Notebook je lehce zbržděný a na všech prohlížečích je nainstalovaný nějaký doplněk ve formě vyhledávače a nelze odinstalovat.
Díky
Logfile of random's system information tool 1.10 (written by random/random)
Run by Lenka at 2016-11-05 13:17:38
Microsoft Windows 8.1
System drive C: has 474 GB (68%) free of 697 GB
Total RAM: 3986 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:17:56, on 5. 11. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Uncheckit\uncheckitBsn.exe
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_205.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_205.exe
C:\Program Files\trend micro\Lenka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nuesearch.com/?type=hp&ts=14 ... X92EKP2ENT
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nuesearch.com/search/?type=d ... earchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nuesearch.com/search/?type=d ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nuesearch.com/?type=hp&ts=14 ... X92EKP2ENT
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nuesearch.com/?type=hp&ts=14 ... X92EKP2ENT
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nuesearch.com/search/?type=d ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nuesearch.com/search/?type=d ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nuesearch.com/?type=hp&ts=14 ... X92EKP2ENT
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - Startup: Dropbox.lnk = Lenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Users\Lenka\Desktop\Verdict Free\etnxp.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Users\Lenka\Desktop\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Users\Lenka\Desktop\Verdict Free\etnxp.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: cktSvc - EVANGEL TECHNOLOGY (HK) LIMITED - C:\Program Files (x86)\Uncheckit\cktSvc.exe
O23 - Service: Classic Shell Service (ClassicShellService) - IvoSoft - C:\Program Files\Classic Shell\ClassicShellService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DeskTop DispalyName (DeskTop_F) - DeskTopService - C:\ProgramData\desktopfind\desktop184.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: ed2k idle service (ed2kidle) - http://www.amule.org/ - C:\Program Files (x86)\amuleC\ed2k.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: ggbugreport - Unknown owner - C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem14.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: IhPul - Trend Corp. - C:\Users\Lenka\AppData\Roaming\setup1\TSvr.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: InterHop - Unknown owner - C:\Program Files (x86)\InterHop\InterHop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: YAC Service (iSafeService) - Elex do Brasil Participaçoes Ltda - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Unknown owner - C:\Users\Public\Desktop\Origin\OriginClientService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SSFK - Unknown owner - C:\Program Files (x86)\SFK\SSFK.exe
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: UncheckitSvc - evangel technology (hk) limited - C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: UvConverter - Unknown owner - C:\ProgramData\UvConverter\UvConverter.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Protect Service(vreXjvX_protect) (vreXjvX_protect) - Unknown owner - C:\ProgramData\vreXjvX\protect\protect.exe
O23 - Service: Update Service(vreXjvX_update) (vreXjvX_update) - Unknown owner - C:\Program Files (x86)\vreXjvX\vreXjvX\bin\vreXjvX_server.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: WFini WdMan Service (WdMan) - WFini LIMITED - C:\ProgramData\fwinpf\WFini.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: winsaber - Unknown owner - C:\Program Files (x86)\WinSaber\WinSaber.exe
O23 - Service: Winsere - Unknown owner - C:\Program Files (x86)\Winsere\Winsere\Winsere.exe
O23 - Service: WinZiper service (winzipersvc) - ExWzp Pvt Ltd. - C:\Program Files (x86)\WinZipper\winzipersvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 16013 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch
c:\windows\system32\svchost.exe -k rpcss
"dwm.exe"
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
"C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe"
"C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe"
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localservice
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
"C:\Program Files\Classic Shell\ClassicShellService.exe"
C:\WINDOWS\system32\Hpservice.exe
c:\windows\system32\svchost.exe -k networkservice
"C:\Program Files (x86)\WinZipper\winzipersvc.exe"
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
c:\windows\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\WINDOWS\SysWOW64\svchost.exe -k ArcherGroupEx
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Uncheckit\cktSvc.exe" {92E162D7-70FD-48F7-A779-91154F8FD518}
c:\windows\system32\svchost.exe -k utcsvc
dashost.exe {213a43f2-6f4c-46bc-8212886d756f53f0}
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
C:\Users\Lenka\AppData\Roaming\setup1\TSvr.exe
C:\WINDOWS\SysWOW64\svchost.exe -k iissvs
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\InterHop\InterHop.exe" {2C8E8C85-942B-451C-8243-97A089265577}
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\SFK\SSFK.exe" -s
c:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe"
"C:\ProgramData\UvConverter\UvConverter.exe" {2C8E8C85-942B-451C-8243-97A089265577}
C:\ProgramData\fwinpf\WFini.exe -svr
"C:\Program Files (x86)\WinSaber\WinSaber.exe"
C:\WINDOWS\SysWOW64\svchost.exe -k WinSAPSvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
C:\WINDOWS\System32\alg.exe
"C:\Program Files\Classic Shell\ClassicStartMenu.exe" -startup
taskhostex.exe
"C:\Program Files (x86)\Uncheckit\uncheckitBsn.exe" -start
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-39b6316f-e3f2-4398-a4ce-72ea0522b95e -SystemEventPortName:HostProcess-6e2a5a7d-e896-44df-8454-c2fffd14f486 -IoCancelEventPortName:HostProcess-5c9f2352-7924-459d-9176-37edce157eb0 -NonStateChangingEventPortName:HostProcess-068253d4-77c5-4d7f-94df-700b093ffcd3 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:842e01bc-a8ed-467c-80ec-1cd9ae7ba4cf -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
C:\Windows\System32\skydrive.exe -Embedding
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"
"C:\Program Files\Windows Defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 823B9C23-2A77-8201-5A78-86826B0E5D78 -Reinvoke
"C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\ProgramData\vreXjvX\protect\protect.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
explorer.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="3828.0.473374053\1914186946" "C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 3828 "\\.\pipe\gecko-crash-server-pipe.3828" plugin
"C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_23_0_0_205.exe" --proxy-stub-channel=Flash3264.6AD43148.27779 --host-broker-channel=Flash3264.6AD43148.7266 --host-pid=3264 --host-npapi-version=28 --plugin-path="C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_23_0_0_205.dll"
"C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_23_0_0_205.exe" --channel=3660.005FF764.1954708285 --proxy-stub-channel=Flash3264.6AD43148.27779 --plugin-path="C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_23_0_0_205.dll" --host-npapi-version=28 --type=renderer
"C:\Users\Lenka\Downloads\RSITx64(1).exe"
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 576 580 588 65536 584
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.nicesearches.com?type=hp&ts= ... 7q7c7b1q9c"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.205 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.205 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\extensions\
arthurj8283@gmail.com
C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\searchplugins\
nice.xml
nuesearch.xml
so-v.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office15\URLREDIR.DLL [2012-10-01 877720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [2012-10-01 2322576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-28 2916152]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-07-21 1425408]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2015-06-01 183216]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2015-06-01 411056]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2015-06-01 453552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-11-21 7063832]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-08-17 29547136]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2016-03-01 4290240]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BtTray"=C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2012-08-02 363520]
"RemoteControl10"=C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-28 91432]
"HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2012-07-31 580512]
"HP CoolSense"=C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2011-08-26 1342008]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-10-15 157480]
C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Lenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2015-06-01 451584]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"PromptOnSecureDesktop"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-11-05 12:06:09 ----A---- C:\temp.dat
2016-11-03 20:36:12 ----D---- C:\Program Files (x86)\8rx0tgdf
2016-11-03 18:36:21 ----D---- C:\Program Files (x86)\wtswgi3x
2016-11-03 17:41:18 ----D---- C:\Program Files (x86)\i7azd2gu
2016-11-02 20:36:09 ----D---- C:\Program Files (x86)\bqa0gfdr
2016-11-02 18:42:43 ----D---- C:\Program Files (x86)\71vr3fz9
2016-11-01 21:36:34 ----D---- C:\ProgramData\UvConverter
2016-11-01 21:35:35 ----D---- C:\Program Files (x86)\Goldleaf
2016-11-01 21:35:21 ----D---- C:\ProgramData\QQBrowser
2016-11-01 21:35:21 ----D---- C:\ProgramData\fibei
2016-11-01 20:37:52 ----D---- C:\Program Files (x86)\a92rfjl5
2016-11-01 18:36:08 ----D---- C:\Program Files (x86)\qg2s153s
2016-11-01 17:35:02 ----D---- C:\Program Files (x86)\b6wcfupd
2016-10-31 18:47:32 ----D---- C:\Program Files (x86)\InterHop
2016-10-26 20:45:02 ----D---- C:\Program Files (x86)\WinArcher
2016-10-26 20:42:58 ----D---- C:\Program Files (x86)\2t4xl9qk
2016-10-25 15:36:08 ----D---- C:\Program Files (x86)\4ocgsmog
2016-10-25 15:33:46 ----D---- C:\ProgramData\WinSAPSvc
2016-10-25 15:31:41 ----D---- C:\Program Files (x86)\vv8fphgr
2016-10-21 21:28:43 ----D---- C:\ProgramData\icfib
2016-10-21 21:28:35 ----D---- C:\ProgramData\BaofengUpdate_U
2016-10-21 21:27:13 ----D---- C:\ProgramData\chuvc
2016-10-20 18:35:52 ----D---- C:\Program Files (x86)\Jarhair
2016-10-20 18:34:55 ----D---- C:\Users\Lenka\AppData\Roaming\aMule
2016-10-20 18:34:53 ----D---- C:\Program Files (x86)\amuleC
2016-10-19 18:41:20 ----D---- C:\Program Files (x86)\us4pd7vz
2016-10-09 11:44:44 ----D---- C:\ProgramData\Tencent
2016-10-09 11:43:56 ----D---- C:\Program Files (x86)\Gunone
2016-10-09 11:41:17 ----D---- C:\Program Files (x86)\UvConverter
2016-10-09 11:40:00 ----D---- C:\Program Files (x86)\kgdy5k8z
======List of files/folders modified in the last 1 month======
2016-11-05 13:17:40 ----D---- C:\WINDOWS\system32\drivers\etc
2016-11-05 13:17:40 ----D---- C:\Program Files\trend micro
2016-11-05 13:11:51 ----D---- C:\WINDOWS\Temp
2016-11-05 13:11:43 ----D---- C:\Program Files (x86)\Google
2016-11-05 13:11:34 ----D---- C:\WINDOWS\system32\Tasks
2016-11-05 13:11:33 ----D---- C:\WINDOWS\Tasks
2016-11-05 13:11:32 ----SHD---- C:\WINDOWS\Installer
2016-11-05 13:11:32 ----SHD---- C:\Config.Msi
2016-11-05 13:11:12 ----D---- C:\Program Files (x86)\vreXjvX
2016-11-05 13:10:36 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2016-11-05 13:08:30 ----D---- C:\Program Files (x86)\WinZipper
2016-11-05 13:08:14 ----D---- C:\WINDOWS\SysWOW64
2016-11-05 13:08:07 ----D---- C:\Program Files (x86)\SFK
2016-11-05 13:05:35 ----A---- C:\WINDOWS\SYSWOW64\bscs.ini
2016-11-05 13:05:19 ----D---- C:\Windows
2016-11-05 13:05:05 ----D---- C:\WINDOWS\debug
2016-11-05 13:04:10 ----D---- C:\WINDOWS\SYSWOW64\config
2016-11-05 13:04:10 ----D---- C:\WINDOWS\system32\config
2016-11-05 13:01:34 ----D---- C:\WINDOWS\system32\sru
2016-11-05 12:30:27 ----D---- C:\Users\Lenka\AppData\Roaming\Wise Disk Cleaner
2016-11-05 12:19:23 ----D---- C:\WINDOWS\system32\catroot2
2016-11-05 12:19:12 ----SHD---- C:\System Volume Information
2016-11-05 12:17:55 ----D---- C:\Users\Lenka\AppData\Roaming\Seznam.cz
2016-11-05 12:17:49 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-11-05 12:17:36 ----D---- C:\Program Files (x86)\Nvu
2016-11-05 12:15:00 ----D---- C:\WINDOWS\SoftwareDistribution
2016-11-05 12:13:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2016-11-05 12:13:22 ----D---- C:\WINDOWS\Inf
2016-11-05 12:13:00 ----D---- C:\WINDOWS\Minidump
2016-11-05 12:08:32 ----RD---- C:\WINDOWS\System32
2016-11-05 12:08:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-05 12:02:15 ----D---- C:\Program Files (x86)\SearchesToYesbnd
2016-11-05 12:02:14 ----D---- C:\ProgramData\ChelfNotify
2016-11-03 20:36:12 ----RD---- C:\Program Files (x86)
2016-11-02 21:26:24 ----D---- C:\WINDOWS\Microsoft.NET
2016-11-01 21:36:34 ----HD---- C:\ProgramData
2016-10-30 11:04:04 ----RD---- C:\Program Files (x86)\Skype
2016-10-26 20:42:08 ----D---- C:\WINDOWS\system32\Macromed
2016-10-26 20:41:48 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2016-10-19 21:25:35 ----A---- C:\Program Files (x86)\SSFK.exe
2016-10-19 18:42:39 ----D---- C:\WINDOWS\system32\drivers
2016-10-09 11:40:48 ----SD---- C:\ProgramData\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 hpdskflt;@oem14.inf,%service_desc%;HP Filter; C:\WINDOWS\system32\DRIVERS\hpdskflt.sys [2012-08-10 29600]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2012-07-31 645952]
R1 iSafeKrnl;YAC Mini-Filter Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [2016-05-23 262344]
R1 iSafeKrnlKit;YAC Kit Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [2016-05-23 110112]
R1 iSafeKrnlMon;YAC Monitor Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [2016-05-23 52440]
R1 iSafeKrnlR3;YAC Ring3 Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [2016-05-23 103904]
R1 iSafeNetFilter;YAC NDIS Driver; C:\WINDOWS\system32\DRIVERS\iSafeNetFilter.sys [2016-05-19 52392]
R3 Accelerometer;@oem14.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2012-08-10 42400]
R3 athr;@athw8x.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\system32\DRIVERS\athw8x.sys [2013-06-18 3680256]
R3 BtAudioBusSrv;@oem9.inf,%SvcDesc%;IVT Bluetooth Audio Bus Service; C:\WINDOWS\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 dtlitescsibus;@oem37.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2016-03-31 30264]
R3 dtliteusbbus;@oem38.inf,%DTLITEUSBBUS.DeviceDesc%;DAEMON Tools Lite Virtual USB Bus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2016-03-31 47672]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2015-06-01 5384176]
R3 IntcDAud;@oem19.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 MEIx64;@oem22.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2012-07-03 62784]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [2012-07-21 540160]
R3 SynTP;@oem20.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2012-08-28 448312]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2014-06-21 212736]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2014-10-29 53248]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\WINDOWS\System32\Drivers\BtL2caScoIf.sys [2012-07-19 56904]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2014-09-24 226304]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\WINDOWS\System32\drivers\bthpan.sys [2015-07-10 118272]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2015-05-11 1201664]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\WINDOWS\System32\Drivers\IvtUrbBtFlt.sys [2012-08-08 48736]
S3 dg_ssudbus;@oem16.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 hitmanpro37;HitmanPro 3.7 Support Driver; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [2015-08-09 43664]
S3 iSafeKrnlBoot;YAC Boot Driver; C:\WINDOWS\system32\DRIVERS\iSafeKrnlBoot.sys [2016-05-23 55056]
S3 Netaapl;@oem27.inf,%Netaapl.Service.DispName%;Apple Mobile Device Ethernet Service; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [2014-08-15 23040]
S3 netr28x;@oem1.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\WINDOWS\system32\DRIVERS\netr28x.sys []
S3 netwlv64;@netwlv64.inf, %NIC_Service_DispName_VISTA64%; Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista; C:\WINDOWS\system32\DRIVERS\netwlv64.sys [2013-06-18 7530496]
S3 NETwNs64;@netwns64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Ovladaè adaptéru øady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit; C:\WINDOWS\system32\DRIVERS\NETwNs64.sys [2013-06-18 8604672]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2015-01-30 167424]
S3 RSP2STOR;@oem23.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [2012-07-03 269968]
S3 rtbth;@oem21.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\WINDOWS\System32\drivers\rtbth.sys [2013-12-02 1204424]
S3 ssudmdm;@oem31.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 USBAAPL64;@oem26.inf,%USBAAPL64.SvcDesc%;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl64.sys [2014-08-15 54784]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2014-10-29 44544]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2014-10-29 38792]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-10-07 60744]
R2 Archer;Archer; C:\WINDOWS\SysWOW64\svchost.exe [2014-10-29 33088]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-08-02 1544192]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 cktSvc;cktSvc; C:\Program Files (x86)\Uncheckit\cktSvc.exe [2016-07-05 274176]
R2 ClassicShellService;Classic Shell Service; C:\Program Files\Classic Shell\ClassicShellService.exe [2013-06-29 68608]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
R2 ed2kidle;ed2k idle service; C:\Program Files (x86)\amuleC\ed2k.exe [2016-10-08 237568]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-08-10 85504]
R2 hpsrv;@oem14.inf,%hpservice_desc%;HP Service; C:\WINDOWS\system32\Hpservice.exe [2012-08-10 29600]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-07-31 35232]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-07-14 2451456]
R2 IhPul;IhPul; C:\Users\Lenka\AppData\Roaming\setup1\TSvr.exe [2016-08-25 210640]
R2 IlS;Windows Internet Service; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-07-18 128896]
R2 InterHop;InterHop; C:\Program Files (x86)\InterHop\InterHop.exe [2016-10-31 486912]
R2 iSafeService;YAC Service; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [2016-05-23 118048]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-18 165760]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-18 276864]
R2 SSFK;SSFK; C:\Program Files (x86)\SFK\SSFK.exe [2016-08-25 162016]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2012-07-21 321536]
R2 UncheckitSvc;UncheckitSvc; C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe [2016-07-05 247552]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-18 364416]
R2 UvConverter;UvConverter; C:\ProgramData\UvConverter\UvConverter.exe [2016-11-01 420864]
R2 vreXjvX_protect;Protect Service(vreXjvX_protect); C:\ProgramData\vreXjvX\protect\protect.exe [2016-04-27 303000]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-07-10 138752]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2016-03-01 1444544]
S2 da05e809;OptimizerPro Monitoring; C:\WINDOWS\syswow64\rundll32.exe [2014-10-29 51200]
S2 DeskTop_F;DeskTop DispalyName; C:\ProgramData\desktopfind\desktop184.exe [2016-03-16 236728]
S2 ggbugreport;ggbugreport; C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe [2016-03-29 1609280]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-07-25 324224]
S2 vreXjvX_update;Update Service(vreXjvX_update); C:\Program Files (x86)\vreXjvX\vreXjvX\bin\vreXjvX_server.exe [2016-04-27 472984]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26 270016]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-16 50864]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2015-06-01 290224]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-08-10 1001376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-10-15 643880]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-11-26 147624]
S3 Origin Client Service;Origin Client Service; C:\Users\Public\Desktop\Origin\OriginClientService.exe []
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 150600]
S4 BthAvrcpTg;@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID; C:\WINDOWS\System32\drivers\BthAvrcpTg.sys [2013-08-22 36992]
S4 bthhfhid;@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID; C:\WINDOWS\System32\drivers\BthHFHid.sys [2013-08-22 30720]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu
Krasny den Vam preju 
V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).
Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.). Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan (Skenovani), pote na Cleaning (Cisteni)
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o kontrolu
Nešlo mi smazat adresáře, vždycky se to při čištění zaseklo...
# AdwCleaner v6.030 - Log soubor vytvořen 05/11/2016 na 16:55:16
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-11-05.1 [Server]
# Operační systém : Windows 8.1 (X64)
# Uživatelské jméno : Lenka - MAZLIK
# Beží od : C:\Users\Lenka\Desktop\adwcleaner_6.030.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Adresáře ] *****
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Local\vreXjvX
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Local\vrexjvx
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\eCyber
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\Elex-tech
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\WinZiper
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\Uncheckit
[!] Složka nejde smazat:C:\ProgramData\QQBrowser
[!] Složka nejde smazat:C:\ProgramData\desktopfind
[!] Složka nejde smazat:C:\ProgramData\vreXjvX
[!] Složka nejde smazat:C:\ProgramData\Uncheckit
[!] Složka nejde smazat:C:\ProgramData\Tencent
[!] Složka nejde smazat:C:\ProgramData\ChelfNotify
[!] Složka nejde smazat:C:\ProgramData\uckt
[!] Složka nejde smazat:C:\ProgramData\vrexjvx
[!] Složka nejde smazat:C:\ProgramData\WinSAPSvc
[!] Složka nejde smazat:C:\ProgramData\UvConverter
[!] Složka nejde smazat:C:\ProgramData\chuvc
[!] Složka nejde smazat:C:\ProgramData\BaofengUpdate_U
[!] Složka nejde smazat:C:\ProgramData\Application Data\QQBrowser
[!] Složka nejde smazat:C:\ProgramData\Application Data\desktopfind
[!] Složka nejde smazat:C:\ProgramData\Application Data\vreXjvX
[!] Složka nejde smazat:C:\ProgramData\Application Data\Uncheckit
[!] Složka nejde smazat:C:\ProgramData\Application Data\Tencent
[!] Složka nejde smazat:C:\ProgramData\Application Data\ChelfNotify
[!] Složka nejde smazat:C:\ProgramData\Application Data\uckt
[!] Složka nejde smazat:C:\ProgramData\Application Data\vrexjvx
[!] Složka nejde smazat:C:\ProgramData\Application Data\WinSAPSvc
[!] Složka nejde smazat:C:\ProgramData\Application Data\UvConverter
[!] Složka nejde smazat:C:\ProgramData\Application Data\chuvc
[!] Složka nejde smazat:C:\ProgramData\Application Data\BaofengUpdate_U
[!] Složka nejde smazat:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uncheckit
[!] Složka nejde smazat:C:\Users\Public\Documents\vreXjvX
[!] Složka nejde smazat:C:\Users\Public\Documents\vrexjvx
[!] Složka nejde smazat:C:\Program Files (x86)\Elex-tech
[!] Složka nejde smazat:C:\Program Files (x86)\SFK
[!] Složka nejde smazat:C:\Program Files (x86)\WinZipper
[!] Složka nejde smazat:C:\Program Files (x86)\SearchesToYesbnd
[!] Složka nejde smazat:C:\Program Files (x86)\TData
[!] Složka nejde smazat:C:\Program Files (x86)\Winsere
[!] Složka nejde smazat:C:\Program Files (x86)\WinTaske
[!] Složka nejde smazat:C:\Program Files (x86)\QQBrowser
[!] Složka nejde smazat:C:\Program Files (x86)\vreXjvX
[!] Složka nejde smazat:C:\Program Files (x86)\Uncheckit
[!] Složka nejde smazat:C:\Program Files (x86)\TXQQBrowser
[!] Složka nejde smazat:C:\Program Files (x86)\WinSaber
[!] Složka nejde smazat:C:\Program Files (x86)\winsaber
[!] Složka nejde smazat:C:\Program Files (x86)\vrexjvx
[!] Složka nejde smazat:C:\Program Files (x86)\_SSpm
[-] Adresář smazán:C:\Program Files (x86)\InterHop
[!] Složka nejde smazat:C:\Program Files (x86)\WinArcher
[!] Složka nejde smazat:C:\Program Files (x86)\UvConverter
[!] Složka nejde smazat:C:\WINDOWS\SysWOW64\_SSpm
[!] Složka nejde smazat:C:\WINDOWS\SysWOW64\_tWm
[!] Složka nejde smazat:C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Uncheckit
[!] Složka nejde smazat:C:\Users\Public\Documents\dmp
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\extensions\arthurj8283@gmail.com
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\extensions\arthurj8283@gmail.com
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\extensions\arthurj8283@gmail.com
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\extensions\arthurj8283@gmail.com
***** [ Soubory ] *****
[-] Soubor smazán:C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
[-] Soubor smazán:C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys
[-] Soubor smazán:C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys
[-] Soubor smazán:C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\searchplugins\nuesearch.xml
[-] Soubor smazán:C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\searchplugins\so-v.xml
[-] Soubor smazán:C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\searchplugins\nice.xml
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_emocnirovnice.ales-kalina.cz_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_emocnirovnice.ales-kalina.cz_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_denicek.php5.cz_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_denicek.php5.cz_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_nutella.akcniceny.cz_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_nutella.akcniceny.cz_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_sjidelnicek.cz_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_sjidelnicek.cz_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.metrolyrics.com_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.slunecnice.cz_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.slunecnice.cz_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.ucebnice.com_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.ucebnice.com_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.zpovednice.cz_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.zpovednice.cz_0.localstorage-journal
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupce ] *****
[-] Zástupce dezinfikován:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verdict Free\Internetový překladač.lnk
[-] Zástupce dezinfikován:C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce dezinfikován:C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce dezinfikován:C:\Users\Lenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce dezinfikován:C:\Users\Lenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
[-] Zástupce dezinfikován:C:\Users\Lenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f55d1999d2b0bb22\Manažer - Chrome.lnk
[-] Zástupce dezinfikován:C:\Users\Lenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk
[-] Zástupce dezinfikován:C:\Users\Lenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Manažer - Chrome.lnk
***** [ Plánovač úloh ] *****
***** [ Registry ] *****
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.001
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.z
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Applications\iLividSetup-r1235-n-bc (1).exe
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Applications\iLividSetup-r1235-n-bc.exe
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Applications\iLividSetup-r1467-n-bc (2).exe
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Applications\iLividSetup-r1467-n-bc (4).exe
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Applications\iLividSetup-r1467-n-bc.exe
[-] Klíč smazán:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[#] Klíč smazán po restartování:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] Klíč smazán:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdMan
[#] Klíč smazán po restartování:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdMan
[-] Klíč smazán:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[#] Klíč smazán po restartování:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[-] Klíč smazán:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Classes\vreXjvXHTM
[#] Klíč smazán po restartování:HKCU\Software\Classes\vreXjvXHTM
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\vreXjvXHTM
[-] Klíč smazán:HKU\.DEFAULT\Software\Elex-tech
[-] Klíč smazán:HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč smazán:HKU\.DEFAULT\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Klíč smazán:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Conduit
[-] Klíč smazán:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\vreXjvX
[-] Klíč smazán:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Uncheckit
[-] Klíč smazán:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Crossrider
[-] Klíč smazán:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[-] Klíč smazán:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Internet Speed Checker
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\Elex-tech
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[#] Klíč smazán po restartování:HKCU\Software\Conduit
[#] Klíč smazán po restartování:HKCU\Software\vreXjvX
[#] Klíč smazán po restartování:HKCU\Software\Uncheckit
[-] Klíč smazán:HKLM\SOFTWARE\Elex-tech
[-] Klíč smazán:HKLM\SOFTWARE\hdcode
[-] Klíč smazán:HKLM\SOFTWARE\TSv
[-] Klíč smazán:HKLM\SOFTWARE\yessearchesSoftware
[-] Klíč smazán:HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč smazán:HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Klíč smazán:HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
[-] Klíč smazán:HKLM\SOFTWARE\vreXjvX
[-] Klíč smazán:HKLM\SOFTWARE\Uncheckit
[-] Klíč smazán:HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Klíč smazán:HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán:HKLM\SOFTWARE\WinZiper
[-] Klíč smazán:HKLM\SOFTWARE\WinSaberSvc
[-] Klíč smazán:HKLM\SOFTWARE\InterHop
[-] Klíč smazán:HKLM\SOFTWARE\WinArcher
[-] Klíč smazán:HKLM\SOFTWARE\amule-custom
[-] Klíč smazán:HKLM\SOFTWARE\UvConverter
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uncheckit
[-] Klíč smazán:HKLM\SOFTWARE\CLIENTS\Corner Sunshine
[#] Klíč smazán po restartování:[x64] HKCU\Software\Conduit
[#] Klíč smazán po restartování:[x64] HKCU\Software\vreXjvX
[#] Klíč smazán po restartování:[x64] HKCU\Software\Uncheckit
[-] Klíč smazán:[x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč smazán:[x64] HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\CLIENTS\Corner Sunshine
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Installer\Features\F4D5720ABAFF24A489478B171B4CACD3
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Installer\Products\F4D5720ABAFF24A489478B171B4CACD3
[-] Klíč smazán:[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4D5720ABAFF24A489478B171B4CACD3
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4D5720ABAFF24A489478B171B4CACD3
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\Installer\Features\F4D5720ABAFF24A489478B171B4CACD3
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\Installer\Products\F4D5720ABAFF24A489478B171B4CACD3
[-] Data obnovena:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena:HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena:HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena:HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena:HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena:HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena:HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena:HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena:HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena:[x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena:[x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena:[x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena:[x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena:[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena:[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena:[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena:[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Klíč smazán:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mylucky123.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nuesearch.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\watch4.de
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.mylucky123.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.nuesearch.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.watch4.de
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mylucky123.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nuesearch.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\watch4.de
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.mylucky123.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.nuesearch.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.watch4.de
[-] Hodnota smazána:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [iLivid]
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Klíč smazán:HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Klíč smazán:HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klíč smazán:HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Hodnota smazána:HKLM\SOFTWARE\CLASSES\.XHTML\OPENWITHPROGIDS [CRSBRWSHTML]
[-] Klíč smazán:HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
[#] Klíč smazán po restartování:HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[#] Klíč smazán po restartování:HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Hodnota smazána:HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
[#] Hodnota smazána po restartování:HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
[#] Hodnota smazána po restartování:HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
[#] Hodnota smazána po restartování:HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
***** [ Prohlížeče ] *****
[-] Firefox nastavení vyčištěno:"browser.newtab.url" - "hxxp://www.nicesearches.com?type=hp&ts=1462263 ... 7q7c7b1q9c"
[-] Firefox nastavení vyčištěno:"browser.search.defaultenginename" - "nice"
[-] Firefox nastavení vyčištěno:"browser.search.order.1" - "nice"
[-] Firefox nastavení vyčištěno:"browser.search.searchengine.iconURL" - "hxxp://www.nicesearches.com/favicon.ico?t=1"
[-] Firefox nastavení vyčištěno:"browser.search.searchengine.name" - "nice"
[-] Firefox nastavení vyčištěno:"browser.search.searchengine.url" - "hxxp://www.nicesearches.com/search.php?type=ds ... earchTerms}"
[-] Firefox nastavení vyčištěno:"browser.search.selectedEngine" - "nice"
[-] Firefox nastavení vyčištěno:"browser.startup.homepage" - "hxxp://www.nicesearches.com?type=hp&ts=1462263 ... 7q7c7b1q9c"
[-] Firefox nastavení vyčištěno:"browser.search.defaultenginename" - "nice"
[-] Firefox nastavení vyčištěno:"browser.search.order.1" - "nice"
[-] Firefox nastavení vyčištěno:"browser.search.searchengine.iconURL" - "hxxp://www.nicesearches.com/favicon.ico?t=1"
[-] Firefox nastavení vyčištěno:"browser.search.searchengine.name" - "nice"
[-] Firefox nastavení vyčištěno:"browser.search.searchengine.url" - "hxxp://www.nicesearches.com/search.php?type=ds ... earchTerms}"
[-] Firefox nastavení vyčištěno:"browser.search.selectedEngine" - "nice"
[-] [C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Smazání:dts.search.ask.com
[-] [C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Smazání:ask.com
[-] [C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1] [startup_urls] Smazání:hxxp://www.nicesearches.com?type=hp&ts=1477326 ... eoeq8e8c3t
[-] [C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] Smazání:aaaaabcbmongicmdegkmmfgdickgnnob
[-] [C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1] [homepage] Smazání:hxxp://www.nicesearches.com?type=hp&ts=1477326 ... eoeq8e8c3t
*************************
:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C2].txt - [25640 Bajtů] - [05/11/2016 16:55:16]
C:\AdwCleaner\AdwCleaner[C3].txt - [2274 Bajtů] - [15/11/2015 15:28:13]
C:\AdwCleaner\AdwCleaner[R0].txt - [7869 Bajtů] - [05/02/2015 22:34:52]
C:\AdwCleaner\AdwCleaner[R1].txt - [18410 Bajtů] - [12/05/2015 18:53:39]
C:\AdwCleaner\AdwCleaner[R2].txt - [18351 Bajtů] - [13/05/2015 10:12:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [6889 Bajtů] - [05/02/2015 22:40:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [15000 Bajtů] - [13/05/2015 10:18:59]
C:\AdwCleaner\AdwCleaner[S3].txt - [30402 Bajtů] - [05/11/2016 16:01:17]
C:\AdwCleaner\AdwCleaner[S4].txt - [2062 Bajtů] - [15/11/2015 15:26:17]
C:\AdwCleaner\AdwCleaner[S5].txt - [29573 Bajtů] - [05/11/2016 16:10:21]
C:\AdwCleaner\AdwCleaner[S6].txt - [29529 Bajtů] - [05/11/2016 16:28:59]
C:\AdwCleaner\AdwCleaner[S7].txt - [29534 Bajtů] - [05/11/2016 16:42:47]
C:\AdwCleaner\AdwCleaner[S8].txt - [29600 Bajtů] - [05/11/2016 16:52:51]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [26611 Bajtů] ##########
# AdwCleaner v6.030 - Log soubor vytvořen 05/11/2016 na 16:55:16
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-11-05.1 [Server]
# Operační systém : Windows 8.1 (X64)
# Uživatelské jméno : Lenka - MAZLIK
# Beží od : C:\Users\Lenka\Desktop\adwcleaner_6.030.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Adresáře ] *****
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Local\vreXjvX
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Local\vrexjvx
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\eCyber
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\Elex-tech
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\WinZiper
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\Uncheckit
[!] Složka nejde smazat:C:\ProgramData\QQBrowser
[!] Složka nejde smazat:C:\ProgramData\desktopfind
[!] Složka nejde smazat:C:\ProgramData\vreXjvX
[!] Složka nejde smazat:C:\ProgramData\Uncheckit
[!] Složka nejde smazat:C:\ProgramData\Tencent
[!] Složka nejde smazat:C:\ProgramData\ChelfNotify
[!] Složka nejde smazat:C:\ProgramData\uckt
[!] Složka nejde smazat:C:\ProgramData\vrexjvx
[!] Složka nejde smazat:C:\ProgramData\WinSAPSvc
[!] Složka nejde smazat:C:\ProgramData\UvConverter
[!] Složka nejde smazat:C:\ProgramData\chuvc
[!] Složka nejde smazat:C:\ProgramData\BaofengUpdate_U
[!] Složka nejde smazat:C:\ProgramData\Application Data\QQBrowser
[!] Složka nejde smazat:C:\ProgramData\Application Data\desktopfind
[!] Složka nejde smazat:C:\ProgramData\Application Data\vreXjvX
[!] Složka nejde smazat:C:\ProgramData\Application Data\Uncheckit
[!] Složka nejde smazat:C:\ProgramData\Application Data\Tencent
[!] Složka nejde smazat:C:\ProgramData\Application Data\ChelfNotify
[!] Složka nejde smazat:C:\ProgramData\Application Data\uckt
[!] Složka nejde smazat:C:\ProgramData\Application Data\vrexjvx
[!] Složka nejde smazat:C:\ProgramData\Application Data\WinSAPSvc
[!] Složka nejde smazat:C:\ProgramData\Application Data\UvConverter
[!] Složka nejde smazat:C:\ProgramData\Application Data\chuvc
[!] Složka nejde smazat:C:\ProgramData\Application Data\BaofengUpdate_U
[!] Složka nejde smazat:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uncheckit
[!] Složka nejde smazat:C:\Users\Public\Documents\vreXjvX
[!] Složka nejde smazat:C:\Users\Public\Documents\vrexjvx
[!] Složka nejde smazat:C:\Program Files (x86)\Elex-tech
[!] Složka nejde smazat:C:\Program Files (x86)\SFK
[!] Složka nejde smazat:C:\Program Files (x86)\WinZipper
[!] Složka nejde smazat:C:\Program Files (x86)\SearchesToYesbnd
[!] Složka nejde smazat:C:\Program Files (x86)\TData
[!] Složka nejde smazat:C:\Program Files (x86)\Winsere
[!] Složka nejde smazat:C:\Program Files (x86)\WinTaske
[!] Složka nejde smazat:C:\Program Files (x86)\QQBrowser
[!] Složka nejde smazat:C:\Program Files (x86)\vreXjvX
[!] Složka nejde smazat:C:\Program Files (x86)\Uncheckit
[!] Složka nejde smazat:C:\Program Files (x86)\TXQQBrowser
[!] Složka nejde smazat:C:\Program Files (x86)\WinSaber
[!] Složka nejde smazat:C:\Program Files (x86)\winsaber
[!] Složka nejde smazat:C:\Program Files (x86)\vrexjvx
[!] Složka nejde smazat:C:\Program Files (x86)\_SSpm
[-] Adresář smazán:C:\Program Files (x86)\InterHop
[!] Složka nejde smazat:C:\Program Files (x86)\WinArcher
[!] Složka nejde smazat:C:\Program Files (x86)\UvConverter
[!] Složka nejde smazat:C:\WINDOWS\SysWOW64\_SSpm
[!] Složka nejde smazat:C:\WINDOWS\SysWOW64\_tWm
[!] Složka nejde smazat:C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Uncheckit
[!] Složka nejde smazat:C:\Users\Public\Documents\dmp
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\extensions\arthurj8283@gmail.com
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\extensions\arthurj8283@gmail.com
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\extensions\arthurj8283@gmail.com
[!] Složka nejde smazat:C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\extensions\arthurj8283@gmail.com
***** [ Soubory ] *****
[-] Soubor smazán:C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
[-] Soubor smazán:C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys
[-] Soubor smazán:C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys
[-] Soubor smazán:C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\searchplugins\nuesearch.xml
[-] Soubor smazán:C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\searchplugins\so-v.xml
[-] Soubor smazán:C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\searchplugins\nice.xml
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_emocnirovnice.ales-kalina.cz_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_emocnirovnice.ales-kalina.cz_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_denicek.php5.cz_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_denicek.php5.cz_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_nutella.akcniceny.cz_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_nutella.akcniceny.cz_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_sjidelnicek.cz_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_sjidelnicek.cz_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.metrolyrics.com_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.slunecnice.cz_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.slunecnice.cz_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.ucebnice.com_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.ucebnice.com_0.localstorage-journal
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.zpovednice.cz_0.localstorage
[-] Soubor smazán:C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.zpovednice.cz_0.localstorage-journal
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupce ] *****
[-] Zástupce dezinfikován:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verdict Free\Internetový překladač.lnk
[-] Zástupce dezinfikován:C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce dezinfikován:C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce dezinfikován:C:\Users\Lenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce dezinfikován:C:\Users\Lenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
[-] Zástupce dezinfikován:C:\Users\Lenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f55d1999d2b0bb22\Manažer - Chrome.lnk
[-] Zástupce dezinfikován:C:\Users\Lenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk
[-] Zástupce dezinfikován:C:\Users\Lenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Manažer - Chrome.lnk
***** [ Plánovač úloh ] *****
***** [ Registry ] *****
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.001
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.z
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Applications\iLividSetup-r1235-n-bc (1).exe
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Applications\iLividSetup-r1235-n-bc.exe
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Applications\iLividSetup-r1467-n-bc (2).exe
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Applications\iLividSetup-r1467-n-bc (4).exe
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Applications\iLividSetup-r1467-n-bc.exe
[-] Klíč smazán:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[#] Klíč smazán po restartování:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] Klíč smazán:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdMan
[#] Klíč smazán po restartování:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdMan
[-] Klíč smazán:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[#] Klíč smazán po restartování:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[-] Klíč smazán:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Classes\vreXjvXHTM
[#] Klíč smazán po restartování:HKCU\Software\Classes\vreXjvXHTM
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\vreXjvXHTM
[-] Klíč smazán:HKU\.DEFAULT\Software\Elex-tech
[-] Klíč smazán:HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč smazán:HKU\.DEFAULT\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Klíč smazán:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Conduit
[-] Klíč smazán:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\vreXjvX
[-] Klíč smazán:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Uncheckit
[-] Klíč smazán:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Crossrider
[-] Klíč smazán:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[-] Klíč smazán:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Internet Speed Checker
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\Elex-tech
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[#] Klíč smazán po restartování:HKCU\Software\Conduit
[#] Klíč smazán po restartování:HKCU\Software\vreXjvX
[#] Klíč smazán po restartování:HKCU\Software\Uncheckit
[-] Klíč smazán:HKLM\SOFTWARE\Elex-tech
[-] Klíč smazán:HKLM\SOFTWARE\hdcode
[-] Klíč smazán:HKLM\SOFTWARE\TSv
[-] Klíč smazán:HKLM\SOFTWARE\yessearchesSoftware
[-] Klíč smazán:HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč smazán:HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Klíč smazán:HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
[-] Klíč smazán:HKLM\SOFTWARE\vreXjvX
[-] Klíč smazán:HKLM\SOFTWARE\Uncheckit
[-] Klíč smazán:HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Klíč smazán:HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán:HKLM\SOFTWARE\WinZiper
[-] Klíč smazán:HKLM\SOFTWARE\WinSaberSvc
[-] Klíč smazán:HKLM\SOFTWARE\InterHop
[-] Klíč smazán:HKLM\SOFTWARE\WinArcher
[-] Klíč smazán:HKLM\SOFTWARE\amule-custom
[-] Klíč smazán:HKLM\SOFTWARE\UvConverter
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uncheckit
[-] Klíč smazán:HKLM\SOFTWARE\CLIENTS\Corner Sunshine
[#] Klíč smazán po restartování:[x64] HKCU\Software\Conduit
[#] Klíč smazán po restartování:[x64] HKCU\Software\vreXjvX
[#] Klíč smazán po restartování:[x64] HKCU\Software\Uncheckit
[-] Klíč smazán:[x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč smazán:[x64] HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\CLIENTS\Corner Sunshine
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Installer\Features\F4D5720ABAFF24A489478B171B4CACD3
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Installer\Products\F4D5720ABAFF24A489478B171B4CACD3
[-] Klíč smazán:[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4D5720ABAFF24A489478B171B4CACD3
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4D5720ABAFF24A489478B171B4CACD3
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\Installer\Features\F4D5720ABAFF24A489478B171B4CACD3
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\Installer\Products\F4D5720ABAFF24A489478B171B4CACD3
[-] Data obnovena:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena:HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena:HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena:HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena:HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena:HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena:HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena:HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena:HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena:[x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena:[x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena:[x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena:[x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena:[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena:[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena:[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena:[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Klíč smazán:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mylucky123.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nuesearch.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\watch4.de
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.mylucky123.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.nuesearch.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.watch4.de
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mylucky123.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nuesearch.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\watch4.de
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.mylucky123.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.nuesearch.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.watch4.de
[-] Hodnota smazána:HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [iLivid]
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Klíč smazán:HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Klíč smazán:HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klíč smazán:HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Hodnota smazána:HKLM\SOFTWARE\CLASSES\.XHTML\OPENWITHPROGIDS [CRSBRWSHTML]
[-] Klíč smazán:HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
[#] Klíč smazán po restartování:HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[#] Klíč smazán po restartování:HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Hodnota smazána:HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
[#] Hodnota smazána po restartování:HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
[#] Hodnota smazána po restartování:HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
[#] Hodnota smazána po restartování:HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
***** [ Prohlížeče ] *****
[-] Firefox nastavení vyčištěno:"browser.newtab.url" - "hxxp://www.nicesearches.com?type=hp&ts=1462263 ... 7q7c7b1q9c"
[-] Firefox nastavení vyčištěno:"browser.search.defaultenginename" - "nice"
[-] Firefox nastavení vyčištěno:"browser.search.order.1" - "nice"
[-] Firefox nastavení vyčištěno:"browser.search.searchengine.iconURL" - "hxxp://www.nicesearches.com/favicon.ico?t=1"
[-] Firefox nastavení vyčištěno:"browser.search.searchengine.name" - "nice"
[-] Firefox nastavení vyčištěno:"browser.search.searchengine.url" - "hxxp://www.nicesearches.com/search.php?type=ds ... earchTerms}"
[-] Firefox nastavení vyčištěno:"browser.search.selectedEngine" - "nice"
[-] Firefox nastavení vyčištěno:"browser.startup.homepage" - "hxxp://www.nicesearches.com?type=hp&ts=1462263 ... 7q7c7b1q9c"
[-] Firefox nastavení vyčištěno:"browser.search.defaultenginename" - "nice"
[-] Firefox nastavení vyčištěno:"browser.search.order.1" - "nice"
[-] Firefox nastavení vyčištěno:"browser.search.searchengine.iconURL" - "hxxp://www.nicesearches.com/favicon.ico?t=1"
[-] Firefox nastavení vyčištěno:"browser.search.searchengine.name" - "nice"
[-] Firefox nastavení vyčištěno:"browser.search.searchengine.url" - "hxxp://www.nicesearches.com/search.php?type=ds ... earchTerms}"
[-] Firefox nastavení vyčištěno:"browser.search.selectedEngine" - "nice"
[-] [C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Smazání:dts.search.ask.com
[-] [C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Smazání:ask.com
[-] [C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1] [startup_urls] Smazání:hxxp://www.nicesearches.com?type=hp&ts=1477326 ... eoeq8e8c3t
[-] [C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] Smazání:aaaaabcbmongicmdegkmmfgdickgnnob
[-] [C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1] [homepage] Smazání:hxxp://www.nicesearches.com?type=hp&ts=1477326 ... eoeq8e8c3t
*************************
:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C2].txt - [25640 Bajtů] - [05/11/2016 16:55:16]
C:\AdwCleaner\AdwCleaner[C3].txt - [2274 Bajtů] - [15/11/2015 15:28:13]
C:\AdwCleaner\AdwCleaner[R0].txt - [7869 Bajtů] - [05/02/2015 22:34:52]
C:\AdwCleaner\AdwCleaner[R1].txt - [18410 Bajtů] - [12/05/2015 18:53:39]
C:\AdwCleaner\AdwCleaner[R2].txt - [18351 Bajtů] - [13/05/2015 10:12:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [6889 Bajtů] - [05/02/2015 22:40:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [15000 Bajtů] - [13/05/2015 10:18:59]
C:\AdwCleaner\AdwCleaner[S3].txt - [30402 Bajtů] - [05/11/2016 16:01:17]
C:\AdwCleaner\AdwCleaner[S4].txt - [2062 Bajtů] - [15/11/2015 15:26:17]
C:\AdwCleaner\AdwCleaner[S5].txt - [29573 Bajtů] - [05/11/2016 16:10:21]
C:\AdwCleaner\AdwCleaner[S6].txt - [29529 Bajtů] - [05/11/2016 16:28:59]
C:\AdwCleaner\AdwCleaner[S7].txt - [29534 Bajtů] - [05/11/2016 16:42:47]
C:\AdwCleaner\AdwCleaner[S8].txt - [29600 Bajtů] - [05/11/2016 16:52:51]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [26611 Bajtů] ##########
Re: Prosím o kontrolu
Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=144868
- Upozorneni: tento sken zabere od 30 minut po nekolik hodin
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o kontrolu
Bohužel se mi to už po druhé zhruba po 7 hodinách v Heuristické analýze zaseklo...
Re: Prosím o kontrolu
Dobra, tak je odstrelime jinak. Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o kontrolu
Trochu se zpožděním, ale tady jsou logy:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Lenka (administrator) on MAZLIK (11-11-2016 22:55:26)
Running from C:\Users\Lenka\Desktop
Loaded Profiles: Lenka (Available Profiles: Lenka)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-28] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29547136 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd)
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-11-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{574590F5-7C41-4C40-AA44-C20FD0D52B94}: [DhcpNameServer] 195.113.139.94 195.113.136.35
Tcpip\..\Interfaces\{D6CE68C4-28F1-4F4F-973B-0C6C72C4DCD2}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131228653512684772&GUID=62AD310F-2A83-40D1-B35F-B68948B466D4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131228653512688153&GUID=62AD310F-2A83-40D1-B35F-B68948B466D4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131228653512706982&GUID=62AD310F-2A83-40D1-B35F-B68948B466D4
SearchScopes: HKLM -> {F0D22104-9AA9-4301-B777-54BBC80402E7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {F0D22104-9AA9-4301-B777-54BBC80402E7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-221707748-2089773074-1243769125-1001 -> {8DA5BC04-4813-4ADD-9C65-B34926FF17C4} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-221707748-2089773074-1243769125-1001 -> {F0D22104-9AA9-4301-B777-54BBC80402E7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Lenka\AppData\Roaming\Nvu\Profiles\pl24qyn5.default [2016-05-11]
FF ProfilePath: C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129 [2016-11-05]
FF user.js: detected! => C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\user.js [2016-11-05]
FF Extension: (xRocket Toolbar) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\Extensions\arthurj8283@gmail.com [2016-10-24] [not signed]
FF Extension: (Firefox Hotfix) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-26] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-11-11]
CHR Extension: (YouTube) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Vyhledávání Google) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AdBlock) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-05]
CHR Extension: (Gmail) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation) [File not signed]
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 vmicguestinterface; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 vmicheartbeat; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 vmickvpexchange; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 vmicshutdown; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 vmictimesync; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 da05e809; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.89\OptProMon.dll",ENT <==== ATTENTION
S3 Origin Client Service; C:\Users\Public\Desktop\Origin\OriginClientService.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BtAudioBusSrv; C:\WINDOWS\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\WINDOWS\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 btUrbFilterDrv; C:\WINDOWS\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-03-31] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-03-31] (Disc Soft Ltd)
S0 ebdrv; C:\WINDOWS\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-08-09] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
S3 netr28x; \SystemRoot\system32\DRIVERS\netr28x.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-11 22:52 - 2016-11-11 22:55 - 00019246 _____ C:\Users\Lenka\Desktop\FRST.txt
2016-11-11 22:50 - 2016-11-11 22:55 - 00000000 ____D C:\FRST
2016-11-11 22:49 - 2016-11-11 22:49 - 02410496 _____ (Farbar) C:\Users\Lenka\Desktop\FRST64.exe
2016-11-06 01:00 - 2016-11-11 22:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-06 00:59 - 2016-11-06 00:59 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-06 00:59 - 2016-11-06 00:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-06 00:59 - 2016-11-06 00:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-06 00:59 - 2016-11-06 00:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-06 00:59 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-11-06 00:59 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-06 00:59 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-11-06 00:58 - 2016-11-06 00:58 - 22851472 _____ (Malwarebytes ) C:\Users\Lenka\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-05 15:56 - 2016-11-05 15:56 - 03910208 _____ C:\Users\Lenka\Desktop\adwcleaner_6.030.exe
2016-11-05 13:23 - 2016-11-05 13:23 - 00002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-05 13:23 - 2016-11-05 13:23 - 00002275 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-05 13:22 - 2016-11-11 22:45 - 00000960 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-05 13:22 - 2016-11-07 21:27 - 00000964 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-05 13:22 - 2016-11-05 13:22 - 01065376 _____ (Google Inc.) C:\Users\Lenka\Downloads\ChromeSetup.exe
2016-11-05 13:22 - 2016-11-05 13:22 - 00003936 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-05 13:22 - 2016-11-05 13:22 - 00003700 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-05 13:17 - 2016-11-05 13:17 - 01222144 _____ C:\Users\Lenka\Downloads\RSITx64(1).exe
2016-11-05 13:12 - 2016-11-05 13:12 - 00000000 ____D C:\Users\Lenka\AppData\Local\Jarhair
2016-11-05 13:06 - 2016-11-05 13:06 - 00031744 ___SH C:\Users\Lenka\Desktop\Thumbs.db
2016-11-05 12:06 - 2016-11-05 12:06 - 00000000 _____ C:\temp.dat
2016-11-03 20:36 - 2016-11-03 20:36 - 00000000 ____D C:\Program Files (x86)\8rx0tgdf
2016-11-03 19:10 - 2016-11-03 20:11 - 551897250 _____ C:\Users\Lenka\Downloads\Ohnivý-kuře-58.díl---Televizní-láska.avi
2016-11-03 19:02 - 2016-11-03 19:04 - 01973102 _____ C:\Users\Lenka\Downloads\Ohnivý-kuře-58.-díl---Televizní-láska.avi
2016-11-03 18:36 - 2016-11-03 18:36 - 00000000 ____D C:\Program Files (x86)\wtswgi3x
2016-11-03 17:41 - 2016-11-03 17:50 - 00000000 ____D C:\Program Files (x86)\i7azd2gu
2016-11-02 20:36 - 2016-11-02 20:36 - 00000000 ____D C:\Program Files (x86)\bqa0gfdr
2016-11-02 20:00 - 2016-11-02 20:00 - 00000000 ____D C:\Users\Lenka\AppData\Local\Goldleaf
2016-11-02 19:36 - 2016-11-02 19:36 - 00000003 _____ C:\WINDOWS\SysWOW64\hoewmds
2016-11-02 18:42 - 2016-11-02 18:45 - 00000000 ____D C:\Program Files (x86)\71vr3fz9
2016-11-01 21:36 - 2016-11-01 21:36 - 00000000 ____D C:\ProgramData\UvConverter
2016-11-01 21:35 - 2016-11-01 21:36 - 00000000 ____D C:\ProgramData\QQBrowser
2016-11-01 21:35 - 2016-11-01 21:35 - 00000000 ____D C:\ProgramData\fibei
2016-11-01 21:35 - 2016-11-01 21:35 - 00000000 ____D C:\Program Files (x86)\Goldleaf
2016-11-01 20:37 - 2016-11-01 20:38 - 00000000 ____D C:\Program Files (x86)\a92rfjl5
2016-11-01 18:36 - 2016-11-01 18:36 - 00000000 ____D C:\Program Files (x86)\qg2s153s
2016-11-01 17:35 - 2016-11-01 17:37 - 00000000 ____D C:\Program Files (x86)\b6wcfupd
2016-10-26 20:45 - 2016-11-06 01:04 - 00000000 ____D C:\Program Files (x86)\WinArcher
2016-10-26 20:42 - 2016-10-26 20:45 - 00000000 ____D C:\Program Files (x86)\2t4xl9qk
2016-10-25 15:36 - 2016-10-25 15:36 - 00000000 ____D C:\Program Files (x86)\4ocgsmog
2016-10-25 15:33 - 2016-11-10 21:57 - 00000000 ____D C:\ProgramData\WinSAPSvc
2016-10-25 15:31 - 2016-10-25 15:34 - 00000000 ____D C:\Program Files (x86)\vv8fphgr
2016-10-21 21:28 - 2016-11-05 12:07 - 00000000 ____D C:\ProgramData\BaofengUpdate_U
2016-10-21 21:28 - 2016-10-21 21:28 - 00000000 ____D C:\ProgramData\icfib
2016-10-21 21:27 - 2016-10-21 21:27 - 00000000 ____D C:\ProgramData\chuvc
2016-10-20 18:35 - 2016-10-20 18:36 - 00000003 _____ C:\WINDOWS\SysWOW64\xaabbbbbbb
2016-10-20 18:35 - 2016-10-20 18:36 - 00000000 ____D C:\Program Files (x86)\Jarhair
2016-10-20 18:35 - 2016-10-20 18:35 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2016-10-20 18:34 - 2016-10-20 18:34 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\aMule
2016-10-20 18:34 - 2016-10-20 18:34 - 00000000 ____D C:\Program Files (x86)\amuleC
2016-10-19 18:41 - 2016-10-19 18:42 - 00000000 ____D C:\Program Files (x86)\us4pd7vz
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-11 22:51 - 2014-09-24 17:23 - 01934988 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-11 22:51 - 2014-09-24 16:39 - 00802206 _____ C:\WINDOWS\system32\perfh005.dat
2016-11-11 22:51 - 2014-09-24 16:39 - 00183700 _____ C:\WINDOWS\system32\perfc005.dat
2016-11-11 22:51 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-11-11 22:50 - 2013-09-18 10:02 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-221707748-2089773074-1243769125-1001
2016-11-11 22:45 - 2014-11-30 14:20 - 00000000 __RDO C:\Users\Lenka\OneDrive
2016-11-11 22:44 - 2015-04-11 19:20 - 00000646 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-11-11 22:44 - 2014-11-30 13:38 - 00000000 ____D C:\Users\Lenka
2016-11-11 22:43 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-11 22:43 - 2012-08-10 16:45 - 00000821 _____ C:\WINDOWS\SysWOW64\bscs.ini
2016-11-10 21:57 - 2016-07-25 14:31 - 00000000 ____D C:\Program Files (x86)\WinZipper
2016-11-07 21:42 - 2015-09-20 12:00 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-05 17:07 - 2015-02-05 22:34 - 00000000 ____D C:\AdwCleaner
2016-11-05 16:54 - 2016-04-27 11:40 - 00000000 ____D C:\WINDOWS\system32\log
2016-11-05 16:54 - 2016-04-27 11:36 - 00001336 _____ C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-05 16:54 - 2014-11-30 14:14 - 00000981 _____ C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-05 16:54 - 2013-10-06 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verdict Free
2016-11-05 15:55 - 2016-04-27 11:36 - 00000000 ____D C:\Program Files (x86)\vreXjvX
2016-11-05 13:23 - 2013-09-20 15:21 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-05 13:19 - 2015-11-14 11:40 - 00000000 ____D C:\rsit
2016-11-05 13:17 - 2015-02-05 21:29 - 00000000 ____D C:\Program Files\trend micro
2016-11-05 13:06 - 2016-09-09 08:11 - 00000001 _____ C:\WINDOWS\SysWOW64\en.html
2016-11-05 13:06 - 2016-09-09 08:07 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2016-11-05 13:04 - 2013-08-22 14:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-11-05 12:30 - 2015-01-24 15:18 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\Wise Disk Cleaner
2016-11-05 12:20 - 2015-01-19 11:23 - 00000000 ____D C:\Users\Lenka\Desktop\testy syntax
2016-11-05 12:17 - 2016-07-05 17:30 - 00000000 ____D C:\Users\Lenka\Downloads\Dokonalý svět 5-8
2016-11-05 12:17 - 2016-06-20 21:01 - 00000000 ____D C:\Users\Lenka\Documents\tabor 2016
2016-11-05 12:17 - 2016-02-25 16:42 - 00000000 ____D C:\Users\Lenka\Documents\web
2016-11-05 12:17 - 2016-02-25 16:30 - 00000000 ____D C:\Program Files (x86)\Nvu
2016-11-05 12:17 - 2015-09-19 20:46 - 00000000 ____D C:\Users\Lenka\Downloads\AT-KOLEJE - Univerzita J. E. Purkyně v Ústí nad Labem_files
2016-11-05 12:17 - 2015-09-07 14:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-05 12:17 - 2015-08-27 17:59 - 00000000 ____D C:\Users\Lenka\Downloads\Rozezpívání
2016-11-05 12:17 - 2014-12-23 16:41 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\Seznam.cz
2016-11-05 12:17 - 2014-10-18 16:29 - 00000000 ____D C:\Users\Lenka\Desktop\FOTO
2016-11-05 12:17 - 2014-04-26 16:31 - 00000000 ____D C:\Users\Lenka\Downloads\12 Years a Slave (2013)
2016-11-05 12:17 - 2013-10-07 18:12 - 00000000 ____D C:\Users\Lenka\Documents\škola
2016-11-05 12:13 - 2015-01-31 09:17 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-05 12:13 - 2014-07-31 09:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2016-11-05 12:13 - 2014-07-30 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-11-05 12:13 - 2013-08-22 16:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-11-05 12:02 - 2016-07-19 13:38 - 00000000 ____D C:\ProgramData\ChelfNotify
2016-11-05 12:02 - 2016-03-31 15:48 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd
2016-11-02 20:08 - 2013-09-20 15:21 - 00000000 ____D C:\Users\Lenka\AppData\Local\Google
2016-11-02 19:36 - 2016-06-07 12:41 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-10-30 11:04 - 2013-09-23 14:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-26 20:42 - 2015-09-20 12:00 - 00003802 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-10-26 20:42 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-10-26 20:41 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-10-21 23:06 - 2015-09-07 14:17 - 00001885 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-10-21 23:06 - 2015-09-07 14:17 - 00001873 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-10-19 21:25 - 2016-07-28 09:39 - 01560800 _____ (UDa) C:\Program Files (x86)\SSFK.exe
2016-10-16 12:03 - 2015-01-09 21:20 - 00003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AA2700FB-6693-4BC0-949F-86E9A3F0BDA2}
==================== Files in the root of some directories =======
2016-07-28 09:39 - 2016-10-19 21:25 - 1560800 _____ (UDa) C:\Program Files (x86)\SSFK.exe
2015-11-12 22:32 - 2015-11-12 22:32 - 0000604 ____H () C:\Program Files (x86)\STLL Notifier
2015-05-25 17:04 - 2015-05-25 17:04 - 0000604 ____H () C:\Program Files (x86)\_Z2
2016-03-03 16:40 - 2003-03-21 12:45 - 0250544 _____ (KeyWorks Software) C:\Program Files (x86)\Common Files\keyhelp.ocx
2014-12-23 16:44 - 2014-12-23 16:44 - 1815520 _____ (HDQ-1.2cV23.12) C:\Users\Lenka\AppData\Roaming\DAWFORW.exe
2016-04-12 11:36 - 2016-04-12 11:36 - 0003584 _____ () C:\Users\Lenka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-31 21:55 - 2015-02-22 16:00 - 0007601 _____ () C:\Users\Lenka\AppData\Local\Resmon.ResmonCfg
2015-11-12 22:21 - 2015-11-12 22:22 - 0000464 _____ () C:\ProgramData\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
Some files in TEMP:
====================
C:\Users\Lenka\AppData\Local\Temp\libeay32.dll
C:\Users\Lenka\AppData\Local\Temp\msvcr120.dll
C:\Users\Lenka\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-05 17:17
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Lenka (11-11-2016 22:57:25)
Running from C:\Users\Lenka\Desktop
Windows 8.1 (Update) (X64) (2014-11-30 13:13:34)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-221707748-2089773074-1243769125-500 - Administrator - Disabled)
Guest (S-1-5-21-221707748-2089773074-1243769125-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-221707748-2089773074-1243769125-1005 - Limited - Enabled)
Lenka (S-1-5-21-221707748-2089773074-1243769125-1001 - Administrator - Enabled) => C:\Users\Lenka
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ActivInspire Core Resources (CZE) v1 (HKLM-x32\...\{0D0C3C53-83FE-4A15-A42E-D24FF8FBDC61}) (Version: 1.6.3 - Promethean)
ActivInspire Help (CZE) v1 (HKLM-x32\...\{3B178548-D115-4DCB-9BA6-A320C190F6AC}) (Version: 1.6.3 - Promethean)
ActivInspire HWR Resources (CZE) v1 (HKLM-x32\...\{EA22007F-7DCA-4BA5-ACA2-143D8852DD35}) (Version: 1.7.1 - Promethean)
ActivInspire v2 (HKLM-x32\...\{434DE23F-289C-4CBE-A29E-952CCC990F37}) (Version: 2.6.66568 - Promethean)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.0 - amuleC)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avid License Control (HKLM-x32\...\{89A9B9EE-839E-4820-9450-2912C82F46AF}) (Version: 6.0.1 - Avid Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.66.1075 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0152 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Flexibooks 4.4 (HKLM\...\Flexibooks 4 pro Windows_is1) (Version: 4.4.2.11 - Nakladatelství Fraus s.r.o.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.53.5169 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HotPotatoes v 6.3.0.5 (HKLM-x32\...\hotpot_is1) (Version: - HalfBaked)
HP 3D DriveGuard (HKLM\...\{21FC3845-4438-4DCD-AB14-1F4A6EAFF6AF}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{D044EBE7-94E7-4C49-90FC-9069E3F374E1}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{A3B77E0C-B157-4521-BAF1-C0E69F3D3204}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
LibreOffice 4.1.1.2 (HKLM-x32\...\{F1EE568A-171F-4C06-9BE6-2395BED067A3}) (Version: 4.1.1.2 - The Document Foundation)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 cs)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Nvu 1.0 (HKLM-x32\...\Nvu) (Version: 1.0 - CZilla)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
Ralink Bluetooth Stack64 (HKLM\...\{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}) (Version: 9.0.715.0 - Ralink Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Sibelius 6 (HKLM-x32\...\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}) (Version: 6.0.0 - Sibelius Software)
Sibelius 6 (HKLM-x32\...\{C6CF8699-A2AD-401D-952B-713B713EC9AC}) (Version: 6.1.0 - Sibelius Software)
Sibelius 7 OpenType Fonts (HKLM-x32\...\{44998978-7DDB-4AD0-BDF5-D226FBC029FE}) (Version: 7.1.2 - Avid)
Sibelius 7.1.2.46 (HKLM\...\Sibelius 7.0.0.23_is1) (Version: 7.1.2.46 - Avid)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Slovník Verdict Free (a internetový překladač) (HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Verdict Free) (Version: - )
Sweet Home 3D version 5.0 (HKLM\...\Sweet Home 3D_is1) (Version: 5.0 - eTeks)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip (HKLM-x32\...\WinZip) (Version: 2.3.16 - Winzipper Pvt Ltd.) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1BD85519-3044-4410-BFCD-A685FC9D1C09} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {49023766-9CB1-4F46-9207-C41BAF8FF96D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-05] (Google Inc.)
Task: {4F71D792-E5C3-49DF-B82E-85A3E32A4CD2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {7147A2D7-3D71-4901-9B51-EE954EBF4E75} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-05] (Google Inc.)
Task: {714899C4-3E7E-45F0-908D-75DB27FFDDDD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {82E02FCF-FC66-42AC-9F69-06A587DA6359} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {9E7B87AF-EFAD-4406-960B-E11A5D141891} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {B7E56125-1FB9-42D3-A77C-54A907190176} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26] (Adobe Systems Incorporated)
Task: {BA9A8CB2-B2F5-4744-B60F-2B577E4A6456} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {BB3CF76A-958E-4587-8C1D-57DF96995813} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {E044B3A0-9774-4B1A-9F39-11F83A786553} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {EB7CB529-0A5E-420B-8402-095A5617DC58} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2012-07-10 17:11 - 2012-07-10 17:11 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-07-27 13:51 - 2012-07-27 13:51 - 00346112 _____ () C:\Windows\system32\BsExtendFunc.dll
2012-07-10 17:09 - 2012-07-10 17:09 - 00022528 _____ () C:\Windows\system32\BsTrace.dll
2012-07-10 17:11 - 2012-07-10 17:11 - 00052736 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2014-01-29 23:02 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-11-05 13:23 - 2016-10-31 08:11 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libglesv2.dll
2016-11-05 13:23 - 2016-10-31 08:11 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libegl.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-10 17:09 - 2012-07-10 17:09 - 00022528 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2012-07-10 17:11 - 2012-07-10 17:11 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-07-10 17:11 - 2012-07-10 17:11 - 00052736 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2012-07-10 17:14 - 2012-07-10 17:14 - 00072192 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2012-07-27 13:51 - 2012-07-27 13:51 - 00346112 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll
2012-10-04 14:23 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2016-11-05 13:17 - 00002028 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
There are 4 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lenka\Pictures\Martin\Suchac romanticky pobyt\IMG_3523.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "HP Quick Launch"
HKLM\...\StartupApproved\Run32: => "HP CoolSense"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{B11FDEBA-E74B-4B34-B81E-67AC31A9AB6D}C:\users\lenka\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lenka\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{63A07842-4D1A-41A7-89D1-EB9283DEDCA0}C:\users\lenka\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lenka\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{6DF7643D-8CAC-410D-ABAD-7A2C02639379}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{3B37A9E0-560B-4B40-960E-BB67CC6940D4}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{3C3D7EF9-1D23-4992-94BF-9E7CDA7FF561}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{C8F8773D-609B-4ED4-B586-DE44FCDD994B}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{E248DEC5-FE54-4B49-91F2-51CE468A6850}C:\users\lenka\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lenka\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{C0EB3DCD-1F21-446D-BC0B-E4D3F906BC12}C:\users\lenka\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lenka\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{588CDA95-D969-4FD1-8B4F-39049C8CD72B}C:\users\lenka\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\lenka\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{08EBC2BF-DD6F-479B-BB99-7F9B9DA13F27}C:\users\lenka\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\lenka\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{39148BDC-556C-4C0C-AC77-37D17540ED8F}] => (Allow) C:\Users\Lenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E9CF0722-C515-46BC-A2C3-E93CB4E45C64}] => (Allow) C:\Users\Lenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{C9B881D2-5D18-4611-ADCE-AF6C868FD11D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{09589FF6-140F-4292-B1C7-C89F9A375896}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{04428B43-C6D7-453C-8880-614B2620F403}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{4B0508E1-0F56-4E69-B0CB-6560357AF4EA}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [UDP Query User{22862D24-F73D-495E-BE15-0F8CFEECFA82}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{A5D7BF9B-364A-49EE-B8DA-9FCCF2141D2F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E48E851B-4815-4AE0-AEF4-47086BF8A477}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5C779B28-2D96-49E8-99A6-0496F94623FD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{B581023C-D6B9-4B79-B019-ACB7412B9873}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{2A9E8DA8-B82E-4AD0-9277-026D3D816E08}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{CECF97EE-61BE-4333-81B4-18787501F30C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2B343F11-8A8E-434D-9347-632A3F90F54E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{319FE7B4-0106-4BA4-947F-1F47A04FD243}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C3E7AC59-5DDD-4D30-9EE8-6F86919E8203}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BEB44F2B-E644-42BD-BA3A-2447A7EDCF5F}] => (Allow) LPort=1900
FirewallRules: [{E9D82070-5DBF-4CE3-B9DD-3D9D00D2CC76}] => (Allow) LPort=2869
FirewallRules: [{59D3008F-5ABE-47AA-9B08-691CC21DE133}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9FD7D38E-EE65-495B-8042-EA16EA5E925F}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A1196923-D170-4F54-A216-BFFA8D39D6D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EB61FEAA-FCCA-48DC-B83C-8B8FC0E84465}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{19B2E6BF-EA70-4C46-AA97-EF3E99730D71}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{80BAD9E8-4413-4D1C-A0E2-A3B81941635C}] => (Allow) C:\Program Files (x86)\Sibelius Software\Sibelius 6\RegTool.exe
FirewallRules: [{0CBFEBFC-A571-4F1B-BD97-51DE719A31A6}] => (Allow) C:\Program Files (x86)\Sibelius Software\Sibelius 6\RegTool.exe
FirewallRules: [{9B241373-8F5E-4139-8AD3-0DD1FE068C1C}] => (Allow) C:\Program Files (x86)\Sibelius Software\Sibelius 6\Sibelius.exe
FirewallRules: [{572FA2FF-F179-442D-B17B-E798DF8FC12E}] => (Allow) C:\Program Files (x86)\Sibelius Software\Sibelius 6\Sibelius.exe
FirewallRules: [{E7DF01B0-3F0D-4498-8782-0C8B116014DD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{481C7265-BDA3-493A-84AE-51644B99552B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{D71D817A-9617-495D-B9A1-DF3B38C7AEC1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3A36234D-F22A-4D30-8853-77B9AB7DDF21}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{8E313EB6-9C7F-4A70-B7F3-995686A74043}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{3E35A3B4-993F-476D-B0BD-5F701D9AF167}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{EB92CE17-1A1F-43AB-B046-990390A717E5}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{8010DCC9-726E-4F98-828F-9C4BD30D8581}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{879DD183-183F-4A48-9372-16538F437FE4}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{9612D2C9-2016-4C2A-8B85-43FD6ECD6E94}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{FF52C973-198C-4F8D-9BC5-DC802735238B}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe
FirewallRules: [TCP Query User{58ED90D4-8A40-47A4-A582-40FFE3B7236A}C:\program files (x86)\goldleaf\application\chrome.exe] => (Block) C:\program files (x86)\goldleaf\application\chrome.exe
FirewallRules: [UDP Query User{F09DBEFB-DF4B-4CE4-8858-E7BB885F1268}C:\program files (x86)\goldleaf\application\chrome.exe] => (Block) C:\program files (x86)\goldleaf\application\chrome.exe
FirewallRules: [{13D535BB-D99C-4229-8086-0FA6A8DC079A}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe
FirewallRules: [{13481C4B-1645-406B-8D13-0B06E91922C8}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\bin\vreXjvX_server.exe
FirewallRules: [{D36F0E29-BACA-4C40-9B9E-8B49716DBD53}] => (Allow) C:\ProgramData\vreXjvX\protect\protect.exe
FirewallRules: [{817ABABE-E502-4C47-82C8-E54543DCB415}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
20-10-2016 21:01:03 Naplánovaný kontrolní bod
29-10-2016 18:02:34 Naplánovaný kontrolní bod
05-11-2016 12:18:18 Created by Wise Disk Cleaner
05-11-2016 17:01:47 Chrome Cleanup Tool
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/11/2016 10:58:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 10:58:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 10:58:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 10:45:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 10:45:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 10:45:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 10:45:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 10:45:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 07:07:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 07:07:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
System errors:
=============
Error: (11/11/2016 10:58:36 PM) (Source: DCOM) (EventID: 10010) (User: MAZLIK)
Description: Server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2016 10:58:35 PM) (Source: DCOM) (EventID: 10010) (User: MAZLIK)
Description: Server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2016 10:58:35 PM) (Source: DCOM) (EventID: 10010) (User: MAZLIK)
Description: Server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2016 10:45:16 PM) (Source: DCOM) (EventID: 10010) (User: MAZLIK)
Description: Server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2016 10:45:14 PM) (Source: DCOM) (EventID: 10010) (User: MAZLIK)
Description: Server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2016 10:45:14 PM) (Source: DCOM) (EventID: 10010) (User: MAZLIK)
Description: Server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2016 10:45:12 PM) (Source: DCOM) (EventID: 10010) (User: MAZLIK)
Description: Server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2016 10:45:05 PM) (Source: DCOM) (EventID: 10010) (User: MAZLIK)
Description: Server Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2016 10:44:59 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Přidělování DHCP bylo automaticky vypnuto u IP adresy 192.168.0.105, protože tato adresa nepatří do oboru 192.168.137.0/255.255.255.0, ze kterého jsou přidělovány adresy klientům DHCP. Chcete-li přidělování DHCP u této IP adresy zapnout, změňte obor tak, aby tuto IP adresu zahrnoval, nebo změňte IP adresu tak, aby patřila do oboru.
Error: (11/11/2016 10:44:59 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: Službě ICS_IPV6 se nepodařilo nakonfigurovat zásobník IPv6.
CodeIntegrity:
===================================
Date: 2016-11-11 22:57:27.180
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 22:51:56.787
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 22:51:56.399
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 19:07:58.233
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 19:07:30.258
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 18:45:47.921
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 18:44:46.535
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 18:16:59.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 18:16:46.328
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 18:09:27.654
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU 987 @ 1.50GHz
Percentage of memory in use: 44%
Total physical RAM: 3986.28 MB
Available physical RAM: 2212.69 MB
Total Virtual: 7698.28 MB
Available Virtual: 5829.91 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:681 GB) (Free:455.79 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.42 GB) (Free:1.24 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 5ED2F137)
Partition: GPT.
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Lenka (administrator) on MAZLIK (11-11-2016 22:55:26)
Running from C:\Users\Lenka\Desktop
Loaded Profiles: Lenka (Available Profiles: Lenka)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-28] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29547136 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd)
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-11-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{574590F5-7C41-4C40-AA44-C20FD0D52B94}: [DhcpNameServer] 195.113.139.94 195.113.136.35
Tcpip\..\Interfaces\{D6CE68C4-28F1-4F4F-973B-0C6C72C4DCD2}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131228653512684772&GUID=62AD310F-2A83-40D1-B35F-B68948B466D4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131228653512688153&GUID=62AD310F-2A83-40D1-B35F-B68948B466D4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131228653512706982&GUID=62AD310F-2A83-40D1-B35F-B68948B466D4
SearchScopes: HKLM -> {F0D22104-9AA9-4301-B777-54BBC80402E7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {F0D22104-9AA9-4301-B777-54BBC80402E7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-221707748-2089773074-1243769125-1001 -> {8DA5BC04-4813-4ADD-9C65-B34926FF17C4} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-221707748-2089773074-1243769125-1001 -> {F0D22104-9AA9-4301-B777-54BBC80402E7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Lenka\AppData\Roaming\Nvu\Profiles\pl24qyn5.default [2016-05-11]
FF ProfilePath: C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129 [2016-11-05]
FF user.js: detected! => C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\user.js [2016-11-05]
FF Extension: (xRocket Toolbar) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\Extensions\arthurj8283@gmail.com [2016-10-24] [not signed]
FF Extension: (Firefox Hotfix) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-26] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-11-11]
CHR Extension: (YouTube) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Vyhledávání Google) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AdBlock) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-05]
CHR Extension: (Gmail) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation) [File not signed]
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 vmicguestinterface; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 vmicheartbeat; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 vmickvpexchange; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 vmicshutdown; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 vmictimesync; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 da05e809; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.89\OptProMon.dll",ENT <==== ATTENTION
S3 Origin Client Service; C:\Users\Public\Desktop\Origin\OriginClientService.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BtAudioBusSrv; C:\WINDOWS\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\WINDOWS\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 btUrbFilterDrv; C:\WINDOWS\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-03-31] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-03-31] (Disc Soft Ltd)
S0 ebdrv; C:\WINDOWS\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-08-09] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
S3 netr28x; \SystemRoot\system32\DRIVERS\netr28x.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-11 22:52 - 2016-11-11 22:55 - 00019246 _____ C:\Users\Lenka\Desktop\FRST.txt
2016-11-11 22:50 - 2016-11-11 22:55 - 00000000 ____D C:\FRST
2016-11-11 22:49 - 2016-11-11 22:49 - 02410496 _____ (Farbar) C:\Users\Lenka\Desktop\FRST64.exe
2016-11-06 01:00 - 2016-11-11 22:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-06 00:59 - 2016-11-06 00:59 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-06 00:59 - 2016-11-06 00:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-06 00:59 - 2016-11-06 00:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-06 00:59 - 2016-11-06 00:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-06 00:59 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-11-06 00:59 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-06 00:59 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-11-06 00:58 - 2016-11-06 00:58 - 22851472 _____ (Malwarebytes ) C:\Users\Lenka\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-05 15:56 - 2016-11-05 15:56 - 03910208 _____ C:\Users\Lenka\Desktop\adwcleaner_6.030.exe
2016-11-05 13:23 - 2016-11-05 13:23 - 00002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-05 13:23 - 2016-11-05 13:23 - 00002275 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-05 13:22 - 2016-11-11 22:45 - 00000960 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-05 13:22 - 2016-11-07 21:27 - 00000964 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-05 13:22 - 2016-11-05 13:22 - 01065376 _____ (Google Inc.) C:\Users\Lenka\Downloads\ChromeSetup.exe
2016-11-05 13:22 - 2016-11-05 13:22 - 00003936 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-05 13:22 - 2016-11-05 13:22 - 00003700 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-05 13:17 - 2016-11-05 13:17 - 01222144 _____ C:\Users\Lenka\Downloads\RSITx64(1).exe
2016-11-05 13:12 - 2016-11-05 13:12 - 00000000 ____D C:\Users\Lenka\AppData\Local\Jarhair
2016-11-05 13:06 - 2016-11-05 13:06 - 00031744 ___SH C:\Users\Lenka\Desktop\Thumbs.db
2016-11-05 12:06 - 2016-11-05 12:06 - 00000000 _____ C:\temp.dat
2016-11-03 20:36 - 2016-11-03 20:36 - 00000000 ____D C:\Program Files (x86)\8rx0tgdf
2016-11-03 19:10 - 2016-11-03 20:11 - 551897250 _____ C:\Users\Lenka\Downloads\Ohnivý-kuře-58.díl---Televizní-láska.avi
2016-11-03 19:02 - 2016-11-03 19:04 - 01973102 _____ C:\Users\Lenka\Downloads\Ohnivý-kuře-58.-díl---Televizní-láska.avi
2016-11-03 18:36 - 2016-11-03 18:36 - 00000000 ____D C:\Program Files (x86)\wtswgi3x
2016-11-03 17:41 - 2016-11-03 17:50 - 00000000 ____D C:\Program Files (x86)\i7azd2gu
2016-11-02 20:36 - 2016-11-02 20:36 - 00000000 ____D C:\Program Files (x86)\bqa0gfdr
2016-11-02 20:00 - 2016-11-02 20:00 - 00000000 ____D C:\Users\Lenka\AppData\Local\Goldleaf
2016-11-02 19:36 - 2016-11-02 19:36 - 00000003 _____ C:\WINDOWS\SysWOW64\hoewmds
2016-11-02 18:42 - 2016-11-02 18:45 - 00000000 ____D C:\Program Files (x86)\71vr3fz9
2016-11-01 21:36 - 2016-11-01 21:36 - 00000000 ____D C:\ProgramData\UvConverter
2016-11-01 21:35 - 2016-11-01 21:36 - 00000000 ____D C:\ProgramData\QQBrowser
2016-11-01 21:35 - 2016-11-01 21:35 - 00000000 ____D C:\ProgramData\fibei
2016-11-01 21:35 - 2016-11-01 21:35 - 00000000 ____D C:\Program Files (x86)\Goldleaf
2016-11-01 20:37 - 2016-11-01 20:38 - 00000000 ____D C:\Program Files (x86)\a92rfjl5
2016-11-01 18:36 - 2016-11-01 18:36 - 00000000 ____D C:\Program Files (x86)\qg2s153s
2016-11-01 17:35 - 2016-11-01 17:37 - 00000000 ____D C:\Program Files (x86)\b6wcfupd
2016-10-26 20:45 - 2016-11-06 01:04 - 00000000 ____D C:\Program Files (x86)\WinArcher
2016-10-26 20:42 - 2016-10-26 20:45 - 00000000 ____D C:\Program Files (x86)\2t4xl9qk
2016-10-25 15:36 - 2016-10-25 15:36 - 00000000 ____D C:\Program Files (x86)\4ocgsmog
2016-10-25 15:33 - 2016-11-10 21:57 - 00000000 ____D C:\ProgramData\WinSAPSvc
2016-10-25 15:31 - 2016-10-25 15:34 - 00000000 ____D C:\Program Files (x86)\vv8fphgr
2016-10-21 21:28 - 2016-11-05 12:07 - 00000000 ____D C:\ProgramData\BaofengUpdate_U
2016-10-21 21:28 - 2016-10-21 21:28 - 00000000 ____D C:\ProgramData\icfib
2016-10-21 21:27 - 2016-10-21 21:27 - 00000000 ____D C:\ProgramData\chuvc
2016-10-20 18:35 - 2016-10-20 18:36 - 00000003 _____ C:\WINDOWS\SysWOW64\xaabbbbbbb
2016-10-20 18:35 - 2016-10-20 18:36 - 00000000 ____D C:\Program Files (x86)\Jarhair
2016-10-20 18:35 - 2016-10-20 18:35 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2016-10-20 18:34 - 2016-10-20 18:34 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\aMule
2016-10-20 18:34 - 2016-10-20 18:34 - 00000000 ____D C:\Program Files (x86)\amuleC
2016-10-19 18:41 - 2016-10-19 18:42 - 00000000 ____D C:\Program Files (x86)\us4pd7vz
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-11 22:51 - 2014-09-24 17:23 - 01934988 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-11 22:51 - 2014-09-24 16:39 - 00802206 _____ C:\WINDOWS\system32\perfh005.dat
2016-11-11 22:51 - 2014-09-24 16:39 - 00183700 _____ C:\WINDOWS\system32\perfc005.dat
2016-11-11 22:51 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-11-11 22:50 - 2013-09-18 10:02 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-221707748-2089773074-1243769125-1001
2016-11-11 22:45 - 2014-11-30 14:20 - 00000000 __RDO C:\Users\Lenka\OneDrive
2016-11-11 22:44 - 2015-04-11 19:20 - 00000646 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-11-11 22:44 - 2014-11-30 13:38 - 00000000 ____D C:\Users\Lenka
2016-11-11 22:43 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-11 22:43 - 2012-08-10 16:45 - 00000821 _____ C:\WINDOWS\SysWOW64\bscs.ini
2016-11-10 21:57 - 2016-07-25 14:31 - 00000000 ____D C:\Program Files (x86)\WinZipper
2016-11-07 21:42 - 2015-09-20 12:00 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-05 17:07 - 2015-02-05 22:34 - 00000000 ____D C:\AdwCleaner
2016-11-05 16:54 - 2016-04-27 11:40 - 00000000 ____D C:\WINDOWS\system32\log
2016-11-05 16:54 - 2016-04-27 11:36 - 00001336 _____ C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-05 16:54 - 2014-11-30 14:14 - 00000981 _____ C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-05 16:54 - 2013-10-06 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verdict Free
2016-11-05 15:55 - 2016-04-27 11:36 - 00000000 ____D C:\Program Files (x86)\vreXjvX
2016-11-05 13:23 - 2013-09-20 15:21 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-05 13:19 - 2015-11-14 11:40 - 00000000 ____D C:\rsit
2016-11-05 13:17 - 2015-02-05 21:29 - 00000000 ____D C:\Program Files\trend micro
2016-11-05 13:06 - 2016-09-09 08:11 - 00000001 _____ C:\WINDOWS\SysWOW64\en.html
2016-11-05 13:06 - 2016-09-09 08:07 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2016-11-05 13:04 - 2013-08-22 14:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-11-05 12:30 - 2015-01-24 15:18 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\Wise Disk Cleaner
2016-11-05 12:20 - 2015-01-19 11:23 - 00000000 ____D C:\Users\Lenka\Desktop\testy syntax
2016-11-05 12:17 - 2016-07-05 17:30 - 00000000 ____D C:\Users\Lenka\Downloads\Dokonalý svět 5-8
2016-11-05 12:17 - 2016-06-20 21:01 - 00000000 ____D C:\Users\Lenka\Documents\tabor 2016
2016-11-05 12:17 - 2016-02-25 16:42 - 00000000 ____D C:\Users\Lenka\Documents\web
2016-11-05 12:17 - 2016-02-25 16:30 - 00000000 ____D C:\Program Files (x86)\Nvu
2016-11-05 12:17 - 2015-09-19 20:46 - 00000000 ____D C:\Users\Lenka\Downloads\AT-KOLEJE - Univerzita J. E. Purkyně v Ústí nad Labem_files
2016-11-05 12:17 - 2015-09-07 14:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-05 12:17 - 2015-08-27 17:59 - 00000000 ____D C:\Users\Lenka\Downloads\Rozezpívání
2016-11-05 12:17 - 2014-12-23 16:41 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\Seznam.cz
2016-11-05 12:17 - 2014-10-18 16:29 - 00000000 ____D C:\Users\Lenka\Desktop\FOTO
2016-11-05 12:17 - 2014-04-26 16:31 - 00000000 ____D C:\Users\Lenka\Downloads\12 Years a Slave (2013)
2016-11-05 12:17 - 2013-10-07 18:12 - 00000000 ____D C:\Users\Lenka\Documents\škola
2016-11-05 12:13 - 2015-01-31 09:17 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-05 12:13 - 2014-07-31 09:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2016-11-05 12:13 - 2014-07-30 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-11-05 12:13 - 2013-08-22 16:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-11-05 12:02 - 2016-07-19 13:38 - 00000000 ____D C:\ProgramData\ChelfNotify
2016-11-05 12:02 - 2016-03-31 15:48 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd
2016-11-02 20:08 - 2013-09-20 15:21 - 00000000 ____D C:\Users\Lenka\AppData\Local\Google
2016-11-02 19:36 - 2016-06-07 12:41 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-10-30 11:04 - 2013-09-23 14:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-26 20:42 - 2015-09-20 12:00 - 00003802 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-10-26 20:42 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-10-26 20:41 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-10-21 23:06 - 2015-09-07 14:17 - 00001885 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-10-21 23:06 - 2015-09-07 14:17 - 00001873 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-10-19 21:25 - 2016-07-28 09:39 - 01560800 _____ (UDa) C:\Program Files (x86)\SSFK.exe
2016-10-16 12:03 - 2015-01-09 21:20 - 00003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AA2700FB-6693-4BC0-949F-86E9A3F0BDA2}
==================== Files in the root of some directories =======
2016-07-28 09:39 - 2016-10-19 21:25 - 1560800 _____ (UDa) C:\Program Files (x86)\SSFK.exe
2015-11-12 22:32 - 2015-11-12 22:32 - 0000604 ____H () C:\Program Files (x86)\STLL Notifier
2015-05-25 17:04 - 2015-05-25 17:04 - 0000604 ____H () C:\Program Files (x86)\_Z2
2016-03-03 16:40 - 2003-03-21 12:45 - 0250544 _____ (KeyWorks Software) C:\Program Files (x86)\Common Files\keyhelp.ocx
2014-12-23 16:44 - 2014-12-23 16:44 - 1815520 _____ (HDQ-1.2cV23.12) C:\Users\Lenka\AppData\Roaming\DAWFORW.exe
2016-04-12 11:36 - 2016-04-12 11:36 - 0003584 _____ () C:\Users\Lenka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-31 21:55 - 2015-02-22 16:00 - 0007601 _____ () C:\Users\Lenka\AppData\Local\Resmon.ResmonCfg
2015-11-12 22:21 - 2015-11-12 22:22 - 0000464 _____ () C:\ProgramData\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
Some files in TEMP:
====================
C:\Users\Lenka\AppData\Local\Temp\libeay32.dll
C:\Users\Lenka\AppData\Local\Temp\msvcr120.dll
C:\Users\Lenka\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-05 17:17
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Lenka (11-11-2016 22:57:25)
Running from C:\Users\Lenka\Desktop
Windows 8.1 (Update) (X64) (2014-11-30 13:13:34)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-221707748-2089773074-1243769125-500 - Administrator - Disabled)
Guest (S-1-5-21-221707748-2089773074-1243769125-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-221707748-2089773074-1243769125-1005 - Limited - Enabled)
Lenka (S-1-5-21-221707748-2089773074-1243769125-1001 - Administrator - Enabled) => C:\Users\Lenka
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ActivInspire Core Resources (CZE) v1 (HKLM-x32\...\{0D0C3C53-83FE-4A15-A42E-D24FF8FBDC61}) (Version: 1.6.3 - Promethean)
ActivInspire Help (CZE) v1 (HKLM-x32\...\{3B178548-D115-4DCB-9BA6-A320C190F6AC}) (Version: 1.6.3 - Promethean)
ActivInspire HWR Resources (CZE) v1 (HKLM-x32\...\{EA22007F-7DCA-4BA5-ACA2-143D8852DD35}) (Version: 1.7.1 - Promethean)
ActivInspire v2 (HKLM-x32\...\{434DE23F-289C-4CBE-A29E-952CCC990F37}) (Version: 2.6.66568 - Promethean)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.0 - amuleC)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avid License Control (HKLM-x32\...\{89A9B9EE-839E-4820-9450-2912C82F46AF}) (Version: 6.0.1 - Avid Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.66.1075 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0152 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Flexibooks 4.4 (HKLM\...\Flexibooks 4 pro Windows_is1) (Version: 4.4.2.11 - Nakladatelství Fraus s.r.o.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.53.5169 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HotPotatoes v 6.3.0.5 (HKLM-x32\...\hotpot_is1) (Version: - HalfBaked)
HP 3D DriveGuard (HKLM\...\{21FC3845-4438-4DCD-AB14-1F4A6EAFF6AF}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{D044EBE7-94E7-4C49-90FC-9069E3F374E1}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{A3B77E0C-B157-4521-BAF1-C0E69F3D3204}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
LibreOffice 4.1.1.2 (HKLM-x32\...\{F1EE568A-171F-4C06-9BE6-2395BED067A3}) (Version: 4.1.1.2 - The Document Foundation)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 cs)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Nvu 1.0 (HKLM-x32\...\Nvu) (Version: 1.0 - CZilla)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
Ralink Bluetooth Stack64 (HKLM\...\{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}) (Version: 9.0.715.0 - Ralink Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Sibelius 6 (HKLM-x32\...\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}) (Version: 6.0.0 - Sibelius Software)
Sibelius 6 (HKLM-x32\...\{C6CF8699-A2AD-401D-952B-713B713EC9AC}) (Version: 6.1.0 - Sibelius Software)
Sibelius 7 OpenType Fonts (HKLM-x32\...\{44998978-7DDB-4AD0-BDF5-D226FBC029FE}) (Version: 7.1.2 - Avid)
Sibelius 7.1.2.46 (HKLM\...\Sibelius 7.0.0.23_is1) (Version: 7.1.2.46 - Avid)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Slovník Verdict Free (a internetový překladač) (HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Verdict Free) (Version: - )
Sweet Home 3D version 5.0 (HKLM\...\Sweet Home 3D_is1) (Version: 5.0 - eTeks)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip (HKLM-x32\...\WinZip) (Version: 2.3.16 - Winzipper Pvt Ltd.) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-221707748-2089773074-1243769125-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lenka\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1BD85519-3044-4410-BFCD-A685FC9D1C09} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {49023766-9CB1-4F46-9207-C41BAF8FF96D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-05] (Google Inc.)
Task: {4F71D792-E5C3-49DF-B82E-85A3E32A4CD2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {7147A2D7-3D71-4901-9B51-EE954EBF4E75} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-05] (Google Inc.)
Task: {714899C4-3E7E-45F0-908D-75DB27FFDDDD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {82E02FCF-FC66-42AC-9F69-06A587DA6359} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {9E7B87AF-EFAD-4406-960B-E11A5D141891} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {B7E56125-1FB9-42D3-A77C-54A907190176} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26] (Adobe Systems Incorporated)
Task: {BA9A8CB2-B2F5-4744-B60F-2B577E4A6456} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {BB3CF76A-958E-4587-8C1D-57DF96995813} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {E044B3A0-9774-4B1A-9F39-11F83A786553} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {EB7CB529-0A5E-420B-8402-095A5617DC58} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2012-07-10 17:11 - 2012-07-10 17:11 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-07-27 13:51 - 2012-07-27 13:51 - 00346112 _____ () C:\Windows\system32\BsExtendFunc.dll
2012-07-10 17:09 - 2012-07-10 17:09 - 00022528 _____ () C:\Windows\system32\BsTrace.dll
2012-07-10 17:11 - 2012-07-10 17:11 - 00052736 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2014-01-29 23:02 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-11-05 13:23 - 2016-10-31 08:11 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libglesv2.dll
2016-11-05 13:23 - 2016-10-31 08:11 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libegl.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-10 17:09 - 2012-07-10 17:09 - 00022528 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2012-07-10 17:11 - 2012-07-10 17:11 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-07-10 17:11 - 2012-07-10 17:11 - 00052736 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2012-07-10 17:14 - 2012-07-10 17:14 - 00072192 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2012-07-27 13:51 - 2012-07-27 13:51 - 00346112 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll
2012-10-04 14:23 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2016-11-05 13:17 - 00002028 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
There are 4 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lenka\Pictures\Martin\Suchac romanticky pobyt\IMG_3523.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "HP Quick Launch"
HKLM\...\StartupApproved\Run32: => "HP CoolSense"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{B11FDEBA-E74B-4B34-B81E-67AC31A9AB6D}C:\users\lenka\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lenka\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{63A07842-4D1A-41A7-89D1-EB9283DEDCA0}C:\users\lenka\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lenka\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{6DF7643D-8CAC-410D-ABAD-7A2C02639379}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{3B37A9E0-560B-4B40-960E-BB67CC6940D4}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{3C3D7EF9-1D23-4992-94BF-9E7CDA7FF561}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{C8F8773D-609B-4ED4-B586-DE44FCDD994B}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{E248DEC5-FE54-4B49-91F2-51CE468A6850}C:\users\lenka\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lenka\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{C0EB3DCD-1F21-446D-BC0B-E4D3F906BC12}C:\users\lenka\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lenka\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{588CDA95-D969-4FD1-8B4F-39049C8CD72B}C:\users\lenka\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\lenka\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{08EBC2BF-DD6F-479B-BB99-7F9B9DA13F27}C:\users\lenka\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\lenka\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{39148BDC-556C-4C0C-AC77-37D17540ED8F}] => (Allow) C:\Users\Lenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E9CF0722-C515-46BC-A2C3-E93CB4E45C64}] => (Allow) C:\Users\Lenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{C9B881D2-5D18-4611-ADCE-AF6C868FD11D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{09589FF6-140F-4292-B1C7-C89F9A375896}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{04428B43-C6D7-453C-8880-614B2620F403}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{4B0508E1-0F56-4E69-B0CB-6560357AF4EA}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [UDP Query User{22862D24-F73D-495E-BE15-0F8CFEECFA82}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{A5D7BF9B-364A-49EE-B8DA-9FCCF2141D2F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E48E851B-4815-4AE0-AEF4-47086BF8A477}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5C779B28-2D96-49E8-99A6-0496F94623FD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{B581023C-D6B9-4B79-B019-ACB7412B9873}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{2A9E8DA8-B82E-4AD0-9277-026D3D816E08}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{CECF97EE-61BE-4333-81B4-18787501F30C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2B343F11-8A8E-434D-9347-632A3F90F54E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{319FE7B4-0106-4BA4-947F-1F47A04FD243}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C3E7AC59-5DDD-4D30-9EE8-6F86919E8203}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BEB44F2B-E644-42BD-BA3A-2447A7EDCF5F}] => (Allow) LPort=1900
FirewallRules: [{E9D82070-5DBF-4CE3-B9DD-3D9D00D2CC76}] => (Allow) LPort=2869
FirewallRules: [{59D3008F-5ABE-47AA-9B08-691CC21DE133}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9FD7D38E-EE65-495B-8042-EA16EA5E925F}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A1196923-D170-4F54-A216-BFFA8D39D6D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EB61FEAA-FCCA-48DC-B83C-8B8FC0E84465}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{19B2E6BF-EA70-4C46-AA97-EF3E99730D71}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{80BAD9E8-4413-4D1C-A0E2-A3B81941635C}] => (Allow) C:\Program Files (x86)\Sibelius Software\Sibelius 6\RegTool.exe
FirewallRules: [{0CBFEBFC-A571-4F1B-BD97-51DE719A31A6}] => (Allow) C:\Program Files (x86)\Sibelius Software\Sibelius 6\RegTool.exe
FirewallRules: [{9B241373-8F5E-4139-8AD3-0DD1FE068C1C}] => (Allow) C:\Program Files (x86)\Sibelius Software\Sibelius 6\Sibelius.exe
FirewallRules: [{572FA2FF-F179-442D-B17B-E798DF8FC12E}] => (Allow) C:\Program Files (x86)\Sibelius Software\Sibelius 6\Sibelius.exe
FirewallRules: [{E7DF01B0-3F0D-4498-8782-0C8B116014DD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{481C7265-BDA3-493A-84AE-51644B99552B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{D71D817A-9617-495D-B9A1-DF3B38C7AEC1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3A36234D-F22A-4D30-8853-77B9AB7DDF21}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{8E313EB6-9C7F-4A70-B7F3-995686A74043}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{3E35A3B4-993F-476D-B0BD-5F701D9AF167}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{EB92CE17-1A1F-43AB-B046-990390A717E5}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{8010DCC9-726E-4F98-828F-9C4BD30D8581}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{879DD183-183F-4A48-9372-16538F437FE4}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{9612D2C9-2016-4C2A-8B85-43FD6ECD6E94}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{FF52C973-198C-4F8D-9BC5-DC802735238B}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe
FirewallRules: [TCP Query User{58ED90D4-8A40-47A4-A582-40FFE3B7236A}C:\program files (x86)\goldleaf\application\chrome.exe] => (Block) C:\program files (x86)\goldleaf\application\chrome.exe
FirewallRules: [UDP Query User{F09DBEFB-DF4B-4CE4-8858-E7BB885F1268}C:\program files (x86)\goldleaf\application\chrome.exe] => (Block) C:\program files (x86)\goldleaf\application\chrome.exe
FirewallRules: [{13D535BB-D99C-4229-8086-0FA6A8DC079A}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe
FirewallRules: [{13481C4B-1645-406B-8D13-0B06E91922C8}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\bin\vreXjvX_server.exe
FirewallRules: [{D36F0E29-BACA-4C40-9B9E-8B49716DBD53}] => (Allow) C:\ProgramData\vreXjvX\protect\protect.exe
FirewallRules: [{817ABABE-E502-4C47-82C8-E54543DCB415}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
20-10-2016 21:01:03 Naplánovaný kontrolní bod
29-10-2016 18:02:34 Naplánovaný kontrolní bod
05-11-2016 12:18:18 Created by Wise Disk Cleaner
05-11-2016 17:01:47 Chrome Cleanup Tool
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/11/2016 10:58:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 10:58:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 10:58:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 10:45:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 10:45:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 10:45:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 10:45:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 10:45:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 07:07:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (11/11/2016 07:07:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAZLIK)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
System errors:
=============
Error: (11/11/2016 10:58:36 PM) (Source: DCOM) (EventID: 10010) (User: MAZLIK)
Description: Server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2016 10:58:35 PM) (Source: DCOM) (EventID: 10010) (User: MAZLIK)
Description: Server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2016 10:58:35 PM) (Source: DCOM) (EventID: 10010) (User: MAZLIK)
Description: Server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2016 10:45:16 PM) (Source: DCOM) (EventID: 10010) (User: MAZLIK)
Description: Server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2016 10:45:14 PM) (Source: DCOM) (EventID: 10010) (User: MAZLIK)
Description: Server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2016 10:45:14 PM) (Source: DCOM) (EventID: 10010) (User: MAZLIK)
Description: Server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2016 10:45:12 PM) (Source: DCOM) (EventID: 10010) (User: MAZLIK)
Description: Server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2016 10:45:05 PM) (Source: DCOM) (EventID: 10010) (User: MAZLIK)
Description: Server Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2016 10:44:59 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Přidělování DHCP bylo automaticky vypnuto u IP adresy 192.168.0.105, protože tato adresa nepatří do oboru 192.168.137.0/255.255.255.0, ze kterého jsou přidělovány adresy klientům DHCP. Chcete-li přidělování DHCP u této IP adresy zapnout, změňte obor tak, aby tuto IP adresu zahrnoval, nebo změňte IP adresu tak, aby patřila do oboru.
Error: (11/11/2016 10:44:59 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: Službě ICS_IPV6 se nepodařilo nakonfigurovat zásobník IPv6.
CodeIntegrity:
===================================
Date: 2016-11-11 22:57:27.180
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 22:51:56.787
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 22:51:56.399
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 19:07:58.233
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 19:07:30.258
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 18:45:47.921
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 18:44:46.535
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 18:16:59.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 18:16:46.328
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-11 18:09:27.654
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU 987 @ 1.50GHz
Percentage of memory in use: 44%
Total physical RAM: 3986.28 MB
Available physical RAM: 2212.69 MB
Total Virtual: 7698.28 MB
Available Virtual: 5829.91 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:681 GB) (Free:455.79 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.42 GB) (Free:1.24 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 5ED2F137)
Partition: GPT.
==================== End of Addition.txt ============================
Re: Prosím o kontrolu
- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi
Kód: Vybrat vše
Start CreateRestorePoint: CloseProcesses: File: C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe File: C:\Program Files (x86)\STLL Notifier HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd) HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = CMD: type "C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\user.js" FF Extension: (xRocket Toolbar) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\Extensions\arthurj8283@gmail.com [2016-10-24] [not signed] S2 da05e809; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.89\OptProMon.dll",ENT <==== ATTENTION S3 Origin Client Service; C:\Users\Public\Desktop\Origin\OriginClientService.exe [X] c:\Program Files (x86)\Optimizer Pro 3.89 S3 netr28x; \SystemRoot\system32\DRIVERS\netr28x.sys [X] Folder: C:\Users\Lenka\AppData\Local\Jarhair 2016-11-03 20:36 - 2016-11-03 20:36 - 00000000 ____D C:\Program Files (x86)\8rx0tgdf 2016-11-03 18:36 - 2016-11-03 18:36 - 00000000 ____D C:\Program Files (x86)\wtswgi3x 2016-11-03 17:41 - 2016-11-03 17:50 - 00000000 ____D C:\Program Files (x86)\i7azd2gu 2016-11-02 20:36 - 2016-11-02 20:36 - 00000000 ____D C:\Program Files (x86)\bqa0gfdr 2016-11-02 20:00 - 2016-11-02 20:00 - 00000000 ____D C:\Users\Lenka\AppData\Local\Goldleaf 2016-11-02 19:36 - 2016-11-02 19:36 - 00000003 _____ C:\WINDOWS\SysWOW64\hoewmds 2016-11-02 18:42 - 2016-11-02 18:45 - 00000000 ____D C:\Program Files (x86)\71vr3fz9 2016-11-01 21:36 - 2016-11-01 21:36 - 00000000 ____D C:\ProgramData\UvConverter 2016-11-01 21:35 - 2016-11-01 21:36 - 00000000 ____D C:\ProgramData\QQBrowser 2016-11-01 21:35 - 2016-11-01 21:35 - 00000000 ____D C:\ProgramData\fibei 2016-11-01 21:35 - 2016-11-01 21:35 - 00000000 ____D C:\Program Files (x86)\Goldleaf 2016-11-01 20:37 - 2016-11-01 20:38 - 00000000 ____D C:\Program Files (x86)\a92rfjl5 2016-11-01 18:36 - 2016-11-01 18:36 - 00000000 ____D C:\Program Files (x86)\qg2s153s 2016-11-01 17:35 - 2016-11-01 17:37 - 00000000 ____D C:\Program Files (x86)\b6wcfupd 2016-10-26 20:45 - 2016-11-06 01:04 - 00000000 ____D C:\Program Files (x86)\WinArcher 2016-10-26 20:42 - 2016-10-26 20:45 - 00000000 ____D C:\Program Files (x86)\2t4xl9qk 2016-10-25 15:36 - 2016-10-25 15:36 - 00000000 ____D C:\Program Files (x86)\4ocgsmog Folder: C:\ProgramData\WinSAPSvc 2016-10-25 15:31 - 2016-10-25 15:34 - 00000000 ____D C:\Program Files (x86)\vv8fphgr 2016-10-21 21:28 - 2016-11-05 12:07 - 00000000 ____D C:\ProgramData\BaofengUpdate_U 2016-10-21 21:28 - 2016-10-21 21:28 - 00000000 ____D C:\ProgramData\icfib 2016-10-21 21:27 - 2016-10-21 21:27 - 00000000 ____D C:\ProgramData\chuvc 2016-10-20 18:35 - 2016-10-20 18:36 - 00000003 _____ C:\WINDOWS\SysWOW64\xaabbbbbbb 2016-10-20 18:35 - 2016-10-20 18:36 - 00000000 ____D C:\Program Files (x86)\Jarhair 2016-10-20 18:35 - 2016-10-20 18:35 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC 2016-10-20 18:34 - 2016-10-20 18:34 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\aMule 2016-10-20 18:34 - 2016-10-20 18:34 - 00000000 ____D C:\Program Files (x86)\amuleC 2016-10-19 18:41 - 2016-10-19 18:42 - 00000000 ____D C:\Program Files (x86)\us4pd7vz 2016-11-10 21:57 - 2016-07-25 14:31 - 00000000 ____D C:\Program Files (x86)\WinZipper 2016-11-05 15:55 - 2016-04-27 11:36 - 00000000 ____D C:\Program Files (x86)\vreXjvX 2016-11-05 13:19 - 2015-11-14 11:40 - 00000000 ____D C:\rsit 2016-11-05 13:17 - 2015-02-05 21:29 - 00000000 ____D C:\Program Files\trend micro 2016-11-05 12:02 - 2016-03-31 15:48 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd File: C:\Program Files (x86)\SSFK.exe 2016-07-28 09:39 - 2016-10-19 21:25 - 1560800 _____ (UDa) C:\Program Files (x86)\SSFK.exe 2015-11-12 22:32 - 2015-11-12 22:32 - 0000604 ____H () C:\Program Files (x86)\STLL Notifier 2015-05-25 17:04 - 2015-05-25 17:04 - 0000604 ____H () C:\Program Files (x86)\_Z2 2016-03-03 16:40 - 2003-03-21 12:45 - 0250544 _____ (KeyWorks Software) C:\Program Files (x86)\Common Files\keyhelp.ocx 2014-12-23 16:44 - 2014-12-23 16:44 - 1815520 _____ (HDQ-1.2cV23.12) C:\Users\Lenka\AppData\Roaming\DAWFORW.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe FirewallRules: [{EB92CE17-1A1F-43AB-B046-990390A717E5}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe FirewallRules: [{8010DCC9-726E-4F98-828F-9C4BD30D8581}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe FirewallRules: [{879DD183-183F-4A48-9372-16538F437FE4}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe FirewallRules: [{9612D2C9-2016-4C2A-8B85-43FD6ECD6E94}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe FirewallRules: [{FF52C973-198C-4F8D-9BC5-DC802735238B}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe FirewallRules: [TCP Query User{58ED90D4-8A40-47A4-A582-40FFE3B7236A}C:\program files (x86)\goldleaf\application\chrome.exe] => (Block) C:\program files (x86)\goldleaf\application\chrome.exe FirewallRules: [UDP Query User{F09DBEFB-DF4B-4CE4-8858-E7BB885F1268}C:\program files (x86)\goldleaf\application\chrome.exe] => (Block) C:\program files (x86)\goldleaf\application\chrome.exe File: C:\program files (x86)\goldleaf\application\chrome.exe FirewallRules: [{13D535BB-D99C-4229-8086-0FA6A8DC079A}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe FirewallRules: [{13481C4B-1645-406B-8D13-0B06E91922C8}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\bin\vreXjvX_server.exe FirewallRules: [{D36F0E29-BACA-4C40-9B9E-8B49716DBD53}] => (Allow) C:\ProgramData\vreXjvX\protect\protect.exe File: C:\Program Files\KMSnano\qemu-system-i386.exe C:\Program Files\KMSnano CMD: dir "C:\Windows\System32\Tasks" CMD: dir "C:\PROGRA~1" CMD: dir "C:\PROGRA~2" CMD: dir "C:\PROGRA~3" CMD: dir "%localappdata%" CMD: dir "%appdata%" Hosts: EmptyTemp: End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o kontrolu
Fix result of Farbar Recovery Scan Tool (x64) Version: 19-11-2016 01
Ran by Lenka (19-11-2016 14:38:47) Run:1
Running from C:\Users\Lenka\Desktop
Loaded Profiles: Lenka (Available Profiles: Lenka)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe
File: C:\Program Files (x86)\STLL Notifier
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd)
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CMD: type "C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\user.js"
FF Extension: (xRocket Toolbar) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\Extensions\arthurj8283@gmail.com [2016-10-24] [not signed]
S2 da05e809; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.89\OptProMon.dll",ENT <==== ATTENTION
S3 Origin Client Service; C:\Users\Public\Desktop\Origin\OriginClientService.exe [X]
c:\Program Files (x86)\Optimizer Pro 3.89
S3 netr28x; \SystemRoot\system32\DRIVERS\netr28x.sys [X]
Folder: C:\Users\Lenka\AppData\Local\Jarhair
2016-11-03 20:36 - 2016-11-03 20:36 - 00000000 ____D C:\Program Files (x86)\8rx0tgdf
2016-11-03 18:36 - 2016-11-03 18:36 - 00000000 ____D C:\Program Files (x86)\wtswgi3x
2016-11-03 17:41 - 2016-11-03 17:50 - 00000000 ____D C:\Program Files (x86)\i7azd2gu
2016-11-02 20:36 - 2016-11-02 20:36 - 00000000 ____D C:\Program Files (x86)\bqa0gfdr
2016-11-02 20:00 - 2016-11-02 20:00 - 00000000 ____D C:\Users\Lenka\AppData\Local\Goldleaf
2016-11-02 19:36 - 2016-11-02 19:36 - 00000003 _____ C:\WINDOWS\SysWOW64\hoewmds
2016-11-02 18:42 - 2016-11-02 18:45 - 00000000 ____D C:\Program Files (x86)\71vr3fz9
2016-11-01 21:36 - 2016-11-01 21:36 - 00000000 ____D C:\ProgramData\UvConverter
2016-11-01 21:35 - 2016-11-01 21:36 - 00000000 ____D C:\ProgramData\QQBrowser
2016-11-01 21:35 - 2016-11-01 21:35 - 00000000 ____D C:\ProgramData\fibei
2016-11-01 21:35 - 2016-11-01 21:35 - 00000000 ____D C:\Program Files (x86)\Goldleaf
2016-11-01 20:37 - 2016-11-01 20:38 - 00000000 ____D C:\Program Files (x86)\a92rfjl5
2016-11-01 18:36 - 2016-11-01 18:36 - 00000000 ____D C:\Program Files (x86)\qg2s153s
2016-11-01 17:35 - 2016-11-01 17:37 - 00000000 ____D C:\Program Files (x86)\b6wcfupd
2016-10-26 20:45 - 2016-11-06 01:04 - 00000000 ____D C:\Program Files (x86)\WinArcher
2016-10-26 20:42 - 2016-10-26 20:45 - 00000000 ____D C:\Program Files (x86)\2t4xl9qk
2016-10-25 15:36 - 2016-10-25 15:36 - 00000000 ____D C:\Program Files (x86)\4ocgsmog
Folder: C:\ProgramData\WinSAPSvc
2016-10-25 15:31 - 2016-10-25 15:34 - 00000000 ____D C:\Program Files (x86)\vv8fphgr
2016-10-21 21:28 - 2016-11-05 12:07 - 00000000 ____D C:\ProgramData\BaofengUpdate_U
2016-10-21 21:28 - 2016-10-21 21:28 - 00000000 ____D C:\ProgramData\icfib
2016-10-21 21:27 - 2016-10-21 21:27 - 00000000 ____D C:\ProgramData\chuvc
2016-10-20 18:35 - 2016-10-20 18:36 - 00000003 _____ C:\WINDOWS\SysWOW64\xaabbbbbbb
2016-10-20 18:35 - 2016-10-20 18:36 - 00000000 ____D C:\Program Files (x86)\Jarhair
2016-10-20 18:35 - 2016-10-20 18:35 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2016-10-20 18:34 - 2016-10-20 18:34 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\aMule
2016-10-20 18:34 - 2016-10-20 18:34 - 00000000 ____D C:\Program Files (x86)\amuleC
2016-10-19 18:41 - 2016-10-19 18:42 - 00000000 ____D C:\Program Files (x86)\us4pd7vz
2016-11-10 21:57 - 2016-07-25 14:31 - 00000000 ____D C:\Program Files (x86)\WinZipper
2016-11-05 15:55 - 2016-04-27 11:36 - 00000000 ____D C:\Program Files (x86)\vreXjvX
2016-11-05 13:19 - 2015-11-14 11:40 - 00000000 ____D C:\rsit
2016-11-05 13:17 - 2015-02-05 21:29 - 00000000 ____D C:\Program Files\trend micro
2016-11-05 12:02 - 2016-03-31 15:48 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd
File: C:\Program Files (x86)\SSFK.exe
2016-07-28 09:39 - 2016-10-19 21:25 - 1560800 _____ (UDa) C:\Program Files (x86)\SSFK.exe
2015-11-12 22:32 - 2015-11-12 22:32 - 0000604 ____H () C:\Program Files (x86)\STLL Notifier
2015-05-25 17:04 - 2015-05-25 17:04 - 0000604 ____H () C:\Program Files (x86)\_Z2
2016-03-03 16:40 - 2003-03-21 12:45 - 0250544 _____ (KeyWorks Software) C:\Program Files (x86)\Common Files\keyhelp.ocx
2014-12-23 16:44 - 2014-12-23 16:44 - 1815520 _____ (HDQ-1.2cV23.12) C:\Users\Lenka\AppData\Roaming\DAWFORW.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
FirewallRules: [{EB92CE17-1A1F-43AB-B046-990390A717E5}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{8010DCC9-726E-4F98-828F-9C4BD30D8581}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{879DD183-183F-4A48-9372-16538F437FE4}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{9612D2C9-2016-4C2A-8B85-43FD6ECD6E94}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{FF52C973-198C-4F8D-9BC5-DC802735238B}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe
FirewallRules: [TCP Query User{58ED90D4-8A40-47A4-A582-40FFE3B7236A}C:\program files (x86)\goldleaf\application\chrome.exe] => (Block) C:\program files (x86)\goldleaf\application\chrome.exe
FirewallRules: [UDP Query User{F09DBEFB-DF4B-4CE4-8858-E7BB885F1268}C:\program files (x86)\goldleaf\application\chrome.exe] => (Block) C:\program files (x86)\goldleaf\application\chrome.exe
File: C:\program files (x86)\goldleaf\application\chrome.exe
FirewallRules: [{13D535BB-D99C-4229-8086-0FA6A8DC079A}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe
FirewallRules: [{13481C4B-1645-406B-8D13-0B06E91922C8}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\bin\vreXjvX_server.exe
FirewallRules: [{D36F0E29-BACA-4C40-9B9E-8B49716DBD53}] => (Allow) C:\ProgramData\vreXjvX\protect\protect.exe
File: C:\Program Files\KMSnano\qemu-system-i386.exe
C:\Program Files\KMSnano
CMD: dir "C:\Windows\System32\Tasks"
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
========================= File: C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe ========================
"C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" => not found.
====== End of File: ======
========================= File: C:\Program Files (x86)\STLL Notifier ========================
File not signed
MD5: D90CB2412749BE602A54E987E381D78D
Creation and modification date: 2015-11-12 22:32 - 2015-11-12 22:32
Size: 0000604
Attributes: ---AH
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
====== End of File: ======
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value removed successfully
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite Automount => value removed successfully
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
========= type "C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\user.js" =========
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/
user_pref("browser.search.searchengine.alias", "");
user_pref("browser.search.searchengine.ref", "");
user_pref("browser.search.searchengine.ts", "1477326036");
user_pref("browser.search.searchengine.type", "");
user_pref("browser.search.searchengine.uid", "toshibaxmq01abd075_92ekp2entxx92ekp2ent");
user_pref("browser.search.useDBForOrder", true);
user_pref("browser.sessionstore.resume_session_once", false);
========= End of CMD: =========
C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\Extensions\arthurj8283@gmail.com => moved successfully
da05e809 => service removed successfully
Origin Client Service => service removed successfully
"c:\Program Files (x86)\Optimizer Pro 3.89" => not found.
netr28x => service removed successfully
========================= Folder: C:\Users\Lenka\AppData\Local\Jarhair ========================
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\First Run
2016-11-05 13:12 - 2016-11-05 13:12 - 0001683 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Local State
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\CertificateTransparency
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default
2016-11-05 13:12 - 2016-11-05 13:12 - 0009216 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Cookies
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Cookies-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0001335 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Current Session
2016-11-05 13:12 - 2016-11-05 13:12 - 0001142 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Current Tabs
2016-11-05 13:12 - 2016-11-05 13:12 - 0020480 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Favicons
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Favicons-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0180640 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Google Profile.ico
2016-11-05 13:12 - 2016-11-05 13:12 - 0110592 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\History
2016-11-05 13:12 - 2016-11-05 13:12 - 0006834 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\History Provider Cache
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\History-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0018432 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Login Data
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Login Data-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0013312 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Network Action Predictor
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Network Action Predictor-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0000040 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Network Persistent State
2016-11-05 13:12 - 2016-11-05 13:12 - 0005120 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Origin Bound Certs
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Origin Bound Certs-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0030149 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Preferences
2016-11-05 13:12 - 2016-11-05 13:12 - 0000180 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\README
2016-11-05 13:12 - 2016-11-05 13:12 - 0000095 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Secure Preferences
2016-11-05 13:12 - 2016-11-05 13:12 - 0012288 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Shortcuts
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Shortcuts-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0020480 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Top Sites
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Top Sites-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0131072 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Visited Links
2016-11-05 13:12 - 2016-11-05 13:12 - 0059392 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Web Data
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Web Data-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Cache
2016-11-05 13:12 - 2016-11-05 13:12 - 0045056 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Cache\data_0
2016-11-05 13:12 - 2016-11-05 13:12 - 0270336 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Cache\data_1
2016-11-05 13:12 - 2016-11-05 13:12 - 1056768 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Cache\data_2
2016-11-05 13:12 - 2016-11-05 13:12 - 4202496 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Cache\data_3
2016-11-05 13:12 - 2016-11-05 13:12 - 0524656 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Cache\index
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\data_reduction_proxy_leveldb
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\data_reduction_proxy_leveldb\000003.log
2016-11-05 13:12 - 2016-11-05 13:12 - 0000016 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\data_reduction_proxy_leveldb\CURRENT
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\data_reduction_proxy_leveldb\LOCK
2016-11-05 13:12 - 2016-11-05 13:12 - 0000146 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\data_reduction_proxy_leveldb\LOG
2016-11-05 13:12 - 2016-11-05 13:12 - 0000041 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension Rules
2016-11-05 13:12 - 2016-11-05 13:12 - 0000076 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension Rules\000003.log
2016-11-05 13:12 - 2016-11-05 13:12 - 0000016 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension Rules\CURRENT
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension Rules\LOCK
2016-11-05 13:12 - 2016-11-05 13:12 - 0000133 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension Rules\LOG
2016-11-05 13:12 - 2016-11-05 13:12 - 0000041 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension Rules\MANIFEST-000001
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension State
2016-11-05 13:12 - 2016-11-05 13:12 - 0000570 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension State\000003.log
2016-11-05 13:12 - 2016-11-05 13:12 - 0000016 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension State\CURRENT
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension State\LOCK
2016-11-05 13:12 - 2016-11-05 13:12 - 0000133 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension State\LOG
2016-11-05 13:12 - 2016-11-05 13:12 - 0000041 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension State\MANIFEST-000001
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0
2016-11-05 13:12 - 2016-04-01 10:10 - 0193368 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\craw_background.js
2016-11-05 13:12 - 2016-04-01 10:10 - 0223759 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\craw_window.js
2016-11-05 13:12 - 2016-11-05 13:12 - 0001322 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\manifest.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\bg
2016-11-05 13:12 - 2016-11-05 13:12 - 0000886 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\bg\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ca
2016-11-05 13:12 - 2016-11-05 13:12 - 0000705 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ca\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\cs
2016-11-05 13:12 - 2016-11-05 13:12 - 0000663 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\cs\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\da
2016-11-05 13:12 - 2016-11-05 13:12 - 0000642 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\da\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\de
2016-11-05 13:12 - 2016-11-05 13:12 - 0000701 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\de\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\el
2016-11-05 13:12 - 2016-11-05 13:12 - 0000875 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\el\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en
2016-11-05 13:12 - 2016-11-05 13:12 - 0000617 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en_GB
2016-11-05 13:12 - 2016-11-05 13:12 - 0000617 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en_GB\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es
2016-11-05 13:12 - 2016-11-05 13:12 - 0000696 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es_419
2016-11-05 13:12 - 2016-11-05 13:12 - 0000667 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es_419\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\et
2016-11-05 13:12 - 2016-11-05 13:12 - 0000609 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\et\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fi
2016-11-05 13:12 - 2016-11-05 13:12 - 0000673 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fi\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fil
2016-11-05 13:12 - 2016-11-05 13:12 - 0000692 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fil\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fr
2016-11-05 13:12 - 2016-11-05 13:12 - 0000708 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hi
2016-11-05 13:12 - 2016-11-05 13:12 - 0000941 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hi\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hr
2016-11-05 13:12 - 2016-11-05 13:12 - 0000633 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hu
2016-11-05 13:12 - 2016-11-05 13:12 - 0000710 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hu\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\id
2016-11-05 13:12 - 2016-11-05 13:12 - 0000617 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\id\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\it
2016-11-05 13:12 - 2016-11-05 13:12 - 0000622 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\it\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ja
2016-11-05 13:12 - 2016-11-05 13:12 - 0000778 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ja\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ko
2016-11-05 13:12 - 2016-11-05 13:12 - 0000669 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ko\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lt
2016-11-05 13:12 - 2016-11-05 13:12 - 0000686 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lt\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lv
2016-11-05 13:12 - 2016-11-05 13:12 - 0000699 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lv\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nb
2016-11-05 13:12 - 2016-11-05 13:12 - 0000644 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nb\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nl
2016-11-05 13:12 - 2016-11-05 13:12 - 0000642 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nl\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pl
2016-11-05 13:12 - 2016-11-05 13:12 - 0000666 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pl\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_BR
2016-11-05 13:12 - 2016-11-05 13:12 - 0000667 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_BR\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_PT
2016-11-05 13:12 - 2016-11-05 13:12 - 0000661 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_PT\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ro
2016-11-05 13:12 - 2016-11-05 13:12 - 0000668 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ro\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ru
2016-11-05 13:12 - 2016-11-05 13:12 - 0000783 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ru\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sk
2016-11-05 13:12 - 2016-11-05 13:12 - 0000671 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sk\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sl
2016-11-05 13:12 - 2016-11-05 13:12 - 0000642 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sl\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sr
2016-11-05 13:12 - 2016-11-05 13:12 - 0000814 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sv
2016-11-05 13:12 - 2016-11-05 13:12 - 0000649 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sv\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\th
2016-11-05 13:12 - 2016-11-05 13:12 - 0001099 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\th\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\tr
2016-11-05 13:12 - 2016-11-05 13:12 - 0000650 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\tr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\uk
2016-11-05 13:12 - 2016-11-05 13:12 - 0000789 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\uk\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\vi
2016-11-05 13:12 - 2016-11-05 13:12 - 0000720 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\vi\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_CN
2016-11-05 13:12 - 2016-11-05 13:12 - 0000595 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_CN\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_TW
2016-11-05 13:12 - 2016-11-05 13:12 - 0000640 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_TW\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_metadata
2016-11-05 13:12 - 2016-04-01 09:58 - 0011770 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_metadata\verified_contents.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\css
2016-11-05 13:12 - 2013-10-07 11:22 - 0001741 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\css\craw_window.css
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\html
2016-11-05 13:12 - 2013-08-07 12:33 - 0000810 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\html\craw_window.html
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images
2016-11-05 13:12 - 2013-08-07 12:33 - 0070364 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\flapper.gif
2016-11-05 13:12 - 2016-11-05 13:12 - 0004361 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\icon_128.png
2016-11-05 13:12 - 2016-11-05 13:12 - 0000556 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\icon_16.png
2016-11-05 13:12 - 2013-08-07 12:33 - 0000160 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button.png
2016-11-05 13:12 - 2013-08-07 12:33 - 0000252 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_close.png
2016-11-05 13:12 - 2013-08-07 12:33 - 0000160 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_hover.png
2016-11-05 13:12 - 2013-08-07 12:33 - 0000166 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_maximize.png
2016-11-05 13:12 - 2013-08-07 12:33 - 0000160 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_pressed.png
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0
2016-11-05 13:12 - 2016-10-06 13:41 - 0555867 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\angular.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0191617 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\background_script.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0095713 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_game_sender.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0069744 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_route_details.html
2016-11-05 13:12 - 2016-10-06 13:41 - 0234590 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_route_details.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0050217 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_sender.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0053853 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\common.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0003110 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\feedback.css
2016-11-05 13:12 - 2016-10-06 13:41 - 0014504 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\feedback.html
2016-11-05 13:12 - 2016-10-06 13:41 - 0011089 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\feedback_script.js
2016-11-05 13:12 - 2016-11-05 13:12 - 0002252 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\manifest.json
2016-11-05 13:12 - 2016-10-06 13:41 - 0286777 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\material_css_min.css
2016-11-05 13:12 - 2016-10-06 13:41 - 0034493 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\mirroring_common.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0361344 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\mirroring_hangouts.js
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\am
2016-11-05 13:12 - 2016-11-05 13:12 - 0018487 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\am\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ar
2016-11-05 13:12 - 2016-11-05 13:12 - 0017868 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ar\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\bg
2016-11-05 13:12 - 2016-11-05 13:12 - 0019287 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\bg\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\bn
2016-11-05 13:12 - 2016-11-05 13:12 - 0021204 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\bn\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ca
2016-11-05 13:12 - 2016-11-05 13:12 - 0016483 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ca\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\cs
2016-11-05 13:12 - 2016-11-05 13:12 - 0016407 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\cs\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\da
2016-11-05 13:12 - 2016-11-05 13:12 - 0016243 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\da\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\de
2016-11-05 13:12 - 2016-11-05 13:12 - 0016485 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\de\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\el
2016-11-05 13:12 - 2016-11-05 13:12 - 0019188 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\el\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\en
2016-11-05 13:12 - 2016-11-05 13:12 - 0015732 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\en\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\es
2016-11-05 13:12 - 2016-11-05 13:12 - 0016471 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\es\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\et
2016-11-05 13:12 - 2016-11-05 13:12 - 0016014 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\et\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fa
2016-11-05 13:12 - 2016-11-05 13:12 - 0018128 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fa\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fi
2016-11-05 13:12 - 2016-11-05 13:12 - 0016211 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fi\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fil
2016-11-05 13:12 - 2016-11-05 13:12 - 0016497 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fil\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fr
2016-11-05 13:12 - 2016-11-05 13:12 - 0016779 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\gu
2016-11-05 13:12 - 2016-11-05 13:12 - 0020587 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\gu\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\hi
2016-11-05 13:12 - 2016-11-05 13:12 - 0020710 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\hi\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\hr
2016-11-05 13:12 - 2016-11-05 13:12 - 0016365 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\hr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\hu
2016-11-05 13:12 - 2016-11-05 13:12 - 0016598 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\hu\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\id
2016-11-05 13:12 - 2016-11-05 13:12 - 0015962 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\id\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\it
2016-11-05 13:12 - 2016-11-05 13:12 - 0016138 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\it\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\iw
2016-11-05 13:12 - 2016-10-06 13:41 - 0020604 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\iw\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ja
2016-11-05 13:12 - 2016-11-05 13:12 - 0017532 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ja\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\kn
2016-11-05 13:12 - 2016-11-05 13:12 - 0021922 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\kn\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ko
2016-11-05 13:12 - 2016-11-05 13:12 - 0016444 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ko\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\lt
2016-11-05 13:12 - 2016-11-05 13:12 - 0016746 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\lt\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\lv
2016-11-05 13:12 - 2016-11-05 13:12 - 0016831 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\lv\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ml
2016-11-05 13:12 - 2016-11-05 13:12 - 0022572 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ml\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\mr
2016-11-05 13:12 - 2016-11-05 13:12 - 0021043 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\mr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ms
2016-11-05 13:12 - 2016-11-05 13:12 - 0016263 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ms\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\nb
2016-11-05 13:12 - 2016-11-05 13:12 - 0016035 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\nb\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\nl
2016-11-05 13:12 - 2016-11-05 13:12 - 0016178 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\nl\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pl
2016-11-05 13:12 - 2016-11-05 13:12 - 0016332 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pl\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pt
2016-11-05 13:12 - 2016-11-05 13:12 - 0016328 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pt\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pt_BR
2016-11-05 13:12 - 2016-11-05 13:12 - 0016328 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pt_BR\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pt_PT
2016-11-05 13:12 - 2016-11-05 13:12 - 0016328 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pt_PT\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ro
2016-11-05 13:12 - 2016-11-05 13:12 - 0016597 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ro\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ru
2016-11-05 13:12 - 2016-11-05 13:12 - 0018698 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ru\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sk
2016-11-05 13:12 - 2016-11-05 13:12 - 0016635 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sk\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sl
2016-11-05 13:12 - 2016-11-05 13:12 - 0016505 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sl\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sr
2016-11-05 13:12 - 2016-11-05 13:12 - 0018889 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sv
2016-11-05 13:12 - 2016-11-05 13:12 - 0016025 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sv\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sw
2016-11-05 13:12 - 2016-11-05 13:12 - 0016005 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sw\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ta
2016-11-05 13:12 - 2016-11-05 13:12 - 0022081 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ta\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\te
2016-11-05 13:12 - 2016-11-05 13:12 - 0021914 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\te\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\th
2016-11-05 13:12 - 2016-11-05 13:12 - 0020290 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\th\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\tr
2016-11-05 13:12 - 2016-11-05 13:12 - 0016449 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\tr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\uk
2016-11-05 13:12 - 2016-11-05 13:12 - 0018679 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\uk\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\vi
2016-11-05 13:12 - 2016-11-05 13:12 - 0017012 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\vi\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\zh
2016-11-05 13:12 - 2016-11-05 13:12 - 0015638 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\zh\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\zh_TW
2016-11-05 13:12 - 2016-11-05 13:12 - 0015723 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\zh_TW\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_metadata
2016-11-05 13:12 - 2016-11-05 13:12 - 0026941 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_metadata\computed_hashes.json
2016-11-05 13:12 - 2016-10-06 13:41 - 0015681 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_metadata\verified_contents.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup
2016-11-05 13:12 - 2016-10-06 13:41 - 0006685 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\cast_app.css
2016-11-05 13:12 - 2016-10-06 13:41 - 0134710 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\cast_app.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0000242 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\cast_app_redirect.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0000059 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\devices.html
2016-11-05 13:12 - 2016-10-06 13:41 - 0007151 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\chromecast_logo_grey.png
2016-11-05 13:12 - 2016-10-06 13:41 - 0002088 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\index.html
2016-11-05 13:12 - 2016-10-06 13:41 - 0000059 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\offers.html
2016-11-05 13:12 - 2016-10-06 13:41 - 0000059 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\setup.html
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cloud_route_details
2016-11-05 13:12 - 2016-10-06 13:41 - 0005964 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cloud_route_details\view.html
2016-11-05 13:12 - 2016-10-06 13:41 - 0002416 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cloud_route_details\view.js
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\Temp
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\GPUCache
2016-11-05 13:12 - 2016-11-05 13:12 - 0008192 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\GPUCache\data_0
2016-11-05 13:12 - 2016-11-05 13:12 - 0270336 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\GPUCache\data_1
2016-11-05 13:12 - 2016-11-05 13:12 - 0008192 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\GPUCache\data_2
2016-11-05 13:12 - 2016-11-05 13:12 - 0008192 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\GPUCache\data_3
2016-11-05 13:12 - 2016-11-05 13:12 - 0262512 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\GPUCache\index
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\JumpListIcons
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\JumpListIcons\F309.tmp
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\JumpListIcons\F30A.tmp
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Local Storage
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Sync Extension Settings
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\000003.log
2016-11-05 13:12 - 2016-11-05 13:12 - 0000016 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\CURRENT
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOCK
2016-11-05 13:12 - 2016-11-05 13:12 - 0000174 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
2016-11-05 13:12 - 2016-11-05 13:12 - 0000041 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\MANIFEST-000001
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\EVWhitelist
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\FileTypePolicies
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\OriginTrials
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\PepperFlash
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\ShaderCache
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\ShaderCache\GPUCache
2016-11-05 13:12 - 2016-11-05 13:12 - 0045056 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\ShaderCache\GPUCache\data_0
2016-11-05 13:12 - 2016-11-05 13:12 - 0270336 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\ShaderCache\GPUCache\data_1
2016-11-05 13:12 - 2016-11-05 13:12 - 0008192 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\ShaderCache\GPUCache\data_2
2016-11-05 13:12 - 2016-11-05 13:12 - 4202496 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\ShaderCache\GPUCache\data_3
2016-11-05 13:12 - 2016-11-05 13:12 - 0262512 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\ShaderCache\GPUCache\index
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\SwiftShader
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\SwReporter
====== End of Folder: ======
C:\Program Files (x86)\8rx0tgdf => moved successfully
C:\Program Files (x86)\wtswgi3x => moved successfully
C:\Program Files (x86)\i7azd2gu => moved successfully
C:\Program Files (x86)\bqa0gfdr => moved successfully
C:\Users\Lenka\AppData\Local\Goldleaf => moved successfully
C:\WINDOWS\SysWOW64\hoewmds => moved successfully
C:\Program Files (x86)\71vr3fz9 => moved successfully
C:\ProgramData\UvConverter => moved successfully
C:\ProgramData\QQBrowser => moved successfully
C:\ProgramData\fibei => moved successfully
C:\Program Files (x86)\Goldleaf => moved successfully
C:\Program Files (x86)\a92rfjl5 => moved successfully
C:\Program Files (x86)\qg2s153s => moved successfully
C:\Program Files (x86)\b6wcfupd => moved successfully
C:\Program Files (x86)\WinArcher => moved successfully
C:\Program Files (x86)\2t4xl9qk => moved successfully
C:\Program Files (x86)\4ocgsmog => moved successfully
========================= Folder: C:\ProgramData\WinSAPSvc ========================
====== End of Folder: ======
Ran by Lenka (19-11-2016 14:38:47) Run:1
Running from C:\Users\Lenka\Desktop
Loaded Profiles: Lenka (Available Profiles: Lenka)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe
File: C:\Program Files (x86)\STLL Notifier
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd)
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CMD: type "C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\user.js"
FF Extension: (xRocket Toolbar) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\Extensions\arthurj8283@gmail.com [2016-10-24] [not signed]
S2 da05e809; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.89\OptProMon.dll",ENT <==== ATTENTION
S3 Origin Client Service; C:\Users\Public\Desktop\Origin\OriginClientService.exe [X]
c:\Program Files (x86)\Optimizer Pro 3.89
S3 netr28x; \SystemRoot\system32\DRIVERS\netr28x.sys [X]
Folder: C:\Users\Lenka\AppData\Local\Jarhair
2016-11-03 20:36 - 2016-11-03 20:36 - 00000000 ____D C:\Program Files (x86)\8rx0tgdf
2016-11-03 18:36 - 2016-11-03 18:36 - 00000000 ____D C:\Program Files (x86)\wtswgi3x
2016-11-03 17:41 - 2016-11-03 17:50 - 00000000 ____D C:\Program Files (x86)\i7azd2gu
2016-11-02 20:36 - 2016-11-02 20:36 - 00000000 ____D C:\Program Files (x86)\bqa0gfdr
2016-11-02 20:00 - 2016-11-02 20:00 - 00000000 ____D C:\Users\Lenka\AppData\Local\Goldleaf
2016-11-02 19:36 - 2016-11-02 19:36 - 00000003 _____ C:\WINDOWS\SysWOW64\hoewmds
2016-11-02 18:42 - 2016-11-02 18:45 - 00000000 ____D C:\Program Files (x86)\71vr3fz9
2016-11-01 21:36 - 2016-11-01 21:36 - 00000000 ____D C:\ProgramData\UvConverter
2016-11-01 21:35 - 2016-11-01 21:36 - 00000000 ____D C:\ProgramData\QQBrowser
2016-11-01 21:35 - 2016-11-01 21:35 - 00000000 ____D C:\ProgramData\fibei
2016-11-01 21:35 - 2016-11-01 21:35 - 00000000 ____D C:\Program Files (x86)\Goldleaf
2016-11-01 20:37 - 2016-11-01 20:38 - 00000000 ____D C:\Program Files (x86)\a92rfjl5
2016-11-01 18:36 - 2016-11-01 18:36 - 00000000 ____D C:\Program Files (x86)\qg2s153s
2016-11-01 17:35 - 2016-11-01 17:37 - 00000000 ____D C:\Program Files (x86)\b6wcfupd
2016-10-26 20:45 - 2016-11-06 01:04 - 00000000 ____D C:\Program Files (x86)\WinArcher
2016-10-26 20:42 - 2016-10-26 20:45 - 00000000 ____D C:\Program Files (x86)\2t4xl9qk
2016-10-25 15:36 - 2016-10-25 15:36 - 00000000 ____D C:\Program Files (x86)\4ocgsmog
Folder: C:\ProgramData\WinSAPSvc
2016-10-25 15:31 - 2016-10-25 15:34 - 00000000 ____D C:\Program Files (x86)\vv8fphgr
2016-10-21 21:28 - 2016-11-05 12:07 - 00000000 ____D C:\ProgramData\BaofengUpdate_U
2016-10-21 21:28 - 2016-10-21 21:28 - 00000000 ____D C:\ProgramData\icfib
2016-10-21 21:27 - 2016-10-21 21:27 - 00000000 ____D C:\ProgramData\chuvc
2016-10-20 18:35 - 2016-10-20 18:36 - 00000003 _____ C:\WINDOWS\SysWOW64\xaabbbbbbb
2016-10-20 18:35 - 2016-10-20 18:36 - 00000000 ____D C:\Program Files (x86)\Jarhair
2016-10-20 18:35 - 2016-10-20 18:35 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2016-10-20 18:34 - 2016-10-20 18:34 - 00000000 ____D C:\Users\Lenka\AppData\Roaming\aMule
2016-10-20 18:34 - 2016-10-20 18:34 - 00000000 ____D C:\Program Files (x86)\amuleC
2016-10-19 18:41 - 2016-10-19 18:42 - 00000000 ____D C:\Program Files (x86)\us4pd7vz
2016-11-10 21:57 - 2016-07-25 14:31 - 00000000 ____D C:\Program Files (x86)\WinZipper
2016-11-05 15:55 - 2016-04-27 11:36 - 00000000 ____D C:\Program Files (x86)\vreXjvX
2016-11-05 13:19 - 2015-11-14 11:40 - 00000000 ____D C:\rsit
2016-11-05 13:17 - 2015-02-05 21:29 - 00000000 ____D C:\Program Files\trend micro
2016-11-05 12:02 - 2016-03-31 15:48 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd
File: C:\Program Files (x86)\SSFK.exe
2016-07-28 09:39 - 2016-10-19 21:25 - 1560800 _____ (UDa) C:\Program Files (x86)\SSFK.exe
2015-11-12 22:32 - 2015-11-12 22:32 - 0000604 ____H () C:\Program Files (x86)\STLL Notifier
2015-05-25 17:04 - 2015-05-25 17:04 - 0000604 ____H () C:\Program Files (x86)\_Z2
2016-03-03 16:40 - 2003-03-21 12:45 - 0250544 _____ (KeyWorks Software) C:\Program Files (x86)\Common Files\keyhelp.ocx
2014-12-23 16:44 - 2014-12-23 16:44 - 1815520 _____ (HDQ-1.2cV23.12) C:\Users\Lenka\AppData\Roaming\DAWFORW.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
FirewallRules: [{EB92CE17-1A1F-43AB-B046-990390A717E5}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{8010DCC9-726E-4F98-828F-9C4BD30D8581}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{879DD183-183F-4A48-9372-16538F437FE4}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{9612D2C9-2016-4C2A-8B85-43FD6ECD6E94}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{FF52C973-198C-4F8D-9BC5-DC802735238B}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe
FirewallRules: [TCP Query User{58ED90D4-8A40-47A4-A582-40FFE3B7236A}C:\program files (x86)\goldleaf\application\chrome.exe] => (Block) C:\program files (x86)\goldleaf\application\chrome.exe
FirewallRules: [UDP Query User{F09DBEFB-DF4B-4CE4-8858-E7BB885F1268}C:\program files (x86)\goldleaf\application\chrome.exe] => (Block) C:\program files (x86)\goldleaf\application\chrome.exe
File: C:\program files (x86)\goldleaf\application\chrome.exe
FirewallRules: [{13D535BB-D99C-4229-8086-0FA6A8DC079A}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe
FirewallRules: [{13481C4B-1645-406B-8D13-0B06E91922C8}] => (Allow) C:\Program Files (x86)\vreXjvX\vreXjvX\bin\vreXjvX_server.exe
FirewallRules: [{D36F0E29-BACA-4C40-9B9E-8B49716DBD53}] => (Allow) C:\ProgramData\vreXjvX\protect\protect.exe
File: C:\Program Files\KMSnano\qemu-system-i386.exe
C:\Program Files\KMSnano
CMD: dir "C:\Windows\System32\Tasks"
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
========================= File: C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe ========================
"C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" => not found.
====== End of File: ======
========================= File: C:\Program Files (x86)\STLL Notifier ========================
File not signed
MD5: D90CB2412749BE602A54E987E381D78D
Creation and modification date: 2015-11-12 22:32 - 2015-11-12 22:32
Size: 0000604
Attributes: ---AH
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
====== End of File: ======
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value removed successfully
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite Automount => value removed successfully
HKU\S-1-5-21-221707748-2089773074-1243769125-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
========= type "C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\user.js" =========
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/
user_pref("browser.search.searchengine.alias", "");
user_pref("browser.search.searchengine.ref", "");
user_pref("browser.search.searchengine.ts", "1477326036");
user_pref("browser.search.searchengine.type", "");
user_pref("browser.search.searchengine.uid", "toshibaxmq01abd075_92ekp2entxx92ekp2ent");
user_pref("browser.search.useDBForOrder", true);
user_pref("browser.sessionstore.resume_session_once", false);
========= End of CMD: =========
C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\n3aokpqg.default-1442175302129\Extensions\arthurj8283@gmail.com => moved successfully
da05e809 => service removed successfully
Origin Client Service => service removed successfully
"c:\Program Files (x86)\Optimizer Pro 3.89" => not found.
netr28x => service removed successfully
========================= Folder: C:\Users\Lenka\AppData\Local\Jarhair ========================
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\First Run
2016-11-05 13:12 - 2016-11-05 13:12 - 0001683 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Local State
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\CertificateTransparency
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default
2016-11-05 13:12 - 2016-11-05 13:12 - 0009216 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Cookies
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Cookies-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0001335 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Current Session
2016-11-05 13:12 - 2016-11-05 13:12 - 0001142 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Current Tabs
2016-11-05 13:12 - 2016-11-05 13:12 - 0020480 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Favicons
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Favicons-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0180640 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Google Profile.ico
2016-11-05 13:12 - 2016-11-05 13:12 - 0110592 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\History
2016-11-05 13:12 - 2016-11-05 13:12 - 0006834 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\History Provider Cache
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\History-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0018432 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Login Data
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Login Data-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0013312 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Network Action Predictor
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Network Action Predictor-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0000040 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Network Persistent State
2016-11-05 13:12 - 2016-11-05 13:12 - 0005120 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Origin Bound Certs
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Origin Bound Certs-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0030149 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Preferences
2016-11-05 13:12 - 2016-11-05 13:12 - 0000180 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\README
2016-11-05 13:12 - 2016-11-05 13:12 - 0000095 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Secure Preferences
2016-11-05 13:12 - 2016-11-05 13:12 - 0012288 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Shortcuts
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Shortcuts-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0020480 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Top Sites
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Top Sites-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0131072 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Visited Links
2016-11-05 13:12 - 2016-11-05 13:12 - 0059392 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Web Data
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Web Data-journal
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Cache
2016-11-05 13:12 - 2016-11-05 13:12 - 0045056 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Cache\data_0
2016-11-05 13:12 - 2016-11-05 13:12 - 0270336 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Cache\data_1
2016-11-05 13:12 - 2016-11-05 13:12 - 1056768 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Cache\data_2
2016-11-05 13:12 - 2016-11-05 13:12 - 4202496 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Cache\data_3
2016-11-05 13:12 - 2016-11-05 13:12 - 0524656 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Cache\index
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\data_reduction_proxy_leveldb
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\data_reduction_proxy_leveldb\000003.log
2016-11-05 13:12 - 2016-11-05 13:12 - 0000016 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\data_reduction_proxy_leveldb\CURRENT
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\data_reduction_proxy_leveldb\LOCK
2016-11-05 13:12 - 2016-11-05 13:12 - 0000146 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\data_reduction_proxy_leveldb\LOG
2016-11-05 13:12 - 2016-11-05 13:12 - 0000041 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension Rules
2016-11-05 13:12 - 2016-11-05 13:12 - 0000076 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension Rules\000003.log
2016-11-05 13:12 - 2016-11-05 13:12 - 0000016 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension Rules\CURRENT
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension Rules\LOCK
2016-11-05 13:12 - 2016-11-05 13:12 - 0000133 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension Rules\LOG
2016-11-05 13:12 - 2016-11-05 13:12 - 0000041 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension Rules\MANIFEST-000001
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension State
2016-11-05 13:12 - 2016-11-05 13:12 - 0000570 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension State\000003.log
2016-11-05 13:12 - 2016-11-05 13:12 - 0000016 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension State\CURRENT
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension State\LOCK
2016-11-05 13:12 - 2016-11-05 13:12 - 0000133 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension State\LOG
2016-11-05 13:12 - 2016-11-05 13:12 - 0000041 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extension State\MANIFEST-000001
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0
2016-11-05 13:12 - 2016-04-01 10:10 - 0193368 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\craw_background.js
2016-11-05 13:12 - 2016-04-01 10:10 - 0223759 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\craw_window.js
2016-11-05 13:12 - 2016-11-05 13:12 - 0001322 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\manifest.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\bg
2016-11-05 13:12 - 2016-11-05 13:12 - 0000886 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\bg\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ca
2016-11-05 13:12 - 2016-11-05 13:12 - 0000705 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ca\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\cs
2016-11-05 13:12 - 2016-11-05 13:12 - 0000663 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\cs\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\da
2016-11-05 13:12 - 2016-11-05 13:12 - 0000642 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\da\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\de
2016-11-05 13:12 - 2016-11-05 13:12 - 0000701 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\de\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\el
2016-11-05 13:12 - 2016-11-05 13:12 - 0000875 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\el\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en
2016-11-05 13:12 - 2016-11-05 13:12 - 0000617 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en_GB
2016-11-05 13:12 - 2016-11-05 13:12 - 0000617 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en_GB\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es
2016-11-05 13:12 - 2016-11-05 13:12 - 0000696 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es_419
2016-11-05 13:12 - 2016-11-05 13:12 - 0000667 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es_419\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\et
2016-11-05 13:12 - 2016-11-05 13:12 - 0000609 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\et\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fi
2016-11-05 13:12 - 2016-11-05 13:12 - 0000673 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fi\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fil
2016-11-05 13:12 - 2016-11-05 13:12 - 0000692 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fil\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fr
2016-11-05 13:12 - 2016-11-05 13:12 - 0000708 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hi
2016-11-05 13:12 - 2016-11-05 13:12 - 0000941 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hi\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hr
2016-11-05 13:12 - 2016-11-05 13:12 - 0000633 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hu
2016-11-05 13:12 - 2016-11-05 13:12 - 0000710 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hu\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\id
2016-11-05 13:12 - 2016-11-05 13:12 - 0000617 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\id\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\it
2016-11-05 13:12 - 2016-11-05 13:12 - 0000622 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\it\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ja
2016-11-05 13:12 - 2016-11-05 13:12 - 0000778 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ja\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ko
2016-11-05 13:12 - 2016-11-05 13:12 - 0000669 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ko\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lt
2016-11-05 13:12 - 2016-11-05 13:12 - 0000686 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lt\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lv
2016-11-05 13:12 - 2016-11-05 13:12 - 0000699 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lv\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nb
2016-11-05 13:12 - 2016-11-05 13:12 - 0000644 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nb\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nl
2016-11-05 13:12 - 2016-11-05 13:12 - 0000642 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nl\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pl
2016-11-05 13:12 - 2016-11-05 13:12 - 0000666 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pl\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_BR
2016-11-05 13:12 - 2016-11-05 13:12 - 0000667 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_BR\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_PT
2016-11-05 13:12 - 2016-11-05 13:12 - 0000661 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_PT\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ro
2016-11-05 13:12 - 2016-11-05 13:12 - 0000668 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ro\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ru
2016-11-05 13:12 - 2016-11-05 13:12 - 0000783 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ru\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sk
2016-11-05 13:12 - 2016-11-05 13:12 - 0000671 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sk\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sl
2016-11-05 13:12 - 2016-11-05 13:12 - 0000642 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sl\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sr
2016-11-05 13:12 - 2016-11-05 13:12 - 0000814 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sv
2016-11-05 13:12 - 2016-11-05 13:12 - 0000649 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sv\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\th
2016-11-05 13:12 - 2016-11-05 13:12 - 0001099 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\th\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\tr
2016-11-05 13:12 - 2016-11-05 13:12 - 0000650 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\tr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\uk
2016-11-05 13:12 - 2016-11-05 13:12 - 0000789 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\uk\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\vi
2016-11-05 13:12 - 2016-11-05 13:12 - 0000720 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\vi\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_CN
2016-11-05 13:12 - 2016-11-05 13:12 - 0000595 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_CN\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_TW
2016-11-05 13:12 - 2016-11-05 13:12 - 0000640 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_TW\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_metadata
2016-11-05 13:12 - 2016-04-01 09:58 - 0011770 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_metadata\verified_contents.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\css
2016-11-05 13:12 - 2013-10-07 11:22 - 0001741 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\css\craw_window.css
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\html
2016-11-05 13:12 - 2013-08-07 12:33 - 0000810 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\html\craw_window.html
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images
2016-11-05 13:12 - 2013-08-07 12:33 - 0070364 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\flapper.gif
2016-11-05 13:12 - 2016-11-05 13:12 - 0004361 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\icon_128.png
2016-11-05 13:12 - 2016-11-05 13:12 - 0000556 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\icon_16.png
2016-11-05 13:12 - 2013-08-07 12:33 - 0000160 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button.png
2016-11-05 13:12 - 2013-08-07 12:33 - 0000252 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_close.png
2016-11-05 13:12 - 2013-08-07 12:33 - 0000160 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_hover.png
2016-11-05 13:12 - 2013-08-07 12:33 - 0000166 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_maximize.png
2016-11-05 13:12 - 2013-08-07 12:33 - 0000160 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_pressed.png
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0
2016-11-05 13:12 - 2016-10-06 13:41 - 0555867 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\angular.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0191617 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\background_script.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0095713 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_game_sender.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0069744 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_route_details.html
2016-11-05 13:12 - 2016-10-06 13:41 - 0234590 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_route_details.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0050217 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_sender.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0053853 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\common.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0003110 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\feedback.css
2016-11-05 13:12 - 2016-10-06 13:41 - 0014504 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\feedback.html
2016-11-05 13:12 - 2016-10-06 13:41 - 0011089 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\feedback_script.js
2016-11-05 13:12 - 2016-11-05 13:12 - 0002252 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\manifest.json
2016-11-05 13:12 - 2016-10-06 13:41 - 0286777 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\material_css_min.css
2016-11-05 13:12 - 2016-10-06 13:41 - 0034493 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\mirroring_common.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0361344 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\mirroring_hangouts.js
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\am
2016-11-05 13:12 - 2016-11-05 13:12 - 0018487 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\am\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ar
2016-11-05 13:12 - 2016-11-05 13:12 - 0017868 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ar\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\bg
2016-11-05 13:12 - 2016-11-05 13:12 - 0019287 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\bg\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\bn
2016-11-05 13:12 - 2016-11-05 13:12 - 0021204 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\bn\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ca
2016-11-05 13:12 - 2016-11-05 13:12 - 0016483 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ca\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\cs
2016-11-05 13:12 - 2016-11-05 13:12 - 0016407 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\cs\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\da
2016-11-05 13:12 - 2016-11-05 13:12 - 0016243 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\da\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\de
2016-11-05 13:12 - 2016-11-05 13:12 - 0016485 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\de\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\el
2016-11-05 13:12 - 2016-11-05 13:12 - 0019188 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\el\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\en
2016-11-05 13:12 - 2016-11-05 13:12 - 0015732 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\en\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\es
2016-11-05 13:12 - 2016-11-05 13:12 - 0016471 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\es\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\et
2016-11-05 13:12 - 2016-11-05 13:12 - 0016014 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\et\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fa
2016-11-05 13:12 - 2016-11-05 13:12 - 0018128 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fa\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fi
2016-11-05 13:12 - 2016-11-05 13:12 - 0016211 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fi\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fil
2016-11-05 13:12 - 2016-11-05 13:12 - 0016497 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fil\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fr
2016-11-05 13:12 - 2016-11-05 13:12 - 0016779 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\fr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\gu
2016-11-05 13:12 - 2016-11-05 13:12 - 0020587 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\gu\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\hi
2016-11-05 13:12 - 2016-11-05 13:12 - 0020710 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\hi\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\hr
2016-11-05 13:12 - 2016-11-05 13:12 - 0016365 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\hr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\hu
2016-11-05 13:12 - 2016-11-05 13:12 - 0016598 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\hu\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\id
2016-11-05 13:12 - 2016-11-05 13:12 - 0015962 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\id\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\it
2016-11-05 13:12 - 2016-11-05 13:12 - 0016138 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\it\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\iw
2016-11-05 13:12 - 2016-10-06 13:41 - 0020604 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\iw\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ja
2016-11-05 13:12 - 2016-11-05 13:12 - 0017532 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ja\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\kn
2016-11-05 13:12 - 2016-11-05 13:12 - 0021922 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\kn\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ko
2016-11-05 13:12 - 2016-11-05 13:12 - 0016444 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ko\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\lt
2016-11-05 13:12 - 2016-11-05 13:12 - 0016746 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\lt\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\lv
2016-11-05 13:12 - 2016-11-05 13:12 - 0016831 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\lv\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ml
2016-11-05 13:12 - 2016-11-05 13:12 - 0022572 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ml\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\mr
2016-11-05 13:12 - 2016-11-05 13:12 - 0021043 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\mr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ms
2016-11-05 13:12 - 2016-11-05 13:12 - 0016263 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ms\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\nb
2016-11-05 13:12 - 2016-11-05 13:12 - 0016035 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\nb\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\nl
2016-11-05 13:12 - 2016-11-05 13:12 - 0016178 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\nl\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pl
2016-11-05 13:12 - 2016-11-05 13:12 - 0016332 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pl\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pt
2016-11-05 13:12 - 2016-11-05 13:12 - 0016328 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pt\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pt_BR
2016-11-05 13:12 - 2016-11-05 13:12 - 0016328 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pt_BR\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pt_PT
2016-11-05 13:12 - 2016-11-05 13:12 - 0016328 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\pt_PT\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ro
2016-11-05 13:12 - 2016-11-05 13:12 - 0016597 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ro\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ru
2016-11-05 13:12 - 2016-11-05 13:12 - 0018698 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ru\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sk
2016-11-05 13:12 - 2016-11-05 13:12 - 0016635 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sk\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sl
2016-11-05 13:12 - 2016-11-05 13:12 - 0016505 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sl\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sr
2016-11-05 13:12 - 2016-11-05 13:12 - 0018889 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sv
2016-11-05 13:12 - 2016-11-05 13:12 - 0016025 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sv\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sw
2016-11-05 13:12 - 2016-11-05 13:12 - 0016005 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\sw\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ta
2016-11-05 13:12 - 2016-11-05 13:12 - 0022081 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\ta\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\te
2016-11-05 13:12 - 2016-11-05 13:12 - 0021914 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\te\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\th
2016-11-05 13:12 - 2016-11-05 13:12 - 0020290 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\th\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\tr
2016-11-05 13:12 - 2016-11-05 13:12 - 0016449 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\tr\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\uk
2016-11-05 13:12 - 2016-11-05 13:12 - 0018679 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\uk\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\vi
2016-11-05 13:12 - 2016-11-05 13:12 - 0017012 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\vi\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\zh
2016-11-05 13:12 - 2016-11-05 13:12 - 0015638 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\zh\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\zh_TW
2016-11-05 13:12 - 2016-11-05 13:12 - 0015723 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_locales\zh_TW\messages.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_metadata
2016-11-05 13:12 - 2016-11-05 13:12 - 0026941 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_metadata\computed_hashes.json
2016-11-05 13:12 - 2016-10-06 13:41 - 0015681 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\_metadata\verified_contents.json
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup
2016-11-05 13:12 - 2016-10-06 13:41 - 0006685 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\cast_app.css
2016-11-05 13:12 - 2016-10-06 13:41 - 0134710 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\cast_app.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0000242 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\cast_app_redirect.js
2016-11-05 13:12 - 2016-10-06 13:41 - 0000059 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\devices.html
2016-11-05 13:12 - 2016-10-06 13:41 - 0007151 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\chromecast_logo_grey.png
2016-11-05 13:12 - 2016-10-06 13:41 - 0002088 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\index.html
2016-11-05 13:12 - 2016-10-06 13:41 - 0000059 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\offers.html
2016-11-05 13:12 - 2016-10-06 13:41 - 0000059 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\setup.html
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cloud_route_details
2016-11-05 13:12 - 2016-10-06 13:41 - 0005964 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cloud_route_details\view.html
2016-11-05 13:12 - 2016-10-06 13:41 - 0002416 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cloud_route_details\view.js
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Extensions\Temp
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\GPUCache
2016-11-05 13:12 - 2016-11-05 13:12 - 0008192 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\GPUCache\data_0
2016-11-05 13:12 - 2016-11-05 13:12 - 0270336 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\GPUCache\data_1
2016-11-05 13:12 - 2016-11-05 13:12 - 0008192 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\GPUCache\data_2
2016-11-05 13:12 - 2016-11-05 13:12 - 0008192 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\GPUCache\data_3
2016-11-05 13:12 - 2016-11-05 13:12 - 0262512 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\GPUCache\index
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\JumpListIcons
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\JumpListIcons\F309.tmp
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\JumpListIcons\F30A.tmp
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Local Storage
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Sync Extension Settings
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\000003.log
2016-11-05 13:12 - 2016-11-05 13:12 - 0000016 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\CURRENT
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOCK
2016-11-05 13:12 - 2016-11-05 13:12 - 0000174 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
2016-11-05 13:12 - 2016-11-05 13:12 - 0000041 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\MANIFEST-000001
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\EVWhitelist
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\FileTypePolicies
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\OriginTrials
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\PepperFlash
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\ShaderCache
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\ShaderCache\GPUCache
2016-11-05 13:12 - 2016-11-05 13:12 - 0045056 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\ShaderCache\GPUCache\data_0
2016-11-05 13:12 - 2016-11-05 13:12 - 0270336 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\ShaderCache\GPUCache\data_1
2016-11-05 13:12 - 2016-11-05 13:12 - 0008192 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\ShaderCache\GPUCache\data_2
2016-11-05 13:12 - 2016-11-05 13:12 - 4202496 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\ShaderCache\GPUCache\data_3
2016-11-05 13:12 - 2016-11-05 13:12 - 0262512 _____ () C:\Users\Lenka\AppData\Local\Jarhair\User Data\ShaderCache\GPUCache\index
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\SwiftShader
2016-11-05 13:12 - 2016-11-05 13:12 - 0000000 ____D () C:\Users\Lenka\AppData\Local\Jarhair\User Data\SwReporter
====== End of Folder: ======
C:\Program Files (x86)\8rx0tgdf => moved successfully
C:\Program Files (x86)\wtswgi3x => moved successfully
C:\Program Files (x86)\i7azd2gu => moved successfully
C:\Program Files (x86)\bqa0gfdr => moved successfully
C:\Users\Lenka\AppData\Local\Goldleaf => moved successfully
C:\WINDOWS\SysWOW64\hoewmds => moved successfully
C:\Program Files (x86)\71vr3fz9 => moved successfully
C:\ProgramData\UvConverter => moved successfully
C:\ProgramData\QQBrowser => moved successfully
C:\ProgramData\fibei => moved successfully
C:\Program Files (x86)\Goldleaf => moved successfully
C:\Program Files (x86)\a92rfjl5 => moved successfully
C:\Program Files (x86)\qg2s153s => moved successfully
C:\Program Files (x86)\b6wcfupd => moved successfully
C:\Program Files (x86)\WinArcher => moved successfully
C:\Program Files (x86)\2t4xl9qk => moved successfully
C:\Program Files (x86)\4ocgsmog => moved successfully
========================= Folder: C:\ProgramData\WinSAPSvc ========================
====== End of Folder: ======
Re: Prosím o kontrolu
C:\Program Files (x86)\vv8fphgr => moved successfully
C:\ProgramData\BaofengUpdate_U => moved successfully
C:\ProgramData\icfib => moved successfully
C:\ProgramData\chuvc => moved successfully
C:\WINDOWS\SysWOW64\xaabbbbbbb => moved successfully
C:\Program Files (x86)\Jarhair => moved successfully
C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC => moved successfully
C:\Users\Lenka\AppData\Roaming\aMule => moved successfully
C:\Program Files (x86)\amuleC => moved successfully
C:\Program Files (x86)\us4pd7vz => moved successfully
C:\Program Files (x86)\WinZipper => moved successfully
C:\Program Files (x86)\vreXjvX => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Program Files (x86)\SearchesToYesbnd => moved successfully
========================= File: C:\Program Files (x86)\SSFK.exe ========================
"C:\Program Files (x86)\SSFK.exe" => not found.
====== End of File: ======
"C:\Program Files (x86)\SSFK.exe" => not found.
C:\Program Files (x86)\STLL Notifier => moved successfully
C:\Program Files (x86)\_Z2 => moved successfully
C:\Program Files (x86)\Common Files\keyhelp.ocx => moved successfully
C:\Users\Lenka\AppData\Roaming\DAWFORW.exe => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB92CE17-1A1F-43AB-B046-990390A717E5} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8010DCC9-726E-4F98-828F-9C4BD30D8581} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{879DD183-183F-4A48-9372-16538F437FE4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9612D2C9-2016-4C2A-8B85-43FD6ECD6E94} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FF52C973-198C-4F8D-9BC5-DC802735238B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{58ED90D4-8A40-47A4-A582-40FFE3B7236A}C:\program files (x86)\goldleaf\application\chrome.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F09DBEFB-DF4B-4CE4-8858-E7BB885F1268}C:\program files (x86)\goldleaf\application\chrome.exe => value removed successfully
========================= File: C:\program files (x86)\goldleaf\application\chrome.exe ========================
"C:\program files (x86)\goldleaf\application\chrome.exe" => not found.
====== End of File: ======
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13D535BB-D99C-4229-8086-0FA6A8DC079A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13481C4B-1645-406B-8D13-0B06E91922C8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D36F0E29-BACA-4C40-9B9E-8B49716DBD53} => value removed successfully
========================= File: C:\Program Files\KMSnano\qemu-system-i386.exe ========================
File not signed
MD5: B0C7E94DE4DAD29651316A34ECC816AA
Creation and modification date: 2016-02-27 17:49 - 2012-11-04 19:15
Size: 3338240
Attributes: ----A
Company Name: http://www.qemu.org/
Internal Name: qemu
Original Name:
Product: QEMU
Description: QEMU machine emulators and tools
File Version: Aug 24 2012, 21:03:33
Product Version: 1.1.91
Copyright: Copyright various authors. Released under the GNU General Public License.
====== End of File: ======
C:\Program Files\KMSnano => moved successfully
========= dir "C:\Windows\System32\Tasks" =========
Volume in drive C has no label.
Volume Serial Number is 04AC-0C2B
Directory of C:\Windows\System32\Tasks
05. 11. 2016 17:02 <DIR> .
05. 11. 2016 17:02 <DIR> ..
11. 11. 2016 23:41 3˙802 Adobe Flash Player Updater
30. 11. 2014 14:51 2˙772 CCleanerSkipUAC
05. 11. 2016 13:22 3˙700 GoogleUpdateTaskMachineCore
05. 11. 2016 13:22 3˙936 GoogleUpdateTaskMachineUA
22. 08. 2012 10:36 <DIR> Hewlett-Packard
27. 02. 2016 17:34 <DIR> Microsoft
04. 10. 2012 14:44 3˙148 MirageAgent
22. 08. 2012 10:43 3˙592 Optimize Start Menu Cache Files-S-1-5-21-171150703-4142356942-549106111-500
19. 11. 2016 14:39 3˙596 Optimize Start Menu Cache Files-S-1-5-21-221707748-2089773074-1243769125-1001
04. 10. 2012 16:14 2˙324 Optimize Start Menu Cache Files-S-1-5-21-221707748-2089773074-1243769125-500
04. 10. 2012 14:16 2˙320 Optimize Start Menu Cache Files-S-1-5-21-759851543-2534310708-3785628830-500
14. 11. 2015 11:17 <DIR> Remediation
06. 01. 2014 10:31 2˙982 Synaptics TouchPad Enhancements
15. 11. 2016 16:40 3˙962 User_Feed_Synchronization-{AA2700FB-6693-4BC0-949F-86E9A3F0BDA2}
30. 11. 2014 14:16 <DIR> WPD
11 File(s) 36˙134 bytes
6 Dir(s) 486˙686˙212˙096 bytes free
========= End of CMD: =========
========= dir "C:\PROGRA~1" =========
Volume in drive C has no label.
Volume Serial Number is 04AC-0C2B
Directory of C:\PROGRA~1
19. 11. 2016 14:42 <DIR> .
19. 11. 2016 14:42 <DIR> ..
25. 04. 2016 20:33 <DIR> Activ Software
25. 05. 2015 15:40 <DIR> Avid
04. 10. 2012 14:28 <DIR> Bonjour
30. 11. 2014 14:51 <DIR> CCleaner
21. 09. 2013 11:45 <DIR> Classic Shell
14. 11. 2015 11:19 <DIR> Common Files
31. 03. 2016 15:48 <DIR> DAEMON Tools Lite
25. 04. 2016 14:28 <DIR> DIFX
24. 09. 2014 20:02 <DIR> Embedded Lockdown Manager
04. 10. 2012 14:39 <DIR> Hewlett-Packard
04. 10. 2012 14:26 <DIR> IDT
04. 10. 2012 14:24 <DIR> Intel
11. 02. 2016 10:15 <DIR> Internet Explorer
06. 01. 2015 12:40 <DIR> iPod
06. 01. 2015 12:41 <DIR> iTunes
27. 02. 2016 17:34 <DIR> Microsoft Office
16. 01. 2016 17:21 <DIR> Microsoft Silverlight
11. 02. 2016 20:40 <DIR> Microsoft SQL Server
30. 11. 2014 13:10 <DIR> MSBuild
30. 11. 2014 13:10 <DIR> Reference Assemblies
04. 10. 2015 13:49 <DIR> Sweet Home 3D
30. 11. 2014 13:27 <DIR> Synaptics
15. 08. 2015 01:36 <DIR> Windows Defender
11. 02. 2016 10:15 <DIR> Windows Journal
16. 03. 2015 13:45 <DIR> Windows Mail
16. 03. 2015 13:45 <DIR> Windows Media Player
16. 03. 2015 13:45 <DIR> Windows Multimedia Platform
30. 11. 2014 14:05 <DIR> Windows NT
16. 03. 2015 13:45 <DIR> Windows Photo Viewer
16. 03. 2015 13:45 <DIR> Windows Portable Devices
16. 03. 2015 13:42 <DIR> WindowsPowerShell
02. 10. 2016 11:53 <DIR> wwchromek
0 File(s) 0 bytes
34 Dir(s) 486˙686˙208˙000 bytes free
========= End of CMD: =========
========= dir "C:\PROGRA~2" =========
Volume in drive C has no label.
Volume Serial Number is 04AC-0C2B
Directory of C:\PROGRA~2
19. 11. 2016 14:42 <DIR> .
19. 11. 2016 14:42 <DIR> ..
18. 09. 2016 13:25 <DIR> 297frauk
29. 06. 2016 09:36 <DIR> 9tmyu0s6
25. 04. 2016 21:44 <DIR> Activ Software
01. 01. 2015 18:15 <DIR> Adobe
06. 01. 2015 12:38 <DIR> Apple Software Update
24. 03. 2016 16:30 <DIR> Audacity
25. 05. 2015 15:48 <DIR> Avid
26. 12. 2014 14:43 <DIR> Bonjour
19. 11. 2016 14:42 <DIR> Common Files
22. 08. 2012 10:34 <DIR> Connected Music powered by Universal Music Group
04. 10. 2012 14:51 <DIR> CyberLink
27. 04. 2016 11:40 <DIR> Elex-tech
26. 04. 2016 17:24 <DIR> Flexibooks
05. 11. 2016 13:23 <DIR> Google
21. 09. 2013 11:46 <DIR> GRETECH
09. 10. 2016 11:44 <DIR> Gunone
04. 10. 2012 15:05 <DIR> Hewlett-Packard
03. 03. 2016 16:40 <DIR> HotPotatoes6
22. 08. 2012 10:33 <DIR> HPConnectedMusic
30. 11. 2014 13:44 <DIR> Intel
11. 02. 2016 10:15 <DIR> Internet Explorer
06. 01. 2015 12:41 <DIR> iTunes
09. 10. 2016 11:43 <DIR> kgdy5k8z
21. 09. 2013 12:10 <DIR> LibreOffice 4
17. 08. 2016 08:38 <DIR> m7ttvcf3
27. 02. 2016 17:36 <DIR> Microsoft Analysis Services
27. 02. 2016 17:40 <DIR> Microsoft Office
16. 01. 2016 17:21 <DIR> Microsoft Silverlight
11. 02. 2016 20:40 <DIR> Microsoft SQL Server
22. 08. 2012 10:29 <DIR> Microsoft SQL Server Compact Edition
27. 02. 2016 17:41 <DIR> Microsoft.NET
05. 11. 2016 12:17 <DIR> Mozilla Firefox
26. 11. 2015 14:05 <DIR> Mozilla Maintenance Service
30. 11. 2014 13:11 <DIR> MSBuild
05. 11. 2016 12:17 <DIR> Nvu
16. 06. 2016 11:35 <DIR> ok2sgrg0
18. 09. 2013 09:55 <DIR> Online Services
30. 07. 2014 18:51 <DIR> Origin Games
26. 07. 2016 11:16 <DIR> p6t7djon
21. 09. 2013 11:48 <DIR> Pidgin
14. 04. 2016 07:49 <DIR> QQBrowser
04. 10. 2012 14:30 <DIR> Ralink Corporation
19. 07. 2016 13:38 <DIR> rbxbicbr
04. 10. 2012 14:26 <DIR> Realtek
30. 11. 2014 13:11 <DIR> Reference Assemblies
14. 11. 2015 11:15 <DIR> Seznam.cz
12. 11. 2015 22:21 <DIR> Sibelius Software
30. 10. 2016 11:04 <DIR> Skype
04. 10. 2012 15:01 <DIR> SymSilent
31. 05. 2016 09:48 <DIR> TXQQBrowser
12. 11. 2016 18:27 <DIR> Uncheckit
09. 10. 2016 11:41 <DIR> UvConverter
29. 09. 2013 12:53 <DIR> Webteh
15. 08. 2015 01:36 <DIR> Windows Defender
22. 08. 2012 10:30 <DIR> Windows Live
16. 03. 2015 13:42 <DIR> Windows Mail
16. 03. 2015 13:42 <DIR> Windows Media Player
16. 03. 2015 13:42 <DIR> Windows Multimedia Platform
22. 08. 2013 16:36 <DIR> Windows NT
16. 03. 2015 13:42 <DIR> Windows Photo Viewer
16. 03. 2015 13:42 <DIR> Windows Portable Devices
22. 08. 2013 16:36 <DIR> WindowsPowerShell
03. 05. 2014 19:43 <DIR> WinRAR
31. 03. 2016 15:48 <DIR> Winsere
31. 03. 2016 15:48 <DIR> WinTaske
09. 09. 2016 07:36 <DIR> wsl1pk16
25. 08. 2016 13:29 <DIR> _SSpm
0 File(s) 0 bytes
69 Dir(s) 486˙686˙208˙000 bytes free
========= End of CMD: =========
========= dir "C:\PROGRA~3" =========
Volume in drive C has no label.
Volume Serial Number is 04AC-0C2B
Directory of C:\PROGRA~3
03. 05. 2016 11:55 <DIR> Activ Software
25. 04. 2016 20:26 <DIR> activboard.pnp
30. 09. 2013 11:09 <DIR> Adobe
06. 01. 2015 12:38 <DIR> Apple
06. 01. 2015 12:40 <DIR> Apple Computer
25. 05. 2015 17:03 <DIR> Avid
05. 11. 2016 12:02 <DIR> ChelfNotify
26. 08. 2014 17:46 <DIR> CyberLink
31. 03. 2016 15:44 <DIR> DAEMON Tools Lite
18. 04. 2016 16:56 <DIR> desktopfind
23. 12. 2014 16:46 <DIR> DivX
06. 01. 2015 12:41 <DIR> E1864A66-75E3-486a-BD95-D1B7D99A84A7
30. 07. 2014 18:40 <DIR> Electronic Arts
26. 04. 2016 17:24 <DIR> Flexibooks 4
12. 02. 2016 08:54 <DIR> Flexibooks pro Windows
04. 10. 2012 15:05 <DIR> Hewlett-Packard
09. 08. 2015 09:29 <DIR> HitmanPro
04. 10. 2012 14:39 <DIR> install_clap
04. 10. 2012 14:24 <DIR> Intel
06. 11. 2016 00:59 <DIR> Malwarebytes
27. 02. 2016 17:44 <DIR> Microsoft Help
14. 11. 2015 11:27 <DIR> Norton
04. 10. 2012 14:59 <DIR> NortonInstaller
25. 01. 2015 20:34 <DIR> Origin
25. 05. 2015 17:04 <DIR> Pinnacle
30. 11. 2014 13:44 <DIR> PRICache
25. 04. 2016 20:33 <DIR> Promethean
13. 02. 2015 12:04 <DIR> Qualcomm Atheros
27. 02. 2016 17:41 <DIR> regid.1991-06.com.microsoft
12. 11. 2015 22:32 <DIR> Sibelius Software
21. 09. 2016 19:23 <DIR> Skype
04. 10. 2012 14:35 <DIR> Synaptics
04. 10. 2012 14:49 <DIR> Temp
09. 10. 2016 11:44 <DIR> Tencent
02. 08. 2016 09:28 <DIR> uckt
31. 05. 2016 09:49 <DIR> Uncheckit
27. 04. 2016 11:39 <DIR> vreXjvX
10. 11. 2016 21:57 <DIR> WinSAPSvc
12. 11. 2015 22:22 464 {17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
22. 08. 2012 10:35 <DIR> {BE4DD016-EE56-4AC8-9832-69281423A3D4}
1 File(s) 464 bytes
39 Dir(s) 486˙686˙203˙904 bytes free
========= End of CMD: =========
========= dir "%localappdata%" =========
Volume in drive C has no label.
Volume Serial Number is 04AC-0C2B
Directory of C:\Users\Lenka\AppData\Local
19. 11. 2016 14:42 <DIR> .
19. 11. 2016 14:42 <DIR> ..
17. 03. 2016 08:14 <DIR> @ByELDI
20. 09. 2015 12:04 <DIR> Adobe
06. 01. 2015 12:38 <DIR> Apple
06. 01. 2015 12:42 <DIR> Apple Computer
20. 09. 2013 15:21 <DIR> Apps
24. 03. 2016 16:30 <DIR> Audacity
04. 02. 2015 19:59 <DIR> bluesoleil
05. 01. 2014 18:24 <DIR> CyberLink
12. 04. 2016 11:36 3˙584 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
14. 11. 2015 11:35 <DIR> Deployment
12. 10. 2016 21:33 <DIR> Diagnostics
15. 04. 2016 13:43 <DIR> Disc_Soft_Ltd
16. 07. 2016 14:08 <DIR> ElevatedDiagnostics
02. 11. 2016 20:08 <DIR> Google
09. 10. 2016 11:51 <DIR> Gunone
10. 07. 2015 11:47 <DIR> GWX
18. 09. 2013 10:44 <DIR> Hewlett-Packard
05. 11. 2016 13:12 <DIR> Jarhair
16. 12. 2015 21:53 <DIR> Macromedia
31. 08. 2016 09:00 <DIR> Microsoft
28. 02. 2016 19:38 <DIR> Microsoft Help
27. 02. 2016 17:49 <DIR> Microsoft Toolkit
13. 09. 2015 21:21 <DIR> Mozilla
30. 07. 2014 18:47 <DIR> Origin
05. 08. 2015 13:36 <DIR> Packages
14. 11. 2015 11:32 <DIR> Programs
22. 02. 2015 16:00 7˙601 Resmon.ResmonCfg
18. 01. 2016 17:24 <DIR> Skype
19. 11. 2016 14:40 <DIR> Temp
04. 04. 2016 14:18 <DIR> VirtualStore
27. 04. 2016 11:36 <DIR> vreXjvX
2 File(s) 11˙185 bytes
31 Dir(s) 486˙686˙199˙808 bytes free
========= End of CMD: =========
========= dir "%appdata%" =========
Volume in drive C has no label.
Volume Serial Number is 04AC-0C2B
Directory of C:\Users\Lenka\AppData\Roaming
19. 11. 2016 14:42 <DIR> .
19. 11. 2016 14:42 <DIR> ..
25. 04. 2016 14:28 <DIR> ACTIV Software
05. 11. 2015 20:18 <DIR> Adobe
06. 01. 2015 13:02 <DIR> Apple Computer
24. 03. 2016 19:18 <DIR> Audacity
25. 05. 2015 17:06 <DIR> Avid
19. 03. 2016 15:54 <DIR> BSplayer
29. 09. 2013 12:53 <DIR> BSplayer Pro
26. 08. 2014 17:46 <DIR> CyberLink
31. 03. 2016 16:16 <DIR> DAEMON Tools Lite
30. 11. 2014 14:20 <DIR> Dropbox
21. 04. 2016 10:44 <DIR> eCyber
27. 04. 2016 11:40 <DIR> Elex-tech
26. 04. 2016 17:20 <DIR> Flexibooks 4
12. 02. 2016 08:54 <DIR> Flexibooks pro Windows
21. 09. 2013 11:46 <DIR> GRETECH
19. 09. 2013 18:36 <DIR> Hewlett-Packard
18. 09. 2013 10:44 <DIR> hpqlog
30. 11. 2014 14:14 <DIR> Identities
05. 02. 2015 22:19 <DIR> InstallShield
22. 09. 2013 11:26 <DIR> LibreOffice
18. 09. 2013 10:24 <DIR> Macromedia
07. 09. 2015 14:18 <DIR> Mozilla
25. 02. 2016 16:30 <DIR> Nvu
13. 08. 2014 09:26 <DIR> Origin
15. 04. 2016 13:44 <DIR> Promethean
25. 08. 2016 13:30 <DIR> setup1
05. 11. 2016 12:17 <DIR> Seznam.cz
12. 11. 2015 22:32 <DIR> Sibelius Software
19. 11. 2016 14:31 <DIR> Skype
09. 08. 2015 09:35 <DIR> SpeedFox
18. 09. 2013 09:52 <DIR> Synaptics
31. 05. 2016 09:49 <DIR> Uncheckit
04. 10. 2015 15:25 <DIR> uTorrent
26. 08. 2014 17:47 <DIR> WebApp
03. 05. 2014 19:43 <DIR> WinRAR
05. 07. 2016 15:44 <DIR> WinZiper
05. 11. 2016 12:30 <DIR> Wise Disk Cleaner
24. 01. 2015 15:01 <DIR> Wise Registry Cleaner
0 File(s) 0 bytes
40 Dir(s) 486˙686˙199˙808 bytes free
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11890475 B
Java, Flash, Steam htmlcache => 1302 B
Windows/system/drivers => 45903335 B
Edge => 0 B
Chrome => 683315374 B
Firefox => 109851928 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 316376 B
systemprofile32 => 302261856 B
LocalService => 1558 B
NetworkService => 23208252 B
Lenka => 26595786 B
RecycleBin => 372959582 B
EmptyTemp: => 1.5 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 14:44:51 ====
C:\ProgramData\BaofengUpdate_U => moved successfully
C:\ProgramData\icfib => moved successfully
C:\ProgramData\chuvc => moved successfully
C:\WINDOWS\SysWOW64\xaabbbbbbb => moved successfully
C:\Program Files (x86)\Jarhair => moved successfully
C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC => moved successfully
C:\Users\Lenka\AppData\Roaming\aMule => moved successfully
C:\Program Files (x86)\amuleC => moved successfully
C:\Program Files (x86)\us4pd7vz => moved successfully
C:\Program Files (x86)\WinZipper => moved successfully
C:\Program Files (x86)\vreXjvX => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Program Files (x86)\SearchesToYesbnd => moved successfully
========================= File: C:\Program Files (x86)\SSFK.exe ========================
"C:\Program Files (x86)\SSFK.exe" => not found.
====== End of File: ======
"C:\Program Files (x86)\SSFK.exe" => not found.
C:\Program Files (x86)\STLL Notifier => moved successfully
C:\Program Files (x86)\_Z2 => moved successfully
C:\Program Files (x86)\Common Files\keyhelp.ocx => moved successfully
C:\Users\Lenka\AppData\Roaming\DAWFORW.exe => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB92CE17-1A1F-43AB-B046-990390A717E5} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8010DCC9-726E-4F98-828F-9C4BD30D8581} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{879DD183-183F-4A48-9372-16538F437FE4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9612D2C9-2016-4C2A-8B85-43FD6ECD6E94} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FF52C973-198C-4F8D-9BC5-DC802735238B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{58ED90D4-8A40-47A4-A582-40FFE3B7236A}C:\program files (x86)\goldleaf\application\chrome.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F09DBEFB-DF4B-4CE4-8858-E7BB885F1268}C:\program files (x86)\goldleaf\application\chrome.exe => value removed successfully
========================= File: C:\program files (x86)\goldleaf\application\chrome.exe ========================
"C:\program files (x86)\goldleaf\application\chrome.exe" => not found.
====== End of File: ======
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13D535BB-D99C-4229-8086-0FA6A8DC079A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13481C4B-1645-406B-8D13-0B06E91922C8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D36F0E29-BACA-4C40-9B9E-8B49716DBD53} => value removed successfully
========================= File: C:\Program Files\KMSnano\qemu-system-i386.exe ========================
File not signed
MD5: B0C7E94DE4DAD29651316A34ECC816AA
Creation and modification date: 2016-02-27 17:49 - 2012-11-04 19:15
Size: 3338240
Attributes: ----A
Company Name: http://www.qemu.org/
Internal Name: qemu
Original Name:
Product: QEMU
Description: QEMU machine emulators and tools
File Version: Aug 24 2012, 21:03:33
Product Version: 1.1.91
Copyright: Copyright various authors. Released under the GNU General Public License.
====== End of File: ======
C:\Program Files\KMSnano => moved successfully
========= dir "C:\Windows\System32\Tasks" =========
Volume in drive C has no label.
Volume Serial Number is 04AC-0C2B
Directory of C:\Windows\System32\Tasks
05. 11. 2016 17:02 <DIR> .
05. 11. 2016 17:02 <DIR> ..
11. 11. 2016 23:41 3˙802 Adobe Flash Player Updater
30. 11. 2014 14:51 2˙772 CCleanerSkipUAC
05. 11. 2016 13:22 3˙700 GoogleUpdateTaskMachineCore
05. 11. 2016 13:22 3˙936 GoogleUpdateTaskMachineUA
22. 08. 2012 10:36 <DIR> Hewlett-Packard
27. 02. 2016 17:34 <DIR> Microsoft
04. 10. 2012 14:44 3˙148 MirageAgent
22. 08. 2012 10:43 3˙592 Optimize Start Menu Cache Files-S-1-5-21-171150703-4142356942-549106111-500
19. 11. 2016 14:39 3˙596 Optimize Start Menu Cache Files-S-1-5-21-221707748-2089773074-1243769125-1001
04. 10. 2012 16:14 2˙324 Optimize Start Menu Cache Files-S-1-5-21-221707748-2089773074-1243769125-500
04. 10. 2012 14:16 2˙320 Optimize Start Menu Cache Files-S-1-5-21-759851543-2534310708-3785628830-500
14. 11. 2015 11:17 <DIR> Remediation
06. 01. 2014 10:31 2˙982 Synaptics TouchPad Enhancements
15. 11. 2016 16:40 3˙962 User_Feed_Synchronization-{AA2700FB-6693-4BC0-949F-86E9A3F0BDA2}
30. 11. 2014 14:16 <DIR> WPD
11 File(s) 36˙134 bytes
6 Dir(s) 486˙686˙212˙096 bytes free
========= End of CMD: =========
========= dir "C:\PROGRA~1" =========
Volume in drive C has no label.
Volume Serial Number is 04AC-0C2B
Directory of C:\PROGRA~1
19. 11. 2016 14:42 <DIR> .
19. 11. 2016 14:42 <DIR> ..
25. 04. 2016 20:33 <DIR> Activ Software
25. 05. 2015 15:40 <DIR> Avid
04. 10. 2012 14:28 <DIR> Bonjour
30. 11. 2014 14:51 <DIR> CCleaner
21. 09. 2013 11:45 <DIR> Classic Shell
14. 11. 2015 11:19 <DIR> Common Files
31. 03. 2016 15:48 <DIR> DAEMON Tools Lite
25. 04. 2016 14:28 <DIR> DIFX
24. 09. 2014 20:02 <DIR> Embedded Lockdown Manager
04. 10. 2012 14:39 <DIR> Hewlett-Packard
04. 10. 2012 14:26 <DIR> IDT
04. 10. 2012 14:24 <DIR> Intel
11. 02. 2016 10:15 <DIR> Internet Explorer
06. 01. 2015 12:40 <DIR> iPod
06. 01. 2015 12:41 <DIR> iTunes
27. 02. 2016 17:34 <DIR> Microsoft Office
16. 01. 2016 17:21 <DIR> Microsoft Silverlight
11. 02. 2016 20:40 <DIR> Microsoft SQL Server
30. 11. 2014 13:10 <DIR> MSBuild
30. 11. 2014 13:10 <DIR> Reference Assemblies
04. 10. 2015 13:49 <DIR> Sweet Home 3D
30. 11. 2014 13:27 <DIR> Synaptics
15. 08. 2015 01:36 <DIR> Windows Defender
11. 02. 2016 10:15 <DIR> Windows Journal
16. 03. 2015 13:45 <DIR> Windows Mail
16. 03. 2015 13:45 <DIR> Windows Media Player
16. 03. 2015 13:45 <DIR> Windows Multimedia Platform
30. 11. 2014 14:05 <DIR> Windows NT
16. 03. 2015 13:45 <DIR> Windows Photo Viewer
16. 03. 2015 13:45 <DIR> Windows Portable Devices
16. 03. 2015 13:42 <DIR> WindowsPowerShell
02. 10. 2016 11:53 <DIR> wwchromek
0 File(s) 0 bytes
34 Dir(s) 486˙686˙208˙000 bytes free
========= End of CMD: =========
========= dir "C:\PROGRA~2" =========
Volume in drive C has no label.
Volume Serial Number is 04AC-0C2B
Directory of C:\PROGRA~2
19. 11. 2016 14:42 <DIR> .
19. 11. 2016 14:42 <DIR> ..
18. 09. 2016 13:25 <DIR> 297frauk
29. 06. 2016 09:36 <DIR> 9tmyu0s6
25. 04. 2016 21:44 <DIR> Activ Software
01. 01. 2015 18:15 <DIR> Adobe
06. 01. 2015 12:38 <DIR> Apple Software Update
24. 03. 2016 16:30 <DIR> Audacity
25. 05. 2015 15:48 <DIR> Avid
26. 12. 2014 14:43 <DIR> Bonjour
19. 11. 2016 14:42 <DIR> Common Files
22. 08. 2012 10:34 <DIR> Connected Music powered by Universal Music Group
04. 10. 2012 14:51 <DIR> CyberLink
27. 04. 2016 11:40 <DIR> Elex-tech
26. 04. 2016 17:24 <DIR> Flexibooks
05. 11. 2016 13:23 <DIR> Google
21. 09. 2013 11:46 <DIR> GRETECH
09. 10. 2016 11:44 <DIR> Gunone
04. 10. 2012 15:05 <DIR> Hewlett-Packard
03. 03. 2016 16:40 <DIR> HotPotatoes6
22. 08. 2012 10:33 <DIR> HPConnectedMusic
30. 11. 2014 13:44 <DIR> Intel
11. 02. 2016 10:15 <DIR> Internet Explorer
06. 01. 2015 12:41 <DIR> iTunes
09. 10. 2016 11:43 <DIR> kgdy5k8z
21. 09. 2013 12:10 <DIR> LibreOffice 4
17. 08. 2016 08:38 <DIR> m7ttvcf3
27. 02. 2016 17:36 <DIR> Microsoft Analysis Services
27. 02. 2016 17:40 <DIR> Microsoft Office
16. 01. 2016 17:21 <DIR> Microsoft Silverlight
11. 02. 2016 20:40 <DIR> Microsoft SQL Server
22. 08. 2012 10:29 <DIR> Microsoft SQL Server Compact Edition
27. 02. 2016 17:41 <DIR> Microsoft.NET
05. 11. 2016 12:17 <DIR> Mozilla Firefox
26. 11. 2015 14:05 <DIR> Mozilla Maintenance Service
30. 11. 2014 13:11 <DIR> MSBuild
05. 11. 2016 12:17 <DIR> Nvu
16. 06. 2016 11:35 <DIR> ok2sgrg0
18. 09. 2013 09:55 <DIR> Online Services
30. 07. 2014 18:51 <DIR> Origin Games
26. 07. 2016 11:16 <DIR> p6t7djon
21. 09. 2013 11:48 <DIR> Pidgin
14. 04. 2016 07:49 <DIR> QQBrowser
04. 10. 2012 14:30 <DIR> Ralink Corporation
19. 07. 2016 13:38 <DIR> rbxbicbr
04. 10. 2012 14:26 <DIR> Realtek
30. 11. 2014 13:11 <DIR> Reference Assemblies
14. 11. 2015 11:15 <DIR> Seznam.cz
12. 11. 2015 22:21 <DIR> Sibelius Software
30. 10. 2016 11:04 <DIR> Skype
04. 10. 2012 15:01 <DIR> SymSilent
31. 05. 2016 09:48 <DIR> TXQQBrowser
12. 11. 2016 18:27 <DIR> Uncheckit
09. 10. 2016 11:41 <DIR> UvConverter
29. 09. 2013 12:53 <DIR> Webteh
15. 08. 2015 01:36 <DIR> Windows Defender
22. 08. 2012 10:30 <DIR> Windows Live
16. 03. 2015 13:42 <DIR> Windows Mail
16. 03. 2015 13:42 <DIR> Windows Media Player
16. 03. 2015 13:42 <DIR> Windows Multimedia Platform
22. 08. 2013 16:36 <DIR> Windows NT
16. 03. 2015 13:42 <DIR> Windows Photo Viewer
16. 03. 2015 13:42 <DIR> Windows Portable Devices
22. 08. 2013 16:36 <DIR> WindowsPowerShell
03. 05. 2014 19:43 <DIR> WinRAR
31. 03. 2016 15:48 <DIR> Winsere
31. 03. 2016 15:48 <DIR> WinTaske
09. 09. 2016 07:36 <DIR> wsl1pk16
25. 08. 2016 13:29 <DIR> _SSpm
0 File(s) 0 bytes
69 Dir(s) 486˙686˙208˙000 bytes free
========= End of CMD: =========
========= dir "C:\PROGRA~3" =========
Volume in drive C has no label.
Volume Serial Number is 04AC-0C2B
Directory of C:\PROGRA~3
03. 05. 2016 11:55 <DIR> Activ Software
25. 04. 2016 20:26 <DIR> activboard.pnp
30. 09. 2013 11:09 <DIR> Adobe
06. 01. 2015 12:38 <DIR> Apple
06. 01. 2015 12:40 <DIR> Apple Computer
25. 05. 2015 17:03 <DIR> Avid
05. 11. 2016 12:02 <DIR> ChelfNotify
26. 08. 2014 17:46 <DIR> CyberLink
31. 03. 2016 15:44 <DIR> DAEMON Tools Lite
18. 04. 2016 16:56 <DIR> desktopfind
23. 12. 2014 16:46 <DIR> DivX
06. 01. 2015 12:41 <DIR> E1864A66-75E3-486a-BD95-D1B7D99A84A7
30. 07. 2014 18:40 <DIR> Electronic Arts
26. 04. 2016 17:24 <DIR> Flexibooks 4
12. 02. 2016 08:54 <DIR> Flexibooks pro Windows
04. 10. 2012 15:05 <DIR> Hewlett-Packard
09. 08. 2015 09:29 <DIR> HitmanPro
04. 10. 2012 14:39 <DIR> install_clap
04. 10. 2012 14:24 <DIR> Intel
06. 11. 2016 00:59 <DIR> Malwarebytes
27. 02. 2016 17:44 <DIR> Microsoft Help
14. 11. 2015 11:27 <DIR> Norton
04. 10. 2012 14:59 <DIR> NortonInstaller
25. 01. 2015 20:34 <DIR> Origin
25. 05. 2015 17:04 <DIR> Pinnacle
30. 11. 2014 13:44 <DIR> PRICache
25. 04. 2016 20:33 <DIR> Promethean
13. 02. 2015 12:04 <DIR> Qualcomm Atheros
27. 02. 2016 17:41 <DIR> regid.1991-06.com.microsoft
12. 11. 2015 22:32 <DIR> Sibelius Software
21. 09. 2016 19:23 <DIR> Skype
04. 10. 2012 14:35 <DIR> Synaptics
04. 10. 2012 14:49 <DIR> Temp
09. 10. 2016 11:44 <DIR> Tencent
02. 08. 2016 09:28 <DIR> uckt
31. 05. 2016 09:49 <DIR> Uncheckit
27. 04. 2016 11:39 <DIR> vreXjvX
10. 11. 2016 21:57 <DIR> WinSAPSvc
12. 11. 2015 22:22 464 {17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
22. 08. 2012 10:35 <DIR> {BE4DD016-EE56-4AC8-9832-69281423A3D4}
1 File(s) 464 bytes
39 Dir(s) 486˙686˙203˙904 bytes free
========= End of CMD: =========
========= dir "%localappdata%" =========
Volume in drive C has no label.
Volume Serial Number is 04AC-0C2B
Directory of C:\Users\Lenka\AppData\Local
19. 11. 2016 14:42 <DIR> .
19. 11. 2016 14:42 <DIR> ..
17. 03. 2016 08:14 <DIR> @ByELDI
20. 09. 2015 12:04 <DIR> Adobe
06. 01. 2015 12:38 <DIR> Apple
06. 01. 2015 12:42 <DIR> Apple Computer
20. 09. 2013 15:21 <DIR> Apps
24. 03. 2016 16:30 <DIR> Audacity
04. 02. 2015 19:59 <DIR> bluesoleil
05. 01. 2014 18:24 <DIR> CyberLink
12. 04. 2016 11:36 3˙584 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
14. 11. 2015 11:35 <DIR> Deployment
12. 10. 2016 21:33 <DIR> Diagnostics
15. 04. 2016 13:43 <DIR> Disc_Soft_Ltd
16. 07. 2016 14:08 <DIR> ElevatedDiagnostics
02. 11. 2016 20:08 <DIR> Google
09. 10. 2016 11:51 <DIR> Gunone
10. 07. 2015 11:47 <DIR> GWX
18. 09. 2013 10:44 <DIR> Hewlett-Packard
05. 11. 2016 13:12 <DIR> Jarhair
16. 12. 2015 21:53 <DIR> Macromedia
31. 08. 2016 09:00 <DIR> Microsoft
28. 02. 2016 19:38 <DIR> Microsoft Help
27. 02. 2016 17:49 <DIR> Microsoft Toolkit
13. 09. 2015 21:21 <DIR> Mozilla
30. 07. 2014 18:47 <DIR> Origin
05. 08. 2015 13:36 <DIR> Packages
14. 11. 2015 11:32 <DIR> Programs
22. 02. 2015 16:00 7˙601 Resmon.ResmonCfg
18. 01. 2016 17:24 <DIR> Skype
19. 11. 2016 14:40 <DIR> Temp
04. 04. 2016 14:18 <DIR> VirtualStore
27. 04. 2016 11:36 <DIR> vreXjvX
2 File(s) 11˙185 bytes
31 Dir(s) 486˙686˙199˙808 bytes free
========= End of CMD: =========
========= dir "%appdata%" =========
Volume in drive C has no label.
Volume Serial Number is 04AC-0C2B
Directory of C:\Users\Lenka\AppData\Roaming
19. 11. 2016 14:42 <DIR> .
19. 11. 2016 14:42 <DIR> ..
25. 04. 2016 14:28 <DIR> ACTIV Software
05. 11. 2015 20:18 <DIR> Adobe
06. 01. 2015 13:02 <DIR> Apple Computer
24. 03. 2016 19:18 <DIR> Audacity
25. 05. 2015 17:06 <DIR> Avid
19. 03. 2016 15:54 <DIR> BSplayer
29. 09. 2013 12:53 <DIR> BSplayer Pro
26. 08. 2014 17:46 <DIR> CyberLink
31. 03. 2016 16:16 <DIR> DAEMON Tools Lite
30. 11. 2014 14:20 <DIR> Dropbox
21. 04. 2016 10:44 <DIR> eCyber
27. 04. 2016 11:40 <DIR> Elex-tech
26. 04. 2016 17:20 <DIR> Flexibooks 4
12. 02. 2016 08:54 <DIR> Flexibooks pro Windows
21. 09. 2013 11:46 <DIR> GRETECH
19. 09. 2013 18:36 <DIR> Hewlett-Packard
18. 09. 2013 10:44 <DIR> hpqlog
30. 11. 2014 14:14 <DIR> Identities
05. 02. 2015 22:19 <DIR> InstallShield
22. 09. 2013 11:26 <DIR> LibreOffice
18. 09. 2013 10:24 <DIR> Macromedia
07. 09. 2015 14:18 <DIR> Mozilla
25. 02. 2016 16:30 <DIR> Nvu
13. 08. 2014 09:26 <DIR> Origin
15. 04. 2016 13:44 <DIR> Promethean
25. 08. 2016 13:30 <DIR> setup1
05. 11. 2016 12:17 <DIR> Seznam.cz
12. 11. 2015 22:32 <DIR> Sibelius Software
19. 11. 2016 14:31 <DIR> Skype
09. 08. 2015 09:35 <DIR> SpeedFox
18. 09. 2013 09:52 <DIR> Synaptics
31. 05. 2016 09:49 <DIR> Uncheckit
04. 10. 2015 15:25 <DIR> uTorrent
26. 08. 2014 17:47 <DIR> WebApp
03. 05. 2014 19:43 <DIR> WinRAR
05. 07. 2016 15:44 <DIR> WinZiper
05. 11. 2016 12:30 <DIR> Wise Disk Cleaner
24. 01. 2015 15:01 <DIR> Wise Registry Cleaner
0 File(s) 0 bytes
40 Dir(s) 486˙686˙199˙808 bytes free
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11890475 B
Java, Flash, Steam htmlcache => 1302 B
Windows/system/drivers => 45903335 B
Edge => 0 B
Chrome => 683315374 B
Firefox => 109851928 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 316376 B
systemprofile32 => 302261856 B
LocalService => 1558 B
NetworkService => 23208252 B
Lenka => 26595786 B
RecycleBin => 372959582 B
EmptyTemp: => 1.5 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 14:44:51 ====
Re: Prosím o kontrolu
Zkuste ted smazat AdwCleanerem i slozky, ktere smazat nesly a nasledne pouzit MBAM vizte me predesle prispevky.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Přispějete na provoz fóra?