB) (Free:441.52 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: C0C66E1F)
Partition: GPT.
==================== End of Addition.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by koryt_000 (13-04-2017 15:45:12)
Running from C:\Users\koryt_000\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-02 16:59:46)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1560035657-911311260-1851593216-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1560035657-911311260-1851593216-503 - Limited - Disabled)
Guest (S-1-5-21-1560035657-911311260-1851593216-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1560035657-911311260-1851593216-1006 - Limited - Enabled)
koryt_000 (S-1-5-21-1560035657-911311260-1851593216-1002 - Administrator - Enabled) => C:\Users\koryt_000
Romca (S-1-5-21-1560035657-911311260-1851593216-1001 - Administrator - Enabled) => C:\Users\Romca
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
9 stop 2: Uzavřené oddělení (HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\9 stop 2: Uzavřené oddělení) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.1.3 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AVS Screen Capture version 1.1.2 (HKLM-x32\...\AVS Screen Capture_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Editor 5 (HKLM-x32\...\AVS Video Editor_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Recorder 2.4 (HKLM-x32\...\AVS Video Recorder_is1) (Version: - Online Media Technologies Ltd.)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.20 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4220.52 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
EaseUS Partition Master 11.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Flash Memory Toolkit trial 2.01 (HKLM-x32\...\Flash Memory Toolkit trial_is1) (Version: - EFD Software)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.22.3 - Androxyde)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Packard Bell)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Packard Bell)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manager (x32 Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1560035657-911311260-1851593216-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 49.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 49.0.2 (x64 cs)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 cs)) (Version: 45.8.0 - Mozilla)
Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation)
Packard Bell Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Packard Bell)
Packard Bell Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Packard Bell)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.4.1 - pdfforge GmbH)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited)
Skype™ 7.34 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.34.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Tajemný park: Poslední představení (HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\Tajemný park: Poslední představení) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.76421 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.33 - VSO-Software SARL)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XnView 2.36 (HKLM-x32\...\XnView_is1) (Version: 2.36 - Gougelet Pierre-e)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.101 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1560035657-911311260-1851593216-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E68C2D0-CB0A-45F9-8C9B-0074EF712B2A} - System32\Tasks\Power Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {7DC8D2CE-D479-47B1-ABC8-6EC7E10E0DB3} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2016-07-06] ()
Task: {C7C492B4-2970-4B8B-995B-D04664BA80C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-07] (Piriform Ltd)
Task: {CC9628F6-DA4C-4C8B-BA1A-0BA217BE426A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {F44C64AD-B1E5-4D6B-AF6E-CAC2998874D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {FE1E1DF0-65D0-4F44-9FE4-5BD7D92B4BE2} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2016-07-06] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\koryt_000\Favorites\Packard Bell.lnk -> hxxp://www.packardbell.com
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 09:17 - 2015-10-30 09:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-13 06:53 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 06:53 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-12-01 18:57 - 2017-02-03 23:25 - 00154480 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-03-02 18:12 - 2016-03-02 18:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 06:57 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 06:54 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 06:53 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 06:54 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 06:54 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 22:00 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-10-09 05:09 - 2014-11-18 14:44 - 00255072 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-10-30 09:18 - 2015-10-30 09:18 - 02100064 _____ () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
2016-04-19 07:57 - 2016-04-19 07:58 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2017-02-28 10:51 - 2017-02-28 10:51 - 01937376 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2016-10-25 10:51 - 2016-10-25 10:51 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-10-09 05:10 - 2016-03-16 09:24 - 00877056 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\platforms\qwindows.dll
2016-10-09 05:09 - 2016-08-30 09:01 - 00307904 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\GarbageGather.dll
2016-10-09 05:09 - 2016-08-26 01:20 - 00118464 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\FHProcess.dll
2016-10-09 05:09 - 2016-06-24 01:00 - 00014336 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\fsclog.dll
2016-10-09 05:09 - 2016-08-26 01:20 - 00174784 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\BigFileGather.dll
2016-10-09 05:09 - 2016-08-26 01:20 - 00088256 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EnumVolumes.dll
2016-10-09 05:09 - 2016-08-26 01:20 - 00224960 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\FragAnalysis.dll
2016-10-09 05:10 - 2016-03-25 01:00 - 00024064 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\imageformats\qico.dll
2016-10-09 05:10 - 2016-03-25 01:00 - 00023552 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\imageformats\qgif.dll
2016-10-09 05:09 - 2014-02-13 15:27 - 00222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\traynet.dll
2016-10-09 05:09 - 2014-02-13 15:27 - 00275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\libcurl.dll
2016-10-09 05:09 - 2014-02-13 15:27 - 00113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\zlib1.dll
2016-10-09 05:09 - 2014-02-13 15:27 - 00249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\uexper.dll
2017-04-10 10:41 - 2017-04-10 10:41 - 00098816 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32api.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00110080 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\pywintypes27.dll
2017-04-10 10:41 - 2017-04-10 10:41 - 00364544 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\pythoncom27.dll
2017-04-10 10:41 - 2017-04-10 10:41 - 00320512 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32com.shell.shell.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00914432 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\_hashlib.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 01176576 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\wx._core_.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00806400 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\wx._gdi_.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00816128 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\wx._windows_.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 01067008 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\wx._controls_.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00733184 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\wx._misc_.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00682496 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\pysqlite2._sqlite.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00088064 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\_ctypes.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00686080 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\unicodedata.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00119808 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32file.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00108544 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32security.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00007168 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\hashobjs_ext.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00017920 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\thumbnails_ext.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00088064 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\usb_ext.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00012800 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\common.time34.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00018432 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32event.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00167936 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32gui.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00046080 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\_socket.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 01303552 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\_ssl.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00128512 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\_elementtree.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00127488 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\pyexpat.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00038912 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32inet.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00036864 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\_psutil_windows.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00524248 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\windows._lib_cacheinvalidation.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00011264 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32crypt.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00123392 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\wx._wizard.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00077312 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\wx._html2.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00027648 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\_multiprocessing.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00020480 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\_yappi.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00035840 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32process.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00078848 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\wx._animate.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00024064 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32pipe.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00010240 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\select.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00025600 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32pdh.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00017408 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32profile.pyd
2017-04-10 10:41 - 2017-04-10 10:41 - 00022528 ____R () C:\Users\koryt_000\AppData\Local\Temp\_MEI59082\win32ts.pyd
2016-10-12 01:08 - 2016-10-12 01:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-25 10:49 - 2016-10-25 10:49 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2012-09-05 21:18 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2017-04-04 06:33 - 2017-03-29 04:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-04 06:33 - 2017-03-29 04:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2016-04-19 07:57 - 2016-04-19 07:58 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 07:57 - 2016-04-19 07:58 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2017-04-10 10:11 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1560035657-911311260-1851593216-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Romca\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{f9bdcdd3-64f7-40d7-aa12-54ccfb601baf}.jpg
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\koryt_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\plocha.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{524109DF-12E2-4562-93DF-5C4EA37A7C24}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{04A83471-9373-440E-A09C-D73FA30A98A0}] => (Allow) C:\Users\koryt_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{E65C53D0-94D4-4801-A4A6-304953382D28}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [UDP Query User{EB0E3A41-FE11-4998-920A-56F1731B46B5}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [TCP Query User{2412E68A-2CDC-41D8-8472-9EBD9DB48645}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{BA132AFF-B34E-41CD-AF27-404E44F06376}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{0E7BD844-6354-4F17-A3F4-C8041392A462}C:\users\koryt_000\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\koryt_000\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{68B4754B-1FFA-4345-9DB4-28C45745D8C4}C:\users\koryt_000\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\koryt_000\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{C4DCA82E-A1BF-41EE-8896-D683871B1762}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{FF907DC5-880C-453D-9F0E-FD03F494DF83}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [{3D5485F5-DDA7-4738-8617-E33CA7CEBB36}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{427E6102-1BEF-49B7-91DA-37431A25781E}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{256C8DCC-0595-4E44-8150-3CF74AB92030}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{EBC34346-0D5D-4F23-BCBE-42A7FCD32004}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{83C8F9CC-3C96-436C-AC1C-D71BBFE20F9E}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [TCP Query User{76910FD8-38D1-408D-B1A1-358351954E4E}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{66B7CE8C-AE3A-4FD8-B8B8-F730021CD8CE}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{6AF572E4-B30B-44BB-82FD-A27E1CBF3616}] => (Allow) C:\Program Files (x86)\Alawarhry.cz\9 Clues The Ward\Ward.exe
FirewallRules: [{093B37B2-E14E-467E-A77C-82735B8503B7}] => (Allow) C:\Program Files (x86)\Alawarhry.cz\9 Clues The Ward\F2PHttpDaemon.exe
FirewallRules: [{939C9820-FD20-4FB2-99DB-ADCE0B3E0116}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EE878802-1438-4FF8-A925-FE6CD843EC52}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CFD393E9-B0B7-495B-9C12-2011FD06F7B1}] => (Allow) C:\Program Files (x86)\Alawarhry.cz\Weird Park The Final Show\F2PHttpDaemon.exe
FirewallRules: [{1F8565E0-011C-408B-86F6-EB742F5EC3BD}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{056227FF-126D-4101-B414-3ED110559F37}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{1DACE105-4BEC-48C5-AC8A-B9FCD08E6961}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{054604BD-8953-4368-943B-142D8F80C115}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [TCP Query User{EA860053-EC3C-42C3-9E7A-B53F4964DA89}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{1A11F6D9-BA30-48EA-B9A0-C0FEC76ACDF8}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [TCP Query User{48722900-A37A-49EA-9878-5C7578E069E5}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [UDP Query User{181ED406-7073-47E5-9056-7D23F1F40455}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [{627387E2-958F-4902-97E9-BBAC005CE252}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{F6C5C424-CE11-4C4B-87CE-EF57968381A4}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{2404E4AD-C293-473F-B972-146504C9428D}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{5957A553-43A5-4373-99ED-085E3F34D3A2}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [TCP Query User{39081852-36F0-45C2-B244-485C443982B0}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{0B28CBF9-4FD1-43F9-A855-3A745F22BA8C}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{68F989E1-32D8-4D8A-A0D8-61D8F3148805}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{5E22F8EB-CE91-40FA-8335-BC34213A936D}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{BEA6D7B7-C762-4F7D-973F-17F3752CEB0F}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{238DF0C9-4D9A-49D4-9A9E-AA17CAA2B577}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{F7CBED1C-A2B6-4F11-A607-56D84EEE99B1}] => (Allow) C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe
FirewallRules: [{AAB5E19F-11B0-4F2F-A70F-CF4DD32628ED}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C8651379-CF94-41FA-90F5-0B34C9CD6637}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1D8A3ABE-1D47-44F6-848A-AE4D51D6FC6B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C65363CE-BF5A-45F8-9B4F-5484620163F9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{66EB2593-9662-4068-8E00-3E387D5B9177}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A273BFCE-493E-4B99-84C4-74F5F8439C11}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Restore Points =========================
15-03-2017 18:46:29 Nainstalováno: Microsoft Office FrontPage 2003
03-04-2017 14:51:19 Naplánovaný kontrolní bod
09-04-2017 10:21:51 JRT Pre-Junkware Removal
10-04-2017 10:10:32 zoek.exe restore point
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/13/2017 03:44:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Romca-PC)
Description: Aplikaci Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147024891. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (04/13/2017 03:13:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Romca-PC)
Description: Aplikaci Microsoft.Windows.Photos_8wekyb3d8bbwe!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (04/13/2017 12:45:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROMCA-PC)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2147024891. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (04/13/2017 12:45:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROMCA-PC)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2147023170. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (04/13/2017 12:45:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROMCA-PC)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2147023170. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (04/13/2017 11:19:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Romca-PC)
Description: Aplikaci Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (04/13/2017 11:19:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Romca-PC)
Description: Aplikaci Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (04/13/2017 11:19:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SkypeHost.exe verze 10.1.2123.36 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.
ID procesu: 2abc
Čas spuštění: 01d2b436b1f90a18
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
ID hlášení: 34b807ed-202a-11e7-befd-b888e3c04e13
Úplný název balíčku s chybou: Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe
ID aplikace související s balíčkem s chybou: ppleae38af2e007f4358a809ac99a64a67c1
Error: (04/13/2017 11:16:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Romca-PC)
Description: Aplikaci Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147024891. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (04/13/2017 11:00:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Romca-PC)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2147024891. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
System errors:
=============
Error: (04/13/2017 03:44:28 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:44:27 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
App.AppXtjcey7sh4wvcw7hy21b0nmp0bq18dyzd.mca
a APPID
Není k dispozici
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:29:44 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:24:01 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:24:00 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:24:00 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:24:00 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:23:59 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:23:59 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (04/13/2017 03:23:58 PM) (Source: DCOM) (EventID: 10016) (User: Romca-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Romca-PC\Romca (SID: S-1-5-21-1560035657-911311260-1851593216-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
CodeIntegrity:
===================================
Date: 2017-03-11 11:11:33.926
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-07 14:48:37.520
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-03 08:47:44.301
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-27 17:43:34.291
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-23 13:55:41.957
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-03 10:28:53.892
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-26 18:55:38.687
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-16 09:20:29.166
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-13 09:12:13.749
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-06 13:35:24.849
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 62%
Total physical RAM: 3909.28 MB
Available physical RAM: 1465.95 MB
Total Virtual: 7237.28 MB
Available Virtual: 4333.61 MB
==================== Drives ================================
Drive c: (Packard Bell) (Fixed) (Total:678.7 GB) (Free:441.52 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: C0C66E1F)
Partition: GPT.
==================== End of Addition.txt ============================
Re: Vyskakující okna IE
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by koryt_000 (administrator) on ROMCA-PC (13-04-2017 15:43:59)
Running from C:\Users\koryt_000\Desktop
Loaded Profiles: Romca & koryt_000 (Available Profiles: Romca & koryt_000)
Platform: Windows 10 Home Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EpmNews.exe
(CHENGDU Yiwo Tech Development Co., Ltd.) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\CleanUpUI.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EpmNews.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
() C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\koryt_000\Desktop\FRST64 (1).exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EpmNews.exe [2090176 2016-08-26] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\CleanUpUI.exe [1242816 2016-08-26] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1560035657-911311260-1851593216-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9108184 2016-11-07] (Piriform Ltd)
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27774944 2017-03-21] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{ce22edf9-f1bf-45c9-8c78-e709c167df74}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{e90c8d31-48f9-4616-9d3d-6de6ad9ac1c4}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Internet Explorer:
==================
HKU\S-1-5-21-1560035657-911311260-1851593216-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1560035657-911311260-1851593216-1001 -> {0B0895E0-84C5-4347-B38E-4723121138BD} URL =
SearchScopes: HKU\S-1-5-21-1560035657-911311260-1851593216-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-01] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: j0o9z1im.default
FF ProfilePath: C:\Users\koryt_000\AppData\Roaming\Mozilla\Firefox\Profiles\j0o9z1im.default [2017-04-10]
FF NewTab: Mozilla\Firefox\Profiles\j0o9z1im.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\j0o9z1im.default -> about:home
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin: PDF Architect 4 -> C:\Program Files\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default [2017-04-13]
CHR Extension: (Prezentace Google) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-10]
CHR Extension: (Dokumenty Google) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-10]
CHR Extension: (Disk Google) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-10]
CHR Extension: (YouTube) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-10]
CHR Extension: (Osmička) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2017-04-10]
CHR Extension: (Kalendář Google) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-04-10]
CHR Extension: (Tabulky Google) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-10]
CHR Extension: (Dokumenty Google offline) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-10]
CHR Extension: (Gmail) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-10]
CHR HKU\S-1-5-21-1560035657-911311260-1851593216-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KORYT_~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-09-11]
CHR HKU\S-1-5-21-1560035657-911311260-1851593216-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-05-18] (© pdfforge GmbH.)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-05] (Dritek System INC.)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2017-01-01] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757040 2017-04-06] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7585280 2015-10-30] (Broadcom Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-04-21] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-04-21] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
R1 MpKsl96a45cca; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5B6E341D-920E-45FF-8C25-6CC95CFD1F70}\MpKsl96a45cca.sys [44928 2017-04-13] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-05] (Dritek System Inc.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-10-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [138896 2016-10-18] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-12-01] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-12-01] (Zemana Ltd.)
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-13 15:43 - 2017-04-13 15:44 - 00021434 _____ C:\Users\koryt_000\Desktop\FRST.txt
2017-04-13 15:43 - 2017-04-13 15:43 - 02424832 _____ (Farbar) C:\Users\koryt_000\Desktop\FRST64 (1).exe
2017-04-13 15:42 - 2017-04-13 15:43 - 02424832 _____ (Farbar) C:\Users\koryt_000\Downloads\FRST64 (1).exe
2017-04-11 05:38 - 2017-04-11 05:38 - 00000000 ____D C:\Users\koryt_000\AppData\Local\NetworkTiles
2017-04-10 14:30 - 2017-04-10 14:30 - 00000000 ____D C:\Users\Romca\AppData\Local\NetworkTiles
2017-04-10 11:24 - 2017-04-10 11:24 - 00000000 ____D C:\Users\Romca\AppData\Local\ActiveSync
2017-04-10 10:43 - 2017-04-10 10:43 - 00000000 ____D C:\Users\koryt_000\AppData\Local\ActiveSync
2017-04-10 10:37 - 2017-04-10 10:07 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-04-10 10:07 - 2017-04-10 10:35 - 00000000 ____D C:\zoek_backup
2017-04-10 10:07 - 2017-04-10 10:07 - 01309184 _____ C:\Users\koryt_000\Downloads\zoek.exe
2017-04-10 10:07 - 2017-04-10 10:07 - 01309184 _____ C:\Users\koryt_000\Downloads\zoek (1).exe
2017-04-09 15:45 - 2017-04-09 15:45 - 00000080 _____ C:\Users\Romca\Desktop\frd - zástupce.lnk
2017-04-09 10:53 - 2017-04-09 10:55 - 00000080 _____ C:\Users\koryt_000\Desktop\frd - zástupce.lnk
2017-04-09 10:52 - 2017-04-09 10:52 - 00111381 _____ C:\MAL.txt
2017-04-09 10:20 - 2017-04-09 10:21 - 01663904 _____ (Malwarebytes) C:\Users\koryt_000\Downloads\JRT.exe
2017-04-08 18:17 - 2017-04-09 10:13 - 00000000 ____D C:\AdwCleaner
2017-04-08 18:15 - 2017-04-08 18:17 - 04089296 _____ C:\Users\koryt_000\Downloads\AdwCleaner.exe
2017-04-08 17:55 - 2017-04-08 17:57 - 00448512 _____ (OldTimer Tools) C:\Users\koryt_000\Downloads\TFC.exe
2017-04-08 17:52 - 2017-04-08 17:53 - 00050688 _____ (Atribune.org) C:\Users\koryt_000\Downloads\ATF-Cleaner (1).exe
2017-04-08 08:46 - 2017-04-08 08:46 - 00000028 _____ C:\WINDOWS\OutLog.txt
2017-04-05 21:59 - 2017-04-05 21:59 - 00000000 ___HD C:\OneDriveTemp
2017-03-30 14:15 - 2017-03-30 14:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\koryt_000\Downloads\hijackthis.exe
2017-03-26 17:05 - 2017-03-26 17:05 - 01857677 _____ C:\Users\koryt_000\Documents\Paprikáš 24.3.pdf
2017-03-26 15:35 - 2017-03-26 15:36 - 12372472 _____ C:\Users\koryt_000\Downloads\PDFsam_Basic_Installer.exe
2017-03-26 14:48 - 2017-03-26 14:48 - 00000000 ____D C:\Player Data
2017-03-24 15:29 - 2017-03-24 15:29 - 00001493 _____ C:\Users\koryt_000\AppData\Local\recently-used.xbel
2017-03-16 07:58 - 2017-03-16 07:59 - 00252160 _____ (Facebook) C:\Users\Romca\Downloads\FacebookGameroom.exe
2017-03-15 20:05 - 2017-03-16 16:59 - 00000000 ____D C:\Users\koryt_000\Documents\Heli
2017-03-15 19:29 - 2017-03-15 19:29 - 00007272 _____ C:\Users\koryt_000\Downloads\form.zip
2017-03-15 18:50 - 2017-03-16 16:38 - 00000000 ___SD C:\Users\koryt_000\Documents\Weby
2017-03-15 18:32 - 2017-03-15 18:41 - 157169526 _____ C:\Users\koryt_000\Downloads\MS-Frontpage-2003.rar
2017-03-15 18:28 - 2017-03-15 18:28 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-15 18:20 - 2017-03-15 18:43 - 00000000 ____D C:\Users\koryt_000\Desktop\Frontpage
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-13 15:44 - 2016-12-01 18:57 - 00490964 _____ C:\WINDOWS\ZAM.krnl.trace
2017-04-13 15:44 - 2016-12-01 18:57 - 00464001 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-04-13 15:43 - 2016-12-03 13:09 - 00000000 ____D C:\FRST
2017-04-13 15:42 - 2016-08-27 20:58 - 00000000 ____D C:\Users\koryt_000\AppData\Roaming\Skype
2017-04-13 15:37 - 2016-12-02 18:07 - 00000000 ____D C:\Users\koryt_000\Downloads\backups
2017-04-13 12:48 - 2017-02-26 20:40 - 00004196 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1B56FC91-F171-4238-81E4-AC7CBC601CA0}
2017-04-13 12:48 - 2016-03-06 17:57 - 00004204 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{40FB7EFB-4BFB-4E50-A366-AF4267F8087C}
2017-04-13 06:00 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-13 05:55 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-12 20:34 - 2016-10-01 08:26 - 00001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2017-04-12 20:34 - 2016-10-01 08:26 - 00001040 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2017-04-12 20:34 - 2016-03-06 17:48 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-04-12 11:42 - 2016-12-16 06:35 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-12 11:42 - 2016-12-16 06:35 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-10 10:47 - 2016-03-02 18:39 - 00000000 ____D C:\Users\koryt_000
2017-04-10 10:45 - 2016-03-02 18:52 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-10 10:45 - 2015-10-30 20:31 - 00751272 _____ C:\WINDOWS\system32\perfh005.dat
2017-04-10 10:45 - 2015-10-30 20:31 - 00150860 _____ C:\WINDOWS\system32\perfc005.dat
2017-04-10 10:45 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2017-04-10 10:42 - 2016-09-11 08:21 - 00000000 ___RD C:\Users\koryt_000\Disk Google
2017-04-10 10:42 - 2016-02-26 17:54 - 00000000 ___RD C:\Users\koryt_000\OneDrive
2017-04-10 10:38 - 2016-03-02 18:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-10 10:38 - 2015-10-30 08:28 - 01310720 ___SH C:\WINDOWS\system32\config\BBI
2017-04-10 10:34 - 2016-11-24 18:47 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2017-04-10 10:34 - 2016-11-24 18:47 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2017-04-10 09:41 - 2016-02-21 19:12 - 00002260 ____H C:\Users\koryt_000\Documents\Default.rdp
2017-04-09 15:46 - 2016-11-04 16:42 - 00001692 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk
2017-04-09 15:46 - 2016-10-28 19:01 - 00001238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-04-09 15:46 - 2016-07-31 16:15 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2015.lnk
2017-04-09 15:46 - 2016-07-24 16:18 - 00001290 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2017-04-09 15:46 - 2016-06-30 07:41 - 00000897 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-09 15:46 - 2016-06-04 13:53 - 00001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-04-09 15:46 - 2016-04-17 17:30 - 00002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-09 15:46 - 2016-03-02 18:45 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-04-09 15:46 - 2016-02-23 16:50 - 00000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-04-09 15:46 - 2012-09-05 21:40 - 00001737 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard bell User's Manual.lnk
2017-04-09 15:46 - 2012-09-05 21:40 - 00001723 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard bell Quick Guide.lnk
2017-04-09 15:45 - 2017-02-24 22:07 - 00002658 _____ C:\Users\Public\Desktop\Skype.lnk
2017-04-09 15:45 - 2017-02-03 23:25 - 00001157 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-04-09 15:45 - 2017-02-02 17:26 - 00000933 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2017-04-09 15:45 - 2017-01-24 17:23 - 00000897 _____ C:\Users\Public\Desktop\PDF Architect 4.lnk
2017-04-09 15:45 - 2016-11-24 19:04 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-04-09 15:45 - 2016-11-20 08:40 - 00000919 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-09 15:45 - 2016-11-04 16:42 - 00001402 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 6 FREE.lnk
2017-04-09 15:45 - 2016-10-31 17:10 - 00001161 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2017-04-09 15:45 - 2016-10-28 19:01 - 00001226 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-04-09 15:45 - 2016-10-09 05:10 - 00001473 _____ C:\Users\Public\Desktop\EaseUS Partition Master 11.8.lnk
2017-04-09 15:45 - 2016-07-24 16:18 - 00001278 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2017-04-09 15:45 - 2016-03-03 20:25 - 00001151 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-04-09 15:45 - 2016-03-02 19:11 - 00002437 _____ C:\Users\Romca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-09 15:45 - 2016-02-22 19:55 - 00000658 _____ C:\Users\Public\Desktop\Total Commander 64 bit.lnk
2017-04-09 13:53 - 2016-04-26 17:10 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-04-09 10:56 - 2016-03-09 19:58 - 00000972 _____ C:\Users\koryt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-04-09 10:56 - 2016-02-21 20:44 - 00002449 _____ C:\Users\koryt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-09 10:55 - 2017-01-24 16:28 - 00000832 _____ C:\Users\koryt_000\Desktop\Dokumenty.lnk
2017-04-09 10:55 - 2017-01-23 18:27 - 00001148 _____ C:\Users\koryt_000\Desktop\Format Factory.lnk
2017-04-09 10:55 - 2016-08-18 16:42 - 00000924 _____ C:\Users\koryt_000\Desktop\Start Tor Browser.lnk
2017-04-09 10:55 - 2016-08-03 17:58 - 00001594 _____ C:\Users\koryt_000\Desktop\Mozilla Firefox.lnk
2017-04-09 10:55 - 2016-07-30 13:02 - 00001601 _____ C:\Users\koryt_000\Desktop\Microsoft Edge.lnk
2017-04-09 10:55 - 2016-07-04 16:22 - 00001442 _____ C:\Users\koryt_000\Desktop\Tajemný park Poslední představení.lnk
2017-04-09 10:55 - 2016-06-04 09:11 - 00000960 _____ C:\Users\koryt_000\Desktop\XnView.lnk
2017-04-09 10:55 - 2016-06-01 17:59 - 00001285 _____ C:\Users\koryt_000\Desktop\9 stop 2 Uzavřené oddělení.lnk
2017-04-09 10:55 - 2016-04-17 16:34 - 00001286 _____ C:\Users\koryt_000\Desktop\AVS Video Editor.lnk
2017-04-09 10:55 - 2016-02-22 21:14 - 00002095 _____ C:\Users\koryt_000\Desktop\Helifood.lnk
2017-04-09 10:52 - 2016-11-04 16:42 - 00000000 ____D C:\ProgramData\Ashampoo
2017-04-09 10:52 - 2016-03-29 20:06 - 00000000 ____D C:\Program Files (x86)\FormatFactory
2017-04-09 10:27 - 2016-08-21 20:26 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-09 10:23 - 2016-04-26 19:03 - 00000000 ____D C:\Users\koryt_000\AppData\Local\CrashDumps
2017-04-09 10:20 - 2017-01-24 20:39 - 00009742 _____ C:\Users\koryt_000\rgmnr
2017-04-08 17:57 - 2016-12-11 13:39 - 00000000 ____D C:\Users\Romca\AppData\Local\CrashDumps
2017-04-08 17:54 - 2016-12-01 20:31 - 00000000 ____D C:\Users\Romca\AppData\Local\Adobe
2017-04-08 12:41 - 2016-03-29 20:07 - 00000000 ____D C:\FFOutput
2017-04-08 00:06 - 2016-02-19 10:30 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-05 10:52 - 2017-01-24 21:25 - 00011716 _____ C:\Users\Romca\rgmnr
2017-04-05 10:44 - 2016-03-02 18:39 - 00000000 ____D C:\Users\Romca
2017-04-05 10:27 - 2017-03-10 20:11 - 00000000 ____D C:\Users\Romca\Downloads\FRD
2017-04-03 13:55 - 2017-03-06 15:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-04-03 13:55 - 2017-02-24 22:07 - 00000000 ____D C:\ProgramData\Skype
2017-04-03 03:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-26 17:40 - 2016-03-03 20:25 - 00000000 ____D C:\Users\koryt_000\AppData\Roaming\vlc
2017-03-26 17:03 - 2017-03-06 18:57 - 00000000 ____D C:\Users\koryt_000\Desktop\Branntag
2017-03-26 06:54 - 2016-09-11 08:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-03-25 09:23 - 2016-02-23 16:52 - 00000000 ____D C:\Users\koryt_000\AppData\Local\gtk-2.0
2017-03-25 09:23 - 2016-02-23 16:50 - 00000000 ____D C:\Users\koryt_000\.gimp-2.8
2017-03-21 15:16 - 2016-03-02 16:34 - 00000000 ____D C:\Users\koryt_000\Downloads\FRD stažený
2017-03-15 18:48 - 2016-07-31 13:18 - 00000384 _____ C:\WINDOWS\ODBC.INI
2017-03-15 18:48 - 2016-02-22 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-03-15 18:47 - 2016-02-22 20:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-15 18:44 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\System
2017-03-15 18:28 - 2016-02-19 05:23 - 00309687 ____N C:\WINDOWS\Minidump\031517-23734-01.dmp
==================== Files in the root of some directories =======
2016-03-03 18:35 - 2016-03-03 18:35 - 0099384 _____ () C:\Users\koryt_000\AppData\Roaming\inst.exe
2016-03-03 18:35 - 2016-03-03 18:35 - 0007859 _____ () C:\Users\koryt_000\AppData\Roaming\pcouffin.cat
2016-03-03 18:35 - 2016-03-03 18:35 - 0001167 _____ () C:\Users\koryt_000\AppData\Roaming\pcouffin.inf
2016-03-03 18:35 - 2016-03-03 18:35 - 0000055 _____ () C:\Users\koryt_000\AppData\Roaming\pcouffin.log
2016-03-03 18:35 - 2016-03-03 18:35 - 0082816 _____ (VSO Software) C:\Users\koryt_000\AppData\Roaming\pcouffin.sys
2017-03-24 15:29 - 2017-03-24 15:29 - 0001493 _____ () C:\Users\koryt_000\AppData\Local\recently-used.xbel
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-04 23:28
==================== End of FRST.txt ============================
Jinak u druhého uživatele už vše běhá rychle a bez problémů.
Ran by koryt_000 (administrator) on ROMCA-PC (13-04-2017 15:43:59)
Running from C:\Users\koryt_000\Desktop
Loaded Profiles: Romca & koryt_000 (Available Profiles: Romca & koryt_000)
Platform: Windows 10 Home Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EpmNews.exe
(CHENGDU Yiwo Tech Development Co., Ltd.) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\CleanUpUI.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EpmNews.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
() C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\koryt_000\Desktop\FRST64 (1).exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EpmNews.exe [2090176 2016-08-26] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\CleanUpUI.exe [1242816 2016-08-26] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1560035657-911311260-1851593216-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9108184 2016-11-07] (Piriform Ltd)
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27774944 2017-03-21] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{ce22edf9-f1bf-45c9-8c78-e709c167df74}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{e90c8d31-48f9-4616-9d3d-6de6ad9ac1c4}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Internet Explorer:
==================
HKU\S-1-5-21-1560035657-911311260-1851593216-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1560035657-911311260-1851593216-1001 -> {0B0895E0-84C5-4347-B38E-4723121138BD} URL =
SearchScopes: HKU\S-1-5-21-1560035657-911311260-1851593216-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-01] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: j0o9z1im.default
FF ProfilePath: C:\Users\koryt_000\AppData\Roaming\Mozilla\Firefox\Profiles\j0o9z1im.default [2017-04-10]
FF NewTab: Mozilla\Firefox\Profiles\j0o9z1im.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\j0o9z1im.default -> about:home
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin: PDF Architect 4 -> C:\Program Files\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default [2017-04-13]
CHR Extension: (Prezentace Google) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-10]
CHR Extension: (Dokumenty Google) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-10]
CHR Extension: (Disk Google) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-10]
CHR Extension: (YouTube) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-10]
CHR Extension: (Osmička) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2017-04-10]
CHR Extension: (Kalendář Google) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-04-10]
CHR Extension: (Tabulky Google) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-10]
CHR Extension: (Dokumenty Google offline) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-10]
CHR Extension: (Gmail) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\koryt_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-10]
CHR HKU\S-1-5-21-1560035657-911311260-1851593216-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KORYT_~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-09-11]
CHR HKU\S-1-5-21-1560035657-911311260-1851593216-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-05-18] (© pdfforge GmbH.)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-05] (Dritek System INC.)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2017-01-01] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757040 2017-04-06] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7585280 2015-10-30] (Broadcom Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-04-21] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-04-21] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
R1 MpKsl96a45cca; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5B6E341D-920E-45FF-8C25-6CC95CFD1F70}\MpKsl96a45cca.sys [44928 2017-04-13] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-05] (Dritek System Inc.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-10-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [138896 2016-10-18] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-12-01] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-12-01] (Zemana Ltd.)
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-13 15:43 - 2017-04-13 15:44 - 00021434 _____ C:\Users\koryt_000\Desktop\FRST.txt
2017-04-13 15:43 - 2017-04-13 15:43 - 02424832 _____ (Farbar) C:\Users\koryt_000\Desktop\FRST64 (1).exe
2017-04-13 15:42 - 2017-04-13 15:43 - 02424832 _____ (Farbar) C:\Users\koryt_000\Downloads\FRST64 (1).exe
2017-04-11 05:38 - 2017-04-11 05:38 - 00000000 ____D C:\Users\koryt_000\AppData\Local\NetworkTiles
2017-04-10 14:30 - 2017-04-10 14:30 - 00000000 ____D C:\Users\Romca\AppData\Local\NetworkTiles
2017-04-10 11:24 - 2017-04-10 11:24 - 00000000 ____D C:\Users\Romca\AppData\Local\ActiveSync
2017-04-10 10:43 - 2017-04-10 10:43 - 00000000 ____D C:\Users\koryt_000\AppData\Local\ActiveSync
2017-04-10 10:37 - 2017-04-10 10:07 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-04-10 10:07 - 2017-04-10 10:35 - 00000000 ____D C:\zoek_backup
2017-04-10 10:07 - 2017-04-10 10:07 - 01309184 _____ C:\Users\koryt_000\Downloads\zoek.exe
2017-04-10 10:07 - 2017-04-10 10:07 - 01309184 _____ C:\Users\koryt_000\Downloads\zoek (1).exe
2017-04-09 15:45 - 2017-04-09 15:45 - 00000080 _____ C:\Users\Romca\Desktop\frd - zástupce.lnk
2017-04-09 10:53 - 2017-04-09 10:55 - 00000080 _____ C:\Users\koryt_000\Desktop\frd - zástupce.lnk
2017-04-09 10:52 - 2017-04-09 10:52 - 00111381 _____ C:\MAL.txt
2017-04-09 10:20 - 2017-04-09 10:21 - 01663904 _____ (Malwarebytes) C:\Users\koryt_000\Downloads\JRT.exe
2017-04-08 18:17 - 2017-04-09 10:13 - 00000000 ____D C:\AdwCleaner
2017-04-08 18:15 - 2017-04-08 18:17 - 04089296 _____ C:\Users\koryt_000\Downloads\AdwCleaner.exe
2017-04-08 17:55 - 2017-04-08 17:57 - 00448512 _____ (OldTimer Tools) C:\Users\koryt_000\Downloads\TFC.exe
2017-04-08 17:52 - 2017-04-08 17:53 - 00050688 _____ (Atribune.org) C:\Users\koryt_000\Downloads\ATF-Cleaner (1).exe
2017-04-08 08:46 - 2017-04-08 08:46 - 00000028 _____ C:\WINDOWS\OutLog.txt
2017-04-05 21:59 - 2017-04-05 21:59 - 00000000 ___HD C:\OneDriveTemp
2017-03-30 14:15 - 2017-03-30 14:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\koryt_000\Downloads\hijackthis.exe
2017-03-26 17:05 - 2017-03-26 17:05 - 01857677 _____ C:\Users\koryt_000\Documents\Paprikáš 24.3.pdf
2017-03-26 15:35 - 2017-03-26 15:36 - 12372472 _____ C:\Users\koryt_000\Downloads\PDFsam_Basic_Installer.exe
2017-03-26 14:48 - 2017-03-26 14:48 - 00000000 ____D C:\Player Data
2017-03-24 15:29 - 2017-03-24 15:29 - 00001493 _____ C:\Users\koryt_000\AppData\Local\recently-used.xbel
2017-03-16 07:58 - 2017-03-16 07:59 - 00252160 _____ (Facebook) C:\Users\Romca\Downloads\FacebookGameroom.exe
2017-03-15 20:05 - 2017-03-16 16:59 - 00000000 ____D C:\Users\koryt_000\Documents\Heli
2017-03-15 19:29 - 2017-03-15 19:29 - 00007272 _____ C:\Users\koryt_000\Downloads\form.zip
2017-03-15 18:50 - 2017-03-16 16:38 - 00000000 ___SD C:\Users\koryt_000\Documents\Weby
2017-03-15 18:32 - 2017-03-15 18:41 - 157169526 _____ C:\Users\koryt_000\Downloads\MS-Frontpage-2003.rar
2017-03-15 18:28 - 2017-03-15 18:28 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-15 18:20 - 2017-03-15 18:43 - 00000000 ____D C:\Users\koryt_000\Desktop\Frontpage
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-13 15:44 - 2016-12-01 18:57 - 00490964 _____ C:\WINDOWS\ZAM.krnl.trace
2017-04-13 15:44 - 2016-12-01 18:57 - 00464001 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-04-13 15:43 - 2016-12-03 13:09 - 00000000 ____D C:\FRST
2017-04-13 15:42 - 2016-08-27 20:58 - 00000000 ____D C:\Users\koryt_000\AppData\Roaming\Skype
2017-04-13 15:37 - 2016-12-02 18:07 - 00000000 ____D C:\Users\koryt_000\Downloads\backups
2017-04-13 12:48 - 2017-02-26 20:40 - 00004196 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1B56FC91-F171-4238-81E4-AC7CBC601CA0}
2017-04-13 12:48 - 2016-03-06 17:57 - 00004204 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{40FB7EFB-4BFB-4E50-A366-AF4267F8087C}
2017-04-13 06:00 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-13 05:55 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-12 20:34 - 2016-10-01 08:26 - 00001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2017-04-12 20:34 - 2016-10-01 08:26 - 00001040 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2017-04-12 20:34 - 2016-03-06 17:48 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-04-12 11:42 - 2016-12-16 06:35 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-12 11:42 - 2016-12-16 06:35 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-10 10:47 - 2016-03-02 18:39 - 00000000 ____D C:\Users\koryt_000
2017-04-10 10:45 - 2016-03-02 18:52 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-10 10:45 - 2015-10-30 20:31 - 00751272 _____ C:\WINDOWS\system32\perfh005.dat
2017-04-10 10:45 - 2015-10-30 20:31 - 00150860 _____ C:\WINDOWS\system32\perfc005.dat
2017-04-10 10:45 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2017-04-10 10:42 - 2016-09-11 08:21 - 00000000 ___RD C:\Users\koryt_000\Disk Google
2017-04-10 10:42 - 2016-02-26 17:54 - 00000000 ___RD C:\Users\koryt_000\OneDrive
2017-04-10 10:38 - 2016-03-02 18:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-10 10:38 - 2015-10-30 08:28 - 01310720 ___SH C:\WINDOWS\system32\config\BBI
2017-04-10 10:34 - 2016-11-24 18:47 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2017-04-10 10:34 - 2016-11-24 18:47 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2017-04-10 09:41 - 2016-02-21 19:12 - 00002260 ____H C:\Users\koryt_000\Documents\Default.rdp
2017-04-09 15:46 - 2016-11-04 16:42 - 00001692 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk
2017-04-09 15:46 - 2016-10-28 19:01 - 00001238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-04-09 15:46 - 2016-07-31 16:15 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2015.lnk
2017-04-09 15:46 - 2016-07-24 16:18 - 00001290 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2017-04-09 15:46 - 2016-06-30 07:41 - 00000897 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-09 15:46 - 2016-06-04 13:53 - 00001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-04-09 15:46 - 2016-04-17 17:30 - 00002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-09 15:46 - 2016-03-02 18:45 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-04-09 15:46 - 2016-02-23 16:50 - 00000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-04-09 15:46 - 2012-09-05 21:40 - 00001737 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard bell User's Manual.lnk
2017-04-09 15:46 - 2012-09-05 21:40 - 00001723 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard bell Quick Guide.lnk
2017-04-09 15:45 - 2017-02-24 22:07 - 00002658 _____ C:\Users\Public\Desktop\Skype.lnk
2017-04-09 15:45 - 2017-02-03 23:25 - 00001157 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-04-09 15:45 - 2017-02-02 17:26 - 00000933 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2017-04-09 15:45 - 2017-01-24 17:23 - 00000897 _____ C:\Users\Public\Desktop\PDF Architect 4.lnk
2017-04-09 15:45 - 2016-11-24 19:04 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-04-09 15:45 - 2016-11-20 08:40 - 00000919 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-09 15:45 - 2016-11-04 16:42 - 00001402 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 6 FREE.lnk
2017-04-09 15:45 - 2016-10-31 17:10 - 00001161 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2017-04-09 15:45 - 2016-10-28 19:01 - 00001226 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-04-09 15:45 - 2016-10-09 05:10 - 00001473 _____ C:\Users\Public\Desktop\EaseUS Partition Master 11.8.lnk
2017-04-09 15:45 - 2016-07-24 16:18 - 00001278 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2017-04-09 15:45 - 2016-03-03 20:25 - 00001151 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-04-09 15:45 - 2016-03-02 19:11 - 00002437 _____ C:\Users\Romca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-09 15:45 - 2016-02-22 19:55 - 00000658 _____ C:\Users\Public\Desktop\Total Commander 64 bit.lnk
2017-04-09 13:53 - 2016-04-26 17:10 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-04-09 10:56 - 2016-03-09 19:58 - 00000972 _____ C:\Users\koryt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-04-09 10:56 - 2016-02-21 20:44 - 00002449 _____ C:\Users\koryt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-09 10:55 - 2017-01-24 16:28 - 00000832 _____ C:\Users\koryt_000\Desktop\Dokumenty.lnk
2017-04-09 10:55 - 2017-01-23 18:27 - 00001148 _____ C:\Users\koryt_000\Desktop\Format Factory.lnk
2017-04-09 10:55 - 2016-08-18 16:42 - 00000924 _____ C:\Users\koryt_000\Desktop\Start Tor Browser.lnk
2017-04-09 10:55 - 2016-08-03 17:58 - 00001594 _____ C:\Users\koryt_000\Desktop\Mozilla Firefox.lnk
2017-04-09 10:55 - 2016-07-30 13:02 - 00001601 _____ C:\Users\koryt_000\Desktop\Microsoft Edge.lnk
2017-04-09 10:55 - 2016-07-04 16:22 - 00001442 _____ C:\Users\koryt_000\Desktop\Tajemný park Poslední představení.lnk
2017-04-09 10:55 - 2016-06-04 09:11 - 00000960 _____ C:\Users\koryt_000\Desktop\XnView.lnk
2017-04-09 10:55 - 2016-06-01 17:59 - 00001285 _____ C:\Users\koryt_000\Desktop\9 stop 2 Uzavřené oddělení.lnk
2017-04-09 10:55 - 2016-04-17 16:34 - 00001286 _____ C:\Users\koryt_000\Desktop\AVS Video Editor.lnk
2017-04-09 10:55 - 2016-02-22 21:14 - 00002095 _____ C:\Users\koryt_000\Desktop\Helifood.lnk
2017-04-09 10:52 - 2016-11-04 16:42 - 00000000 ____D C:\ProgramData\Ashampoo
2017-04-09 10:52 - 2016-03-29 20:06 - 00000000 ____D C:\Program Files (x86)\FormatFactory
2017-04-09 10:27 - 2016-08-21 20:26 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-09 10:23 - 2016-04-26 19:03 - 00000000 ____D C:\Users\koryt_000\AppData\Local\CrashDumps
2017-04-09 10:20 - 2017-01-24 20:39 - 00009742 _____ C:\Users\koryt_000\rgmnr
2017-04-08 17:57 - 2016-12-11 13:39 - 00000000 ____D C:\Users\Romca\AppData\Local\CrashDumps
2017-04-08 17:54 - 2016-12-01 20:31 - 00000000 ____D C:\Users\Romca\AppData\Local\Adobe
2017-04-08 12:41 - 2016-03-29 20:07 - 00000000 ____D C:\FFOutput
2017-04-08 00:06 - 2016-02-19 10:30 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-05 10:52 - 2017-01-24 21:25 - 00011716 _____ C:\Users\Romca\rgmnr
2017-04-05 10:44 - 2016-03-02 18:39 - 00000000 ____D C:\Users\Romca
2017-04-05 10:27 - 2017-03-10 20:11 - 00000000 ____D C:\Users\Romca\Downloads\FRD
2017-04-03 13:55 - 2017-03-06 15:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-04-03 13:55 - 2017-02-24 22:07 - 00000000 ____D C:\ProgramData\Skype
2017-04-03 03:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-26 17:40 - 2016-03-03 20:25 - 00000000 ____D C:\Users\koryt_000\AppData\Roaming\vlc
2017-03-26 17:03 - 2017-03-06 18:57 - 00000000 ____D C:\Users\koryt_000\Desktop\Branntag
2017-03-26 06:54 - 2016-09-11 08:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-03-25 09:23 - 2016-02-23 16:52 - 00000000 ____D C:\Users\koryt_000\AppData\Local\gtk-2.0
2017-03-25 09:23 - 2016-02-23 16:50 - 00000000 ____D C:\Users\koryt_000\.gimp-2.8
2017-03-21 15:16 - 2016-03-02 16:34 - 00000000 ____D C:\Users\koryt_000\Downloads\FRD stažený
2017-03-15 18:48 - 2016-07-31 13:18 - 00000384 _____ C:\WINDOWS\ODBC.INI
2017-03-15 18:48 - 2016-02-22 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-03-15 18:47 - 2016-02-22 20:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-15 18:44 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\System
2017-03-15 18:28 - 2016-02-19 05:23 - 00309687 ____N C:\WINDOWS\Minidump\031517-23734-01.dmp
==================== Files in the root of some directories =======
2016-03-03 18:35 - 2016-03-03 18:35 - 0099384 _____ () C:\Users\koryt_000\AppData\Roaming\inst.exe
2016-03-03 18:35 - 2016-03-03 18:35 - 0007859 _____ () C:\Users\koryt_000\AppData\Roaming\pcouffin.cat
2016-03-03 18:35 - 2016-03-03 18:35 - 0001167 _____ () C:\Users\koryt_000\AppData\Roaming\pcouffin.inf
2016-03-03 18:35 - 2016-03-03 18:35 - 0000055 _____ () C:\Users\koryt_000\AppData\Roaming\pcouffin.log
2016-03-03 18:35 - 2016-03-03 18:35 - 0082816 _____ (VSO Software) C:\Users\koryt_000\AppData\Roaming\pcouffin.sys
2017-03-24 15:29 - 2017-03-24 15:29 - 0001493 _____ () C:\Users\koryt_000\AppData\Local\recently-used.xbel
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-04 23:28
==================== End of FRST.txt ============================
Jinak u druhého uživatele už vše běhá rychle a bez problémů.
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Vyskakující okna IE
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Pak napiš co problémy , možná bude ještě nutno smazat moduly od _MEI59082 v OTL.
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
Kód: Vybrat vše
Start
CloseProcesses:
Task: {CC9628F6-DA4C-4C8B-BA1A-0BA217BE426A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {F44C64AD-B1E5-4D6B-AF6E-CAC2998874D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
C:\Users\koryt_000\AppData\Local\Temp\_MEI59082
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1560035657-911311260-1851593216-1001 -> {0B0895E0-84C5-4347-B38E-4723121138BD} URL =
SearchScopes: HKU\S-1-5-21-1560035657-911311260-1851593216-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKU\S-1-5-21-1560035657-911311260-1851593216-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
C:\WINDOWS\system32\msstp.vbe
EmptyTemp:
End
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Pak napiš co problémy , možná bude ještě nutno smazat moduly od _MEI59082 v OTL.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Vyskakující okna IE
Fix result of Farbar Recovery Scan Tool (x64) Version: 16-04-2017
Ran by koryt_000 (16-04-2017 17:48:29) Run:3
Running from C:\Users\koryt_000\Desktop
Loaded Profiles: koryt_000 (Available Profiles: Romca & koryt_000)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
Task: {CC9628F6-DA4C-4C8B-BA1A-0BA217BE426A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {F44C64AD-B1E5-4D6B-AF6E-CAC2998874D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
C:\Users\koryt_000\AppData\Local\Temp\_MEI59082
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1560035657-911311260-1851593216-1001 -> {0B0895E0-84C5-4347-B38E-4723121138BD} URL =
SearchScopes: HKU\S-1-5-21-1560035657-911311260-1851593216-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKU\S-1-5-21-1560035657-911311260-1851593216-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
C:\WINDOWS\system32\msstp.vbe
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC9628F6-DA4C-4C8B-BA1A-0BA217BE426A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC9628F6-DA4C-4C8B-BA1A-0BA217BE426A} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F44C64AD-B1E5-4D6B-AF6E-CAC2998874D3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F44C64AD-B1E5-4D6B-AF6E-CAC2998874D3} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
"C:\Users\koryt_000\AppData\Local\Temp\_MEI59082" => not found.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1560035657-911311260-1851593216-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B0895E0-84C5-4347-B38E-4723121138BD} => key not found.
HKCR\CLSID\{0B0895E0-84C5-4347-B38E-4723121138BD} => key not found.
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key removed successfully
"C:\WINDOWS\system32\msstp.vbe" => not found.
=========== EmptyTemp: ==========
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25654145 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 182537 B
Edge => 269904653 B
Chrome => 264751358 B
Firefox => 5259799 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 7128 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 143292 B
Romca => 45707519 B
koryt_000 => 66981773 B
RecycleBin => 32465929 B
EmptyTemp: => 678.1 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 17:49:53 ====
Podle mě je již vše O.K.
Ran by koryt_000 (16-04-2017 17:48:29) Run:3
Running from C:\Users\koryt_000\Desktop
Loaded Profiles: koryt_000 (Available Profiles: Romca & koryt_000)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
Task: {CC9628F6-DA4C-4C8B-BA1A-0BA217BE426A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {F44C64AD-B1E5-4D6B-AF6E-CAC2998874D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
C:\Users\koryt_000\AppData\Local\Temp\_MEI59082
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1560035657-911311260-1851593216-1001 -> {0B0895E0-84C5-4347-B38E-4723121138BD} URL =
SearchScopes: HKU\S-1-5-21-1560035657-911311260-1851593216-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKU\S-1-5-21-1560035657-911311260-1851593216-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
C:\WINDOWS\system32\msstp.vbe
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC9628F6-DA4C-4C8B-BA1A-0BA217BE426A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC9628F6-DA4C-4C8B-BA1A-0BA217BE426A} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F44C64AD-B1E5-4D6B-AF6E-CAC2998874D3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F44C64AD-B1E5-4D6B-AF6E-CAC2998874D3} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
"C:\Users\koryt_000\AppData\Local\Temp\_MEI59082" => not found.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1560035657-911311260-1851593216-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B0895E0-84C5-4347-B38E-4723121138BD} => key not found.
HKCR\CLSID\{0B0895E0-84C5-4347-B38E-4723121138BD} => key not found.
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKU\S-1-5-21-1560035657-911311260-1851593216-1002\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key removed successfully
"C:\WINDOWS\system32\msstp.vbe" => not found.
=========== EmptyTemp: ==========
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25654145 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 182537 B
Edge => 269904653 B
Chrome => 264751358 B
Firefox => 5259799 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 7128 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 143292 B
Romca => 45707519 B
koryt_000 => 66981773 B
RecycleBin => 32465929 B
EmptyTemp: => 678.1 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 17:49:53 ====
Podle mě je již vše O.K.
Kdo je online
Uživatelé prohlížející si toto fórum: DotNetDotCom.org [Bot] a 59 hostů