VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu, problém s SavePass

https://forum.viry.cz:443/viewtopic.php?t=146063

Stránka 1 z 2

Prosím o kontrolu logu, problém s SavePass

Napsal: 15 zář 2015 18:00
od patakuta
Dobrý den,prosím o kontrolu logu, mám problém s SavePass,
děkuji moc předem.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2015-09-15 18:29:13
Microsoft Windows 8.1
System drive C: has 367 GB (79%) free of 463 GB
Total RAM: 3982 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:29:23, on 15. 9. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\SavePass 1.1\0eb47dd0-6b0f-4a96-9416-45f878ea0633-10.exe
C:\Program Files (x86)\CinemaP-1.9cV14.09\46e285ca-5961-40d6-9a99-596387629913-10.exe
C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2RkRZ_CLRQKx11roJ7nSoXvR0s9g99iJxP8DR2-_tHK_dw9EbNjpZMJtMztWS8Rhe4J7zQY7OOSifopE7BmZwcTEDfp1XxV8RYEDtt5_yAhUkVNMCg6F5OGAnvmMtKt0EIgidfDohF9caac&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2RkRZ_CLRQKx11roJ7nSoXvR0s9g99iJxP8DR2-_tHK_dw9EbNjpZMJtMztWS8Rhe4J7zQY7OOSifopE7BmZwcTEDfp1XxV8RYEDtt5_yAhUkVNMCg6F5OGAnvmMtKt0EIgidfDohF9caac&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2RkRZ_CLRQKx11roJ7nSoXvR0s9g99iJxP8DR2-_tHK_dw9EbNjpZMJtMztWS8Rhe4J7zQY7OOSifopE7BmZwcTEDfp1XxV8RYEDtt5_yAhUkVNMCg6F5OGAnvmMtKt0EIgidfDohF9caac&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2RkRZ_CLRQKx11roJ7nSoXvR0s9g99iJxP8DR2-_tHK_dw9EbNjpZMJtMztWS8RheLxT-yDaQ0B8vQSjrhUdgFVtHvyueTNede_3_8Sf3oNGbezbCHt3NHTODjfw6lamj7CpquB2Sg-Lf8l
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2RkRZ_CLRQKx11roJ7nSoXvR0s9g99iJxP8DR2-_tHK_dw9EbNjpZMJtMztWS8Rhe4J7zQY7OOSifopE7BmZwcTEDfp1XxV8RYEDtt5_yAhUkVNMCg6F5OGAnvmMtKt0EIgidfDohF9caac&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll
O4 - HKLM\..\Run: [AmIcoSinglun64] "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
O4 - HKLM\..\Run: [331BigDog] "C:\Program Files (x86)\USB Camera\VM331STI.EXE"
O4 - HKLM\..\Run: [Fastboot] "C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" /analysis
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKCU\..\Run: [Pokki] "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
O4 - Startup: Microsoft Toolkit Final.lnk = C:\ProgramData\{02ec46f7-e356-0791-02ec-c46f7e351bdf}\Microsoft Toolkit Final.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Application Hosting service (Application Hosting) - Unknown owner - C:\ProgramData\Application Hosting\Application Hosting.exe
O23 - Service: AVControlCenter - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
O23 - Service: @oem13.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: FastbootService - Lenovo - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem80.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Disk Low-res (lehicewu) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Lenovo Settings Service - Lenovo Group Limited - C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo AVFramework Camera Privacy Controller (LENOVO.CAMMUTE) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\cammute.exe
O23 - Service: Lenovo AVFramework Microphone Volume Controller and Dolby Interface (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe
O23 - Service: Lenovo AVFramework Virtual Camera Controller Service (LENOVO.TVTVCAM) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Location Task Manager (LocationTaskManager) - Unknown owner - C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
O23 - Service: LSCWinService - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe
O23 - Service: Lenovo Settings Power Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Lenovo QuickControl Master Service (QuickControlMasterSvc) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe
O23 - Service: Lenovo QuickControl Service (QuickControlService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: WdsManPro Service (WdsManPro) - DTools LIMITED - C:\ProgramData\UWdsManProU\WdsManPro.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12899 bytes

======Listing Processes======






wininit.exe
winlogon.exe

C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\windows\system32\ibmpmsvc.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
taskhostex.exe
"C:\ProgramData\Application Hosting\Application Hosting.exe"
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
C:\windows\Explorer.EXE
C:\windows\System32\svchost.exe -k utcsvc
dashost.exe {be023d37-f260-441e-9c606c1cd17e9820}
taskeng.exe {B49AC59D-0DDC-40B5-A6B4-D4997EAF5E52}
taskeng.exe {AC2FE601-B632-4D99-A5DE-D19730871245}
"C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe"
"C:\Program Files (x86)\SavePass 1.1\0eb47dd0-6b0f-4a96-9416-45f878ea0633-10.exe" /rawdata=MOilLoxjfAEZt3BGVPijdLwgp/J3N2Udr5e+rCQIFakedQPm51+gQZv5R/VDQoP8trbZs1QaW2Fa6Ff9XRC14ats/AZjfZMGoD6HcHsLm8Evvux5CaiEvrlseUOH4TKPIgET5BhHG5xglf/0wSmDWPb5bO2tAKVkVdN3w8mBmvBmdbLumsGY1BXOw/b8B2JjKfmGBW6pLr+9SXpm3wNviS2KUkdFgB/W+mzgIuetX64UB+0i270Nvw0hvfrzqeXQ77+tOMHrPgrr8H46pDy0s1Hgzslb8pfRu2vqeEVghkKXJ8bWsgaHbNWOTVlOckwQSg/6HiP1lKZyusu8CmPEFyBs5MuisRvfE0o0ipaZmRgJHEEFBIZrCEg0DTVgMZ2jYat+nlUalwLk6e1jcuTuhfi6tWRjTJs30ClCwODfMQKDj60/IDjnkrqOB6eGDJ08+69o8up+CMd2nUXa69sVuqCrD3bLeKQFFsViLd483eT305M1nkc4z9syJzIdM8panCyglvisa6VdVnFrcC2fFwLcnobBoiWN6qwlis+DUmZJar/hup1sorDWD/dlaHdm+uJox3mo7pZ5/OwxRLu/pXQOXTgF1qfnxNw+fX29hWL2nYlfaxUehqCHLgeDUH+SPF8B6/cizbLboedKZTe8ROD01D934RNHm8+HWUfFuFdEVVrS4TG0dVMbTKn/5RCf7ke0MzV28huMjlXn3ouqc66eKlE4Bu3tx3NIrYAy321P8QwTpxhE9EkH3mDkN3ZMmG1CWNBvL1gZZplTCm+oU8ApQ86Lu/H1jeHHkppAkgOaq0v252aZUnijj0Rpv2sxh2npEIbgCnU3tVxWy3U2iw==
"C:\Program Files (x86)\CinemaP-1.9cV14.09\46e285ca-5961-40d6-9a99-596387629913-10.exe" /rawdata=exOyYIwU8FTU/+TsNy7clzZ2uWb9NyKZmrBpzQUcqFA/cb+kIR9/7zfW+czXb1H1D4MCPtHM6btKQRHOnvgBJnu5SviR6hTFf/hedDf5MW/xOlinKuSoW08ky30Zcpdd/2XcayvwhmrjEjm3HLLGxsTJbb9VFIYBoVNJ0xwHxfdB2SDJ3cj7SFMBlmJV9n57a1VJ87NeTB/CTdPeaNdONnH5234x00lFHWRqpF+JLgWlgklQDhEbjnRZHnY+X+EGptH/5vZe+xTC5TsWiDjSRXtwmTlUW+dg3ApwnJikJh+r2WiWnoAbqwmd56Ks6YcAxQcle/bTYwME3ORxjgTJmaAZJ7RKFk7OARnP6PRxFEFJUooqXcPqBGcPkGG7hVpKifNOEqnfkbPGweRl8eSJXI0+iRjL7sLi9JILPSBg/iKCOyskCSXXibaHi2RaBeYWu5rz0FeyXVmGkUB5T9BnnREcCygkeHd0LExOg6im8qwybTSe8WgUByTP19TsynXwOOpBzXk8kISMZFNhA/OJAEUvun9he9LPPaUhZBgZBZNRFx+nm9MK8mkWVPDV58fI4zcQ488XQHQRJIKpRsafUhMEu94o0HkTLUlVRC1FOSHsCd6zaUW0vZuOJe9khp50TbnyNRbI+hObndtccI8w511a8/vVDcxWeMpVXiuZxlFTkupZMe5cMyb5WKKl7aocVGriIVWHVsN6iTBw//wKmzzxEnM6Zen38FqzNUoQscvbt4vXPjtXaYf5eWeIqTc5BKIw45JnquyHrGXVNX+3syl9WD0ON3lFrTvlUY+ZdTlvq8FeAJKnlfVC/KGGv+Q3DsGc1XeQST15gnA6mc4BgQ==
"C:\Program Files (x86)\SavePass 1.1\0eb47dd0-6b0f-4a96-9416-45f878ea0633-6.exe" /rawdata=O/NQm9cuHGwblP1Kyla4JANiayXWOVlmP5fgU2NvhfIpLmsE5D+sNd4bpAWBO0eH8CKkXDZzYWXH9+VGqQ16FvISVuniNQgPQH7s8z6sl/r+trOng5k1GEzCvbX5eZKd8jNuEPCfFQf+1ubUNNpzz6wByaZkKfxZ97qNtuH1kqAHUdGf+EEs68Qv1w5M7SwchnGnfMdhf0d+TT6DPQwbrm8/DhnJeSYgvX94dODCNfVgW0DXwZuuRlvC6o/jX5hE6EmTNWdVzQnnYDN7hmJz0rOBtxtm3hK9qjlwIByT0hXEmNjo3Acw5K17lqyPVk/D7XXXufIPXAnE5jNMYI/mDwTVMFdj+yzn34rHF5AUMoTOq3jbl4sN23th9nScJ+9zpfPXNdTn7iuwwT8sLfu2GNiO4+TsFYB+OlrvWYgm5y/MUhrMtkrWdJfxcPQQATBDFq9vh7Ix1XYBD57NWE9g/fG/upCUAIC2HAO5pp7Lkdgtb9YVT4KedBMq8zG6PQXYLF255qt+js0auOVr/FOhqQwHZskUtWmv7bivuQIyxttI59pWkSrHox7ynY6KfExgBuqqSsJ1Ji7X3oeP2QbtynUZ4G9h5NE3TwuXXfhWsme9sxEUyuznNuj8XNnrAkrtUBGDQHsg1eHHGkXwwpXHZjSNDIW5iqp18HVGW2G3baHF5FifguZMalPaDHDZAo3FnaA72wo5MbmgqSbyhJCJte4dhsPJBtjNj2FJNclLUEZqCxuHsKZDVhMP2zWxnbgLrCqKsr/o1LJatWomHCnCDh3+BUrpfIJjqfZ/46xtTaay1e+HIL+CnGaw2emsVOKQy87TnMemKF3cVA65bnJ1MGW/7leGpip6FyTAnVN7X0jDZhVohjLHWyuVNKWaQhlM/NAOwBLtYrZSQGbiEjBbBvdabLZrm/efwDw1QJc8+wKi++U0H8RwgEEg1X8ElObR2NB8SwA3SHMykicxQ/Txc9xCr+xqzRpNl6RFtZMQjzy5xCJC+9RK7hr0PYV0PEXMd2Uk6X6HljgOJT9Vj26BEBTdagfWglRA0c9DMzRbY3fvt9grzsjVzbPSRE0PqIFDi12BIHQGywZymPuxGdxeWOXAscHhD4XJWPMZGR5hZppgBmNpjfT5cRhuDR4s+DkSdVVqlFLgKNzKeFnpBopzRW5Rbl2VyRHrZc0HJKnaUx2dbmMI0BM7KYkOeStfBg/SMXasKT5X68w62tUrShV43iKPQ0xgl765vcxCPf4LPYpTHO53J5LKF29aKvtNP6s7M4lKXpQ9bA6Uac3zlvnxsn+bNez4/zSLhKy+p/h7BXnCmwfkDfEYgKpLdtO0GbmWhV6h9QFR8lXa3rVkhnXohX+ibmcprVB4CDOCgQPRhkrVE1gIRw4OkXvE1quCDK5wlwah6ivjjaB00Q+qV6EU2W4WHpA2bGfOcILSGzLrujVboPbMGYTEa+RncZEbmrfQC1rAtHLW4nBRykrplCnpLopJHR2KmoXRKxpNfrfgc5odZtF71z1Qp2F50GXQrhwUnIrEjXIV9hUwWEl+4ShmtM5gz/X4+rUoAYntfTPx7OWYDvS9dnhCkSpgsmv+6X0BxLP8usoe+SPlYdUlL7bQaa8gmf+hVHphUkogvEwsIRm1ttXfwlURhSW/72o8dASOVLeJdVXcy60kBwMvTlaBkl1QBnSVcLR0ZnKopNwRLrl7NTZwfAtaznCzpjV7aVRcsD+rzMXLHOmsXKRdQoErub4e/12Daiv0Pk97Kp+ZX8pBMHEA7vctyyOs4knD+gjlPyPYqWpnknJDchRaiC9MEQj97x8P1Yay1fIlBzcYdxvOxaCY+uQNAMxNBHAmmup8bXKHlA0D3DxwZyzsrHt68nHHCHlNQEuS6ojHgBDyZEEJha6I8nDEahRAvdF/UYLaLt4BPnFKGuQpn1fS75TtBHRbsk7PL1daigNTpJTV9ES0yRKEaATGrvmT6xPq8EORZSHizC10pty4swENlBb56FNSqswI3/yE0ZLTMCHVhNDga2O+tDzfesUAr6R8SPsGYyXIPGFIyzvMUgjCLPeMcL2M5FusBJapK/zOKOI5rhVlfOytowKLTCTAiWJa80ji3Dbc8jIgkHSPGUVAxUwm7TgNOUEZW0axhvyqKbKtWXGQr/aRTvP3NM7xJtKvO1R3U4Fy9CBhoPhpnjDa9RTQ12Y5mIxlgjg13eOsN7QPdClD6eBkB3zI9177BiLJ8jk4C/DBFiggoWfxoUVJaG2JiNRbC3i1x7qWJ93k4sRimEIU91FMnuhTSsdIf4GH2C1X5kTmY1oBc6p4S2bGCcvYumczXKe1W4g2obxqlmJoUR1Ctts+6y8NRM4qzRsOdktw1yz8vu4Atd3JAoO/8dS/GTVdN9Z1nVg8dCwCxFMUbAYV2yEjx5UnmPma9s32QLldTUi8Hbs3ZI32Rf5m0Ni04Ztf5/MA8FIccfjH7tW3Wcv04bpxp0aa2EvmUgmyKX1ox3FBhnn1Q0HkaWCzMZ5zCzWUzLsQQKsoRROPkMcnVSxAtOmb8/likGccPDbtT8QP
"C:\Program Files (x86)\SavePass 1.1\0eb47dd0-6b0f-4a96-9416-45f878ea0633-1-6.exe" /rawdata=jsvPG/CJHfKOM8nK6TVgfNp7UK+z/CTqH8LHKKD2R7tXpDlD6NfDN6vdGsqvIGJeqiG0+4eyF4eyNApfnH983hhhBBT1bWCHJUz3+xaMVWjT4HPN8XAR0scJCd6sS3G8t04Cf2NXyu6PcYlkhOGqC4PCbHE6h09LfvRPBMsWK3oXS7cJthpR+gGzCHhcfYVAwSVEJjBC/6EyjbOvQYSAZuslY3DEmS1HVrjJHe3BMmkhpO7sQhzPp4m+nQ3TnYahJZJPVyNHZbqloaD6+xb+Vhq9oiq9z9jzzXyw2I/3Fhmf1PLPodpxCfalfh7kmMMLhws89KA1rLjcsDV4kbF+G0UCZEZx/zdTSMYCPHYuKKz4EuwDLqhNh8UKOS924yZ2gG00bt1ZGHgv+BxswKq57iuWYEXA8VzTFD3+4EYCS2EeG1TTPJHfDycHp+GT6wCEPN32LnypEaCLyrPyO9KcnnTaYCuMw5f83RgMQ6qrfeWcwAPO5BJ0/xSLjCZ0PzXTXBaJBsP7Dwm1rtzyPpMDNOsVTz7hYGQ8gFbKyAnNROGbcRhKwDQePH5DIdpHcvG/SkTnNmyNS/lFGf5kgBOyzzt1ADR8dJ1e+CaM5Fzy7gNiPa85VF75H7NXikl0BHSsG4RE9L7VVW4bmfuL5rrRi9M4t1DFFSJVlNbSzoPPg1Uw4bs/kQad+XL+QIB/VuWM01fwdr9tomYIP1yuVd7avUfPviL4amfjf6DGxKyfsn2QhEAca5ZfvMhjic+s64qEKWNzKb7HEAVvmDDVg3ZsyOCiONre/jX4sQCtRBvNveX7FLtvunxSrhw98F7gITWwbcO4om+3UZb5Vhln4UoyeZBz/W3JN9VX12px+JSjjXznR2MTi0FjrvaQ0lLuoZ0iy2RaTcBxdF7AfO2gTY5lGI2RY0kze66snVsQ+uCTwmcXgDld1ZQqHjfYexC9Kz2/G/m/rnU1dFDbnUTyPn03x0sIN3uAir0+Z5guYq4PL/L6zUUX90pzXx2HSOIQsv3AICmHUeGOm/Hdh8DvLTN3SDO0brAkgJmo9/pTJdLAbku3hI6Q3cTh4iTR2PlnVtw8C/UmFIbEi///tWkezcpVOSS6ZuLuVRFXO3lAaUqy4ESFeioO4zF4JBYWMb0mQKRlWoRCgP89TYRFHG0Sibam+be1/8o86R37oFj5ntcpOcCVuxn3WxhJ6iYymgvP0DGKKL6zIJSa0x14Nn3JgviwpjiE7fiNSXdnDrp5xAKgpXnIB+qXAeeJj6OCBOuFUUIl2pvgAGLppfg0fDuHwHNvgUrNetjs0NvOtN55IAsHRYIl7fYfWPetizzUZrYFB0e/ZLEiFbUxDErM18KKNtd8AA==
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\5FDCB981-1442246806-11CB-ADD9-9EC32BD2304A\jnsv92E0.tmp"
"C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe"
"C:\Program Files\Lenovo\iMController\SystemAgentService.exe"
"C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe"
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
"C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\ProgramData\UWdsManProU\WdsManPro.exe -service
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe"
"C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
C:\Program Files\LENOVO\HOTKEY\tpnumlkd.exe
\??\C:\windows\system32\conhost.exe 0x4
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\Lenovo\HOTKEY\TPOSD.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.ShortcutKey
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Lenovo\QuickControl\QuickControlInput.exe" -default
"C:\Program Files (x86)\Lenovo\QuickControl\QuickControlInput.exe"
\??\C:\windows\system32\conhost.exe 0x4
\??\C:\windows\system32\conhost.exe 0x4
"C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe" /c /a /s UserSession
"C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe" /showasync
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe"
\??\C:\windows\system32\conhost.exe 0x4
C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "0x1244_0x7e0_0x5cf12004"
"C:\Program Files\CCleaner\CCleaner.exe" /uac
"C:\windows\system32\taskmgr.exe" /0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3928.0.687412979\1710851612" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,20,45 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0156 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3308 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group25 stable:pp1 prefetch_results:1 reuse_instant_search_base_page:1/*EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Disabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMin4/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_60/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="3928.2.1053008564\912914213" --font-cache-shared-handle=2232 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group25 stable:pp1 prefetch_results:1 reuse_instant_search_base_page:1/*EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Disabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMin4/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_60/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="3928.3.618990033\1503247593" --font-cache-shared-handle=2428 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3928.6.1556829326\1927760673" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group25 stable:pp1 prefetch_results:1 reuse_instant_search_base_page:1/*EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Disabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMin4/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_60/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="3928.7.717631692\517441315" --font-cache-shared-handle=5200 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group25 stable:pp1 prefetch_results:1 reuse_instant_search_base_page:1/*EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Disabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMin4/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_60/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="3928.8.1233835611\2024131388" --font-cache-shared-handle=5896 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group25 stable:pp1 prefetch_results:1 reuse_instant_search_base_page:1/*EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Disabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMin4/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_60/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="3928.9.1105837786\170709700" --font-cache-shared-handle=1880 /prefetch:673131151
"C:\totalcmd\TOTALCMD64.EXE"
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe9_ Global\UsGthrCtrlFltPipeMssGthrPipe9 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 564 568 576 65536 572
"C:\Users\Petr\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\windows\tasks\Launch 22503.job - C:\Program Files (x86)\YTDownloader\YTDownloader.exe /install /rnd=9176

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10 1042744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2015-07-14 2335960]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10 798008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10 1042744]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10 798008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LenovoOptMouseUpdate"=C:\Program Files\Lenovo\HOTKEY\extapsup.exe [2014-11-07 341448]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-09-13 13653208]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2013-09-26 391152]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2013-09-26 771056]
"Persistence"=C:\windows\system32\igfxpers.exe [2013-09-26 769520]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2013-09-05 601080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Pokki"=C:\Users\Petr\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe [2015-01-01 10232648]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2013-07-12 383768]
"331BigDog"=C:\Program Files (x86)\USB Camera\VM331STI.EXE [2013-03-12 548864]
"Fastboot"=C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [2014-05-15 750320]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Toolkit Final.lnk - C:\ProgramData\{02ec46f7-e356-0791-02ec-c46f7e351bdf}\Microsoft Toolkit Final.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2013-09-26 623104]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
"ConsentPromptBehaviorAdmin"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-09-15 18:29:14 ----D---- C:\Program Files\trend micro
2015-09-15 18:29:13 ----D---- C:\rsit
2015-09-14 18:14:05 ----D---- C:\ProgramData\UWdsManProU
2015-09-14 18:14:05 ----A---- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-14 18:13:37 ----D---- C:\Users\Petr\AppData\Roaming\istartsurf
2015-09-14 18:07:28 ----D---- C:\Program Files (x86)\4b61e4d0-f85c-4644-8288-a837efc16b23
2015-09-14 18:07:02 ----D---- C:\Program Files (x86)\SavePass 1.1
2015-09-14 18:06:46 ----D---- C:\Program Files (x86)\5FDCB981-1442246806-11CB-ADD9-9EC32BD2304A
2015-09-14 18:04:57 ----D---- C:\Users\Petr\AppData\Roaming\Mozilla
2015-09-14 18:04:52 ----D---- C:\ProgramData\Gravelexs
2015-09-14 18:04:44 ----D---- C:\ProgramData\Gravelex
2015-09-14 18:04:37 ----D---- C:\ProgramData\Application Hosting
2015-09-14 18:04:27 ----D---- C:\Program Files\Controller
2015-09-14 18:00:43 ----D---- C:\Program Files (x86)\2285a674-871e-49c9-b934-0f0813fec071
2015-09-14 18:00:30 ----D---- C:\Program Files (x86)\CinemaP-1.9cV14.09
2015-09-10 17:53:54 ----A---- C:\windows\SYSWOW64\InkEd.dll
2015-09-10 17:53:54 ----A---- C:\windows\system32\InkEd.dll
2015-09-10 17:53:52 ----A---- C:\windows\SYSWOW64\msxml6.dll
2015-09-10 17:53:52 ----A---- C:\windows\SYSWOW64\msxml3.dll
2015-09-10 17:53:52 ----A---- C:\windows\system32\msxml6.dll
2015-09-10 17:53:52 ----A---- C:\windows\system32\msxml3.dll
2015-09-10 17:53:51 ----A---- C:\windows\SYSWOW64\taskeng.exe
2015-09-10 17:53:51 ----A---- C:\windows\SYSWOW64\schtasks.exe
2015-09-10 17:53:51 ----A---- C:\windows\system32\taskeng.exe
2015-09-10 17:53:51 ----A---- C:\windows\system32\schtasks.exe
2015-09-10 17:53:51 ----A---- C:\windows\system32\schedsvc.dll
2015-09-10 17:53:50 ----A---- C:\windows\system32\Windows.UI.Immersive.dll
2015-09-10 17:53:49 ----A---- C:\windows\SYSWOW64\Windows.UI.Immersive.dll
2015-09-10 17:53:49 ----A---- C:\windows\system32\SettingSync.dll
2015-09-10 17:53:49 ----A---- C:\windows\system32\authui.dll
2015-09-10 17:53:48 ----A---- C:\windows\SYSWOW64\shacct.dll
2015-09-10 17:53:48 ----A---- C:\windows\SYSWOW64\SettingSync.dll
2015-09-10 17:53:48 ----A---- C:\windows\SYSWOW64\authui.dll
2015-09-10 17:53:48 ----A---- C:\windows\system32\shacct.dll
2015-09-10 17:53:45 ----A---- C:\windows\system32\mshtml.dll
2015-09-10 17:53:43 ----A---- C:\windows\SYSWOW64\mshtml.dll
2015-09-10 17:53:41 ----A---- C:\windows\system32\ieframe.dll
2015-09-10 17:53:40 ----A---- C:\windows\SYSWOW64\ieframe.dll
2015-09-10 17:53:39 ----A---- C:\windows\system32\jscript9.dll
2015-09-10 17:53:38 ----A---- C:\windows\SYSWOW64\jscript9.dll
2015-09-10 17:53:38 ----A---- C:\windows\system32\iertutil.dll
2015-09-10 17:53:37 ----A---- C:\windows\system32\wininet.dll
2015-09-10 17:53:36 ----A---- C:\windows\SYSWOW64\wininet.dll
2015-09-10 17:53:36 ----A---- C:\windows\SYSWOW64\jscript.dll
2015-09-10 17:53:36 ----A---- C:\windows\SYSWOW64\iertutil.dll
2015-09-10 17:53:36 ----A---- C:\windows\system32\urlmon.dll
2015-09-10 17:53:35 ----A---- C:\windows\SYSWOW64\vbscript.dll
2015-09-10 17:53:35 ----A---- C:\windows\SYSWOW64\urlmon.dll
2015-09-10 17:53:35 ----A---- C:\windows\system32\vbscript.dll
2015-09-10 17:53:35 ----A---- C:\windows\system32\jscript.dll
2015-09-10 17:53:35 ----A---- C:\windows\system32\iedkcs32.dll
2015-09-10 17:53:35 ----A---- C:\windows\system32\ie4uinit.exe
2015-09-10 17:53:34 ----A---- C:\windows\SYSWOW64\webcheck.dll
2015-09-10 17:53:34 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2015-09-10 17:53:34 ----A---- C:\windows\SYSWOW64\inetcomm.dll
2015-09-10 17:53:34 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2015-09-10 17:53:34 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2015-09-10 17:53:34 ----A---- C:\windows\system32\webcheck.dll
2015-09-10 17:53:34 ----A---- C:\windows\system32\msfeeds.dll
2015-09-10 17:53:34 ----A---- C:\windows\system32\inetcomm.dll
2015-09-10 17:53:34 ----A---- C:\windows\system32\ieapfltr.dll
2015-09-10 17:53:31 ----A---- C:\windows\SYSWOW64\atmlib.dll
2015-09-10 17:53:31 ----A---- C:\windows\SYSWOW64\atmfd.dll
2015-09-10 17:53:31 ----A---- C:\windows\system32\win32k.sys
2015-09-10 17:53:31 ----A---- C:\windows\system32\atmlib.dll
2015-09-10 17:53:31 ----A---- C:\windows\system32\atmfd.dll
2015-09-10 17:53:02 ----A---- C:\windows\SYSWOW64\appidapi.dll
2015-09-10 17:53:02 ----A---- C:\windows\system32\appidsvc.dll
2015-09-10 17:53:02 ----A---- C:\windows\system32\appidapi.dll
2015-09-04 17:22:38 ----A---- C:\windows\SYSWOW64\wuwebv.dll
2015-09-04 17:22:38 ----A---- C:\windows\SYSWOW64\wudriver.dll
2015-09-04 17:22:38 ----A---- C:\windows\SYSWOW64\wuapi.dll
2015-09-04 17:22:38 ----A---- C:\windows\system32\wuwebv.dll
2015-09-04 17:22:38 ----A---- C:\windows\system32\WUSettingsProvider.dll
2015-09-04 17:22:38 ----A---- C:\windows\system32\wudriver.dll
2015-09-04 17:22:38 ----A---- C:\windows\system32\wucltux.dll
2015-09-04 17:22:38 ----A---- C:\windows\system32\wuaueng.dll
2015-09-04 17:22:38 ----A---- C:\windows\system32\wuauclt.exe
2015-09-04 17:22:38 ----A---- C:\windows\system32\wuapi.dll
2015-09-04 17:22:37 ----A---- C:\windows\SYSWOW64\wuapp.exe
2015-09-04 17:22:37 ----A---- C:\windows\system32\wuapp.exe
2015-08-24 12:06:24 ----A---- C:\windows\system32\tpinspm.dll
2015-08-24 12:06:24 ----A---- C:\windows\system32\ibmpmsvc.exe
2015-08-24 12:06:24 ----A---- C:\windows\system32\ibmpmctl.exe
2015-08-24 12:06:24 ----A---- C:\windows\system32\drivers\ibmpmdrv.sys
2015-08-19 21:06:58 ----A---- C:\windows\SYSWOW64\tdh.dll
2015-08-19 21:06:58 ----A---- C:\windows\system32\UtcResources.dll
2015-08-19 21:06:58 ----A---- C:\windows\system32\tdh.dll
2015-08-19 21:06:58 ----A---- C:\windows\system32\diagtrack.dll
2015-08-19 21:06:57 ----A---- C:\windows\SYSWOW64\gdi32.dll
2015-08-19 21:06:57 ----A---- C:\windows\system32\gdi32.dll
2015-08-19 21:06:52 ----A---- C:\windows\system32\consent.exe
2015-08-19 21:06:41 ----A---- C:\windows\system32\SettingsHandlers.dll
2015-08-19 21:06:41 ----A---- C:\windows\system32\profsvc.dll
2015-08-19 21:06:17 ----A---- C:\windows\system32\tzsync.exe
2015-08-19 21:06:15 ----A---- C:\windows\system32\drivers\bthpan.sys

======List of files/folders modified in the last 1 month======

2015-09-15 18:29:21 ----D---- C:\windows\Prefetch
2015-09-15 18:29:14 ----RD---- C:\Program Files
2015-09-15 18:19:10 ----D---- C:\Windows
2015-09-15 18:19:07 ----D---- C:\windows\Temp
2015-09-15 18:15:16 ----D---- C:\windows\system32\sru
2015-09-15 16:34:42 ----D---- C:\windows\Inf
2015-09-15 16:34:41 ----D---- C:\windows\SoftwareDistribution
2015-09-15 16:32:03 ----D---- C:\windows\Tasks
2015-09-15 16:32:03 ----D---- C:\windows\system32\Tasks
2015-09-15 16:28:46 ----A---- C:\windows\SYSWOW64\log.txt
2015-09-15 16:24:44 ----SHD---- C:\System Volume Information
2015-09-14 18:54:07 ----D---- C:\Users\Petr\AppData\Roaming\TeamViewer
2015-09-14 18:53:56 ----D---- C:\windows\debug
2015-09-14 18:34:39 ----RD---- C:\Program Files (x86)
2015-09-14 18:29:58 ----D---- C:\windows\system32\drivers\etc
2015-09-14 18:19:40 ----D---- C:\Program Files (x86)\globalUpdate
2015-09-14 18:14:05 ----HD---- C:\ProgramData
2015-09-14 18:11:12 ----D---- C:\Users\Petr\AppData\Roaming\Seznam.cz
2015-09-14 18:11:06 ----D---- C:\Program Files (x86)\Seznam.cz
2015-09-14 18:08:56 ----D---- C:\Mrdník
2015-09-14 18:07:32 ----D---- C:\Program Files (x86)\166661be-d50c-4e96-95a3-0e3ca97841e0
2015-09-14 18:07:15 ----SHD---- C:\windows\Installer
2015-09-14 18:07:14 ----D---- C:\Program Files (x86)\Common Files
2015-09-14 18:05:59 ----RD---- C:\windows\System32
2015-09-14 18:04:52 ----D---- C:\windows\SysWOW64
2015-09-13 08:18:23 ----D---- C:\windows\AppReadiness
2015-09-10 21:47:35 ----D---- C:\windows\Microsoft.NET
2015-09-10 21:46:28 ----RSD---- C:\windows\assembly
2015-09-10 20:31:07 ----D---- C:\windows\system32\config
2015-09-10 18:27:32 ----D---- C:\windows\WinSxS
2015-09-10 18:23:33 ----D---- C:\windows\PolicyDefinitions
2015-09-10 18:23:33 ----D---- C:\Program Files\Internet Explorer
2015-09-10 18:23:33 ----D---- C:\Program Files (x86)\Internet Explorer
2015-09-10 18:15:31 ----D---- C:\ProgramData\Microsoft Help
2015-09-10 18:13:55 ----D---- C:\windows\CbsTemp
2015-09-10 18:12:26 ----D---- C:\windows\system32\catroot2
2015-09-10 18:11:17 ----D---- C:\Program Files\Windows Journal
2015-09-10 18:08:29 ----A---- C:\windows\win.ini
2015-09-10 18:04:11 ----D---- C:\windows\system32\MRT
2015-09-04 17:24:36 ----D---- C:\windows\system32\en-US
2015-09-04 17:24:36 ----D---- C:\windows\system32\cs-CZ
2015-09-04 15:58:26 ----D---- C:\Users\Petr\AppData\Roaming\MyPhoneExplorer
2015-08-28 20:05:49 ----D---- C:\windows\system32\drivers
2015-08-28 20:04:54 ----D---- C:\windows\system32\DriverStore
2015-08-28 19:30:23 ----D---- C:\Program Files\CCleaner
2015-08-26 18:37:02 ----A---- C:\windows\system32\MRT.exe
2015-08-19 21:19:22 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-08-19 21:07:08 ----D---- C:\windows\SYSWOW64\en-US
2015-08-19 21:07:08 ----D---- C:\windows\SYSWOW64\cs-CZ
2015-08-18 16:19:59 ----HD---- C:\Program Files\WindowsApps
2015-08-16 20:23:47 ----D---- C:\Program Files (x86)\TeamViewer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Fastboot;Fastboot; C:\windows\System32\DRIVERS\fastboot.sys [2014-05-15 65928]
R0 pwdrvio;pwdrvio; C:\windows\system32\pwdrvio.sys [2013-09-30 19152]
R0 SymEFASI;Symantec Extended File Attributes (SI); C:\windows\system32\drivers\NISx64\1605020.00F\SYMEFASI64.SYS [2015-07-11 1620720]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20150904.001\BHDrvx64.sys [2015-07-23 1650936]
R1 ccSet_NIS;NIS Settings Manager; C:\windows\system32\drivers\NISx64\1605020.00F\ccSetx64.sys [2015-07-11 173808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2015-07-27 498512]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20150914.001\IDSvia64.sys [2015-08-30 767224]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\windows\system32\drivers\NISx64\1605020.00F\SRTSP64.SYS [2015-07-11 926448]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\windows\system32\drivers\NISx64\1605020.00F\SRTSPX64.SYS [2015-07-11 50936]
R1 SymIRON;Symantec Iron Driver; C:\windows\system32\drivers\NISx64\1605020.00F\Ironx64.SYS [2015-07-11 297720]
R1 SymNetS;Symantec Network Security WFP Driver; C:\windows\system32\drivers\NISx64\1605020.00F\SYMNETS.SYS [2015-07-11 576248]
R1 TPPWRIF;TPPWRIF; C:\windows\System32\drivers\Tppwr64v.sys [2013-09-04 20736]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R3 AmUStor;@oem6.inf,%AmUStor.SvcDesc%;AM USB Stroage Driver; C:\windows\system32\drivers\AmUStor.SYS [2013-06-25 109336]
R3 bcbtums;@oem13.inf,%BCBTUMS.SvcDesc%;Bluetooth RAM Firmware Download USB Filter; C:\windows\system32\drivers\bcbtums.sys [2013-08-07 170712]
R3 BCM43XX;@oem15.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl63a.sys [2014-05-15 7474864]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\windows\System32\drivers\BthEnum.sys [2015-06-10 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\windows\System32\drivers\BthLEEnum.sys [2013-12-04 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\windows\System32\drivers\bthpan.sys [2015-07-10 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2015-06-10 81920]
R3 btwampfl;@oem13.inf,%btwampfl.ServiceName%;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2013-09-05 166104]
R3 btwaudio;@oem9.inf,%btaudio.SvcDesc%;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2013-07-11 186584]
R3 btwavdt;@oem9.inf,%btwavdt.SvcDesc%;Bluetooth AVDT; C:\windows\System32\drivers\btwavdt.sys [2013-07-11 228568]
R3 btwl2cap;@oem12.inf,%btwl2cap.SVCDESC%;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2012-07-27 40248]
R3 btwrchid;btwrchid; C:\windows\System32\drivers\btwrchid.sys [2013-07-11 38616]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-07-27 153936]
R3 IBMPMDRV;IBMPMDRV; C:\windows\system32\DRIVERS\ibmpmdrv.sys [2015-08-24 74432]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2013-09-26 4177920]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2013-09-13 3641688]
R3 IntcDAud;@oem17.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2013-09-26 449528]
R3 iwdbus;@oem20.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\windows\System32\drivers\iwdbus.sys [2013-08-23 26008]
R3 MEIx64;@oem21.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150914.008\ENG64.SYS [2015-05-20 138488]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150914.008\EX64.SYS [2015-05-20 2146040]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\System32\drivers\rfcomm.sys [2015-01-30 167424]
R3 RTL8168;@oem27.inf,%rtl8168.Service.DispName%;Inventec 8168 NT Driver; C:\windows\system32\DRIVERS\rtlh64.sys [2015-01-21 681688]
R3 SmbDrvI;SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-08-14 34544]
R3 SymEvent;SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [2015-08-02 111344]
R3 SynTP;@oem4.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2013-08-14 527600]
R3 vm331avs;@oem16.inf,%USBCamera.DeviceDesc2%;Digital Camera 1; C:\windows\System32\Drivers\vm331avs.sys [2013-09-11 1065344]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S0 SymELAM;Symantec ELAM Driver; C:\windows\system32\drivers\NISx64\1605020.00F\SymELAM.sys [2015-07-11 24192]
S2 SPDRIVER_1470.0.0.0;SPDRIVER_1470.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1470.0.0.0\jsdrv.sys []
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2015-06-10 1201664]
S3 e1iexpress;@net1ic64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\windows\system32\DRIVERS\e1i63x64.sys [2013-06-18 460288]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys []
S3 NETwNe64;@netwew00.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\windows\system32\DRIVERS\NETwew00.sys [2013-07-08 3344352]
S3 pwdspio;pwdspio; \??\C:\windows\system32\pwdspio.sys [2013-09-30 12504]
S3 usb_rndisx;@netrndis.inf,%usb_rndis.Service.DispName%;Adaptér USB RNDIS; C:\windows\system32\DRIVERS\usb8023x.sys [2013-08-22 20992]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Application Hosting;Application Hosting service; C:\ProgramData\Application Hosting\Application Hosting.exe [2015-09-10 49152]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2013-09-05 976600]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\windows\System32\svchost.exe [2014-10-29 38792]
R2 FastbootService;FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2014-05-15 140016]
R2 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-23 43696]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2015-07-16 244392]
R2 IBMPMSVC;@oem80.inf,%ibm.svcDesc0%;Lenovo PM Service; C:\windows\system32\ibmpmsvc.exe [2015-08-24 156912]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-09-16 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 lehicewu;Disk Low-res; C:\Program Files (x86)\5FDCB981-1442246806-11CB-ADD9-9EC32BD2304A\jnsv92E0.tmp [2015-09-14 181760]
R2 Lenovo Settings Service;Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2013-08-02 2045944]
R2 Lenovo System Agent Service;Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [2014-11-21 584960]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2014-07-08 115184]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 LocationTaskManager;Location Task Manager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [2013-06-22 465912]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe [2015-07-16 282016]
R2 QuickControlMasterSvc;Lenovo QuickControl Master Service; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [2013-07-17 59384]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-15 5426448]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2014-06-10 124400]
R3 QuickControlService;Lenovo QuickControl Service; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [2013-07-17 138232]
S2 BcmBtRSupport;@oem13.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service; C:\windows\system32\BtwRSupportService.exe [2013-08-07 2252504]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 AVControlCenter;AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [2013-09-05 573432]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\windows\System32\svchost.exe [2014-10-29 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2013-09-26 279024]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [2014-12-05 619776]
S3 LENOVO.CAMMUTE;Lenovo AVFramework Camera Privacy Controller; C:\Program Files\Lenovo\Communications Utility\cammute.exe [2013-09-05 511992]
S3 LENOVO.TPKNRSVC;Lenovo AVFramework Microphone Volume Controller and Dolby Interface; C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe [2013-09-05 511992]
S3 LENOVO.TVTVCAM;Lenovo AVFramework Virtual Camera Controller Service; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2013-09-05 694776]
S3 LSCWinService;LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2015-03-09 272440]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 150600]
S3 Power Manager DBC Service;Lenovo Settings Power Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2013-09-04 1668904]
S3 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2015-03-27 49136]
S4 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2014-12-11 111048]

-----------------EOF-----------------

Re: Prosím o kontrolu logu, problém s SavePass

Napsal: 15 zář 2015 18:14
od altrok
Krasny den Vam preju :bye:


:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan, pote na Cleaning
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Re: Prosím o kontrolu logu, problém s SavePass

Napsal: 15 zář 2015 18:32
od patakuta
# AdwCleaner v5.007 - Logfile created 15/09/2015 at 19:26:58
# Updated 08/09/2015 by Xplode
# Database : 2015-09-10.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Petr - PETR
# Running from : C:\Users\Petr\Desktop\adwcleaner_5.007.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : Application Hosting
[-] Service Deleted : WdsManPro
[-] Service Deleted : lehicewu
[-] Service Deleted : SPDRIVER_1470.0.0.0

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Controller
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\Sense
[-] Folder Deleted : C:\Program Files (x86)\supporter
[-] Folder Deleted : C:\Program Files (x86)\DeltaFix
[-] Folder Deleted : C:\Program Files (x86)\SavePass 1.1
[!] Folder Not Deleted : C:\Program Files (x86)\SavePass 1.1
[-] Folder Deleted : C:\Program Files (x86)\uonnIsaLesi
[-] Folder Deleted : C:\Program Files (x86)\5FDCB981-1442246806-11CB-ADD9-9EC32BD2304A
[-] Folder Deleted : C:\Program Files (x86)\CinemaP-1.9cV14.09
[!] Folder Not Deleted : C:\Program Files (x86)\SavePass 1.1
[!] Folder Not Deleted : C:\Program Files (x86)\Sense
[-] Folder Deleted : C:\ProgramData\Application Hosting
[-] Folder Deleted : C:\ProgramData\14914381252365429193
[-] Folder Deleted : C:\ProgramData\UWdsManProU
[-] Folder Deleted : C:\ProgramData\{02ec46f7-e356-0791-02ec-c46f7e351bdf}
[-] Folder Deleted : C:\Users\Petr\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Petr\AppData\Local\pokki
[-] Folder Deleted : C:\Users\Petr\AppData\Local\5FDCB981-1442254048-11CB-ADD9-9EC32BD2304A
[-] Folder Deleted : C:\Users\Petr\AppData\LocalLow\GoHD
[-] Folder Deleted : C:\Users\Petr\AppData\Roaming\istartsurf
[-] Folder Deleted : C:\Users\Petr\AppData\Roaming\pdfforge
[-] Folder Deleted : C:\Users\Petr\AppData\Roaming\Systweak

***** [ Files ] *****

[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\windows\Sysnative\roboot64.exe

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Installer_ytd
[-] Task Deleted : ShopperPro
[-] Task Deleted : ShopperProJSUpd
[-] Task Deleted : SPDriver
[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi
[-] Task Deleted : snp
[-] Task Deleted : snf
[-] Task Deleted : Launch 22503

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
[-] Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [GoHD-bg.exe]
[-] Key Deleted : HKLM\SOFTWARE\303609ee-b738-4c33-ab98-3b089df5f2c8
[-] Key Deleted : HKLM\SOFTWARE\3eb8d8f1-edd0-4820-8a86-23792d671a65
[-] Key Deleted : HKLM\SOFTWARE\5b76e92b-178e-4bce-90f7-5e00b7937577
[-] Key Deleted : HKLM\SOFTWARE\732c2868-7d7d-4a16-b753-7a688299a583
[-] Key Deleted : HKLM\SOFTWARE\97b88b4c-fc9c-47e5-8e3a-f1712345ee47
[-] Key Deleted : HKLM\SOFTWARE\f8f48787-c6d9-44ce-970d-7c2d3de7104a
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{be0fb33b}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43f9308e-d7cf-494b-a6e6-2e804bd32131}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6ff85064-bc73-4a40-927b-0033c4e8b13a}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7b4df98e-068f-4e9b-9ed3-e2649d611230}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{de930f91-8e17-411b-9516-cbbe1b1b880d}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43f9308e-d7cf-494b-a6e6-2e804bd32131}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6ff85064-bc73-4a40-927b-0033c4e8b13a}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7b4df98e-068f-4e9b-9ed3-e2649d611230}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{de930f91-8e17-411b-9516-cbbe1b1b880d}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Sense
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Sense
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\Pokki
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKCU\Software\CinemaP-1.9cV14.09
[-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
[!] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaP-1.9cV14.09
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\Pokki
[!] Key Not Deleted : [x64] HKCU\Software\systweak
[!] Key Not Deleted : [x64] HKCU\Software\OB
[!] Key Not Deleted : [x64] HKCU\Software\CinemaP-1.9cV14.09
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Sense
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Sense
[!] Key Not Deleted : HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\AppDataLow\Software\Crossrider
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\Sense
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\Sense
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[!] Key Not Deleted : HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[!] Key Not Deleted : HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [12136 bytes] ##########

Re: Prosím o kontrolu logu, problém s SavePass

Napsal: 15 zář 2015 18:33
od altrok
:arrow: Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

Re: Prosím o kontrolu logu, problém s SavePass

Napsal: 15 zář 2015 18:47
od patakuta
Chrome mi bohužel blokuje stažení http://vyosek.ic.cz/pro_usery/FRSTLauncher.exe
Zakázal jsem Norton, ale prohlížeč mne nechce pustit...

Re: Prosím o kontrolu logu, problém s SavePass

Napsal: 15 zář 2015 18:48
od altrok
Spustte tedy jen samotny FRST64.exe

Re: Prosím o kontrolu logu, problém s SavePass

Napsal: 15 zář 2015 18:57
od patakuta
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Petr (administrator) on PETR (15-09-2015 19:54:09)
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available Profiles: Petr)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlInput.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlInput.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [341448 2014-11-07] (Lenovo Group Limited)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [601080 2013-09-05] (Lenovo Corporation)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2013-07-12] (Alcor Micro Corp.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2013-03-12] (Vimicro)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [750320 2014-05-15] (Lenovo)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-05-15]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Toolkit Final.lnk [2015-01-13]
ShortcutTarget: Microsoft Toolkit Final.lnk -> C:\ProgramData\{02ec46f7-e356-0791-02ec-c46f7e351bdf}\Microsoft Toolkit Final.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E4A89FFE-DF86-42A1-AF88-D8B92EF9DA7A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2RkRZ_CLRQKx11roJ7nSoXvR0s9g99iJxP8DR2-_tHK_dw9EbNjpZMJtMztWS8Rhe4J7zQY7OOSifopE7BmZwcTEDfp1XxV8RYEDtt5_yAhUkVNMCg6F5OGAnvmMtKt0EIgidfDohF9caac&q={searchTerms}
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2RkRZ_CLRQKx11roJ7nSoXvR0s9g99iJxP8DR2-_tHK_dw9EbNjpZMJtMztWS8RheLxT-yDaQ0B8vQSjrhUdgFVtHvyueTNede_3_8Sf3oNGbezbCHt3NHTODjfw6lamj7CpquB2Sg-Lf8l
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2RkRZ_CLRQKx11roJ7nSoXvR0s9g99iJxP8DR2-_tHK_dw9EbNjpZMJtMztWS8Rhe4J7zQY7OOSifopE7BmZwcTEDfp1XxV8RYEDtt5_yAhUkVNMCg6F5OGAnvmMtKt0EIgidfDohF9caac&q={searchTerms}
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2RkRZ_CLRQKx11roJ7nSoXvR0s9g99iJxP8DR2-_tHK_dw9EbNjpZMJtMztWS8Rhe4J7zQY7OOSifopE7BmZwcTEDfp1XxV8RYEDtt5_yAhUkVNMCg6F5OGAnvmMtKt0EIgidfDohF9caac&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3072794237-2395381329-2881868175-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn [2015-09-15]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.cz/
CHR StartupUrls: Default -> "hxxps://www.google.cz/"
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-09-15]
CHR Extension: (AdBlock) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-09-14]
CHR Extension: (Komponenta pro aplikaci SERVIS 24) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gincjcoomijeeoddomaaimknmflggfnb [2015-09-15]
CHR Extension: (Norton™ Family) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp [2015-09-15]
CHR Extension: (Norton Safe) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-09-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-02]
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-02]
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573432 2013-09-05] (Lenovo Corporation)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-09-05] (Broadcom Corporation.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2014-05-15] (Lenovo)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-07-16] (Foxit Software Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [619776 2014-12-05] (Lenovo)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2045944 2013-08-02] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-11-21] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [694776 2013-09-05] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [465912 2013-06-22] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe [282016 2015-07-16] (Symantec Corporation)
R2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [59384 2013-07-17] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [138232 2013-07-17] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-03-27] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2014-05-15] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20150904.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R0 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [65928 2014-05-15] (Windows (R) Win 7 DDK provider)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20150914.001\IDSvia64.sys [767224 2015-08-30] (Symantec Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150914.008\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150914.008\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RTL8168; C:\Windows\system32\DRIVERS\rtlh64.sys [681688 2015-01-21] (Inventec )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605020.00F\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 19:54 - 2015-09-15 19:54 - 00022030 _____ C:\Users\Petr\Desktop\FRST.txt
2015-09-15 19:53 - 2015-09-15 19:54 - 00000000 ____D C:\FRST
2015-09-15 19:53 - 2015-09-15 19:40 - 02191360 _____ (Farbar) C:\Users\Petr\Desktop\FRST64.exe
2015-09-15 19:45 - 2015-09-15 19:45 - 00112640 _____ (forum.viry.cz) C:\Users\Petr\Downloads\Nepotvrzeno 254265.crdownload
2015-09-15 19:40 - 2015-09-15 19:40 - 02191360 _____ (Farbar) C:\Users\Petr\Downloads\FRST64.exe
2015-09-15 19:26 - 2015-09-15 19:26 - 00000000 ____D C:\AdwCleaner
2015-09-15 19:25 - 2015-09-15 19:23 - 01660416 _____ C:\Users\Petr\Desktop\adwcleaner_5.007.exe
2015-09-15 19:23 - 2015-09-15 19:23 - 01660416 _____ C:\Users\Petr\Downloads\adwcleaner_5.007.exe
2015-09-15 18:29 - 2015-09-15 18:29 - 00000000 ____D C:\rsit
2015-09-15 18:29 - 2015-09-15 18:29 - 00000000 ____D C:\Program Files\trend micro
2015-09-15 18:28 - 2015-09-15 18:28 - 01222144 _____ C:\Users\Petr\Downloads\RSITx64.exe
2015-09-15 18:16 - 2015-09-15 18:16 - 01307339 _____ C:\Users\Petr\Downloads\KMSpico V10.1.6 Portable By nova-s.zip
2015-09-15 16:35 - 2015-09-15 19:39 - 00000414 _____ C:\windows\setupact.log
2015-09-15 16:35 - 2015-09-15 16:35 - 00000000 _____ C:\windows\setuperr.log
2015-09-14 18:14 - 2015-09-14 18:14 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-14 18:07 - 2015-09-14 18:07 - 00000000 ____D C:\Program Files (x86)\4b61e4d0-f85c-4644-8288-a837efc16b23
2015-09-14 18:04 - 2015-09-14 18:19 - 00000000 ____D C:\ProgramData\Gravelex
2015-09-14 18:04 - 2015-09-14 18:04 - 00003286 _____ C:\windows\System32\Tasks\psv_vgx43evl
2015-09-14 18:04 - 2015-09-14 18:04 - 00003286 _____ C:\windows\System32\Tasks\psv_hyqxx21x
2015-09-14 18:04 - 2015-09-14 18:04 - 00003286 _____ C:\windows\System32\Tasks\psv_1h0ojtt5
2015-09-14 18:04 - 2015-09-14 18:04 - 00002385 _____ C:\windows\SysWOW64\findit.xml
2015-09-14 18:04 - 2015-09-14 18:04 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Mozilla
2015-09-14 18:04 - 2015-09-14 18:04 - 00000000 ____D C:\ProgramData\Gravelexs
2015-09-14 18:02 - 2015-09-14 18:04 - 00002302 _____ C:\Users\Default\Desktop\Google Chrome.lnk
2015-09-14 18:02 - 2015-09-14 18:04 - 00002302 _____ C:\Users\Default User\Desktop\Google Chrome.lnk
2015-09-14 18:02 - 2015-09-14 18:02 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-14 18:02 - 2015-09-14 18:02 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-14 18:00 - 2015-09-15 16:25 - 00000004 _____ C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-14 18:00 - 2015-09-14 18:00 - 00000000 ____D C:\Program Files (x86)\2285a674-871e-49c9-b934-0f0813fec071
2015-09-10 17:53 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-09-10 17:53 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-09-10 17:53 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-09-10 17:53 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-09-10 17:53 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-09-10 17:53 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-09-10 17:53 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-09-10 17:53 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-09-10 17:53 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-09-10 17:53 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-09-10 17:53 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-09-10 17:53 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-09-10 17:53 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-09-10 17:53 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-09-10 17:53 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-09-10 17:53 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-09-10 17:53 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-09-10 17:53 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-09-10 17:53 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-09-10 17:53 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-09-10 17:53 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-09-10 17:53 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-09-10 17:53 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-09-10 17:53 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-09-10 17:53 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-09-10 17:53 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-09-10 17:53 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-09-10 17:53 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-09-10 17:53 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-09-10 17:53 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-09-10 17:53 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-09-10 17:53 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-09-10 17:53 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-09-10 17:53 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-09-10 17:53 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-09-10 17:53 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-09-10 17:53 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-09-10 17:53 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-09-10 17:53 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-09-10 17:53 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-09-10 17:53 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-09-10 17:53 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\schtasks.exe
2015-09-10 17:53 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\windows\SysWOW64\schtasks.exe
2015-09-10 17:53 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2015-09-10 17:53 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\windows\system32\taskeng.exe
2015-09-10 17:53 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\windows\SysWOW64\taskeng.exe
2015-09-10 17:53 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-09-10 17:53 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-09-10 17:53 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-09-10 17:53 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Immersive.dll
2015-09-10 17:53 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-09-10 17:53 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-10 17:53 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\shacct.dll
2015-09-10 17:53 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2015-09-10 17:53 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\windows\SysWOW64\shacct.dll
2015-09-10 17:53 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2015-09-06 10:29 - 2015-09-06 10:29 - 00000000 ____D C:\Users\Petr\AppData\Local\PDFCreator
2015-09-04 17:22 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-09-04 17:22 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-09-04 17:22 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-09-04 17:22 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-09-04 17:22 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-09-04 17:22 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-09-04 17:22 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-09-04 17:22 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-09-04 17:22 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-09-04 17:22 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-09-04 17:22 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-09-04 17:22 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-09-01 18:55 - 2015-09-01 18:58 - 306469243 _____ C:\Users\Petr\Downloads\zlata-svatba (2).zip
2015-08-28 19:29 - 2015-08-28 19:29 - 06667640 _____ (Piriform Ltd) C:\Users\Petr\Downloads\ccsetup509.exe
2015-08-24 12:06 - 2015-08-24 12:06 - 00156912 _____ (Lenovo.) C:\windows\system32\ibmpmsvc.exe
2015-08-24 12:06 - 2015-08-24 12:06 - 00082664 _____ (Lenovo.) C:\windows\system32\ibmpmctl.exe
2015-08-24 12:06 - 2015-08-24 12:06 - 00074432 _____ (Lenovo.) C:\windows\system32\Drivers\ibmpmdrv.sys
2015-08-24 12:06 - 2015-08-24 12:06 - 00050928 _____ (Lenovo.) C:\windows\system32\tpinspm.dll
2015-08-19 21:06 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-08-19 21:06 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-08-19 21:06 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-08-19 21:06 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-08-19 21:06 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\tzsync.exe
2015-08-19 21:06 - 2015-07-13 21:10 - 00411455 _____ C:\windows\system32\ApnDatabase.xml
2015-08-19 21:06 - 2015-07-10 21:06 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthpan.sys
2015-08-19 21:06 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-08-19 21:06 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-08-19 21:06 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-08-19 21:06 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-08-19 21:06 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 19:32 - 2015-01-14 18:34 - 00000966 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-15 19:29 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-15 19:25 - 2015-01-13 16:05 - 00000000 ____D C:\Users\Petr\Documents\Soubory aplikace Outlook
2015-09-15 19:00 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\sru
2015-09-15 17:35 - 2015-01-13 07:55 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3072794237-2395381329-2881868175-1001
2015-09-15 16:50 - 2015-08-02 12:45 - 00033792 ___SH C:\Users\Petr\Desktop\Thumbs.db
2015-09-15 16:50 - 2015-01-13 13:03 - 00000000 ____D C:\Users\Petr\AppData\Local\CrashDumps
2015-09-15 16:32 - 2015-01-13 08:00 - 00003950 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{5F01318A-3608-47A0-89E4-36668DEB0483}
2015-09-15 07:08 - 2015-01-14 18:34 - 00000970 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-14 19:50 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-09-14 18:54 - 2015-01-15 17:04 - 00000000 ____D C:\Users\Petr\AppData\Roaming\TeamViewer
2015-09-14 18:42 - 2015-01-13 07:49 - 00001437 _____ C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-14 18:39 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-09-14 18:37 - 2015-01-14 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-14 18:11 - 2015-01-13 14:55 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Seznam.cz
2015-09-14 18:11 - 2015-01-13 14:55 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-09-14 18:08 - 2015-01-12 20:01 - 00000000 ____D C:\Mrdník
2015-09-14 18:07 - 2015-08-02 11:17 - 00000000 ____D C:\Users\Petr\AppData\Local\NPE
2015-09-14 18:07 - 2015-01-13 13:49 - 00000000 ____D C:\Program Files (x86)\166661be-d50c-4e96-95a3-0e3ca97841e0
2015-09-14 18:02 - 2015-01-13 07:58 - 00002322 _____ C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-09-13 14:24 - 2015-01-13 08:01 - 00000000 ____D C:\Users\Petr\AppData\Local\Google
2015-09-13 08:18 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2015-09-10 18:26 - 2013-08-22 16:44 - 00484344 _____ C:\windows\system32\FNTCACHE.DAT
2015-09-10 18:23 - 2013-08-22 17:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-09-10 18:15 - 2015-01-13 12:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-10 18:14 - 2015-01-13 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-10 18:13 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2015-09-10 18:11 - 2013-08-22 21:12 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 18:08 - 2013-08-22 15:25 - 00000199 _____ C:\windows\win.ini
2015-09-10 18:04 - 2015-01-12 19:38 - 00000000 ____D C:\windows\system32\MRT
2015-09-04 15:58 - 2015-01-15 17:08 - 00000000 ____D C:\Users\Petr\AppData\Roaming\MyPhoneExplorer
2015-08-31 16:03 - 2015-01-14 18:34 - 00003942 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-31 16:03 - 2015-01-14 18:34 - 00003706 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-28 19:30 - 2015-01-12 17:39 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-28 19:30 - 2015-01-12 17:39 - 00000000 ____D C:\Program Files\CCleaner
2015-08-26 18:37 - 2015-01-12 19:38 - 134753440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-20 20:03 - 2015-01-13 13:21 - 00003086 _____ C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3072794237-2395381329-2881868175-1001
2015-08-20 20:03 - 2015-01-13 13:21 - 00000000 ___RD C:\Users\Petr\OneDrive
2015-08-19 21:19 - 2014-05-15 23:58 - 00739924 _____ C:\windows\system32\perfh005.dat
2015-08-19 21:19 - 2014-05-15 23:58 - 00151610 _____ C:\windows\system32\perfc005.dat
2015-08-19 21:19 - 2013-10-07 20:27 - 01745984 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-16 20:23 - 2015-01-15 16:43 - 00000000 ____D C:\Program Files (x86)\TeamViewer

==================== Files in the root of some directories =======

2015-01-13 07:50 - 2015-01-16 15:48 - 0001532 _____ () C:\Users\Petr\AppData\Roaming\AbsoluteReminder.xml
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Petr\AppData\Roaming\USy2CCOlv8Q9kg8r1H
2015-09-14 18:04 - 2015-09-14 18:04 - 0000187 _____ () C:\Users\Petr\AppData\Local\High-dexon.exe.config
2015-01-13 07:49 - 2015-01-13 07:50 - 0000193 _____ () C:\Users\Petr\AppData\Local\RegisteredPackageInformation.xml
2014-05-15 23:08 - 2014-05-15 23:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-14 18:14 - 2015-09-14 18:14 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Some files in TEMP:
====================
C:\Users\Petr\AppData\Local\Temp\1077.exe
C:\Users\Petr\AppData\Local\Temp\23.exe
C:\Users\Petr\AppData\Local\Temp\379.exe
C:\Users\Petr\AppData\Local\Temp\8178.exe
C:\Users\Petr\AppData\Local\Temp\sqlite3.dll
C:\Users\Petr\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-31 22:36

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Petr (2015-09-15 19:54:58)
Running from C:\Users\Petr\Desktop
Windows 8.1 (X64) (2015-01-13 05:48:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3072794237-2395381329-2881868175-500 - Administrator - Disabled)
Guest (S-1-5-21-3072794237-2395381329-2881868175-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3072794237-2395381329-2881868175-1003 - Limited - Enabled)
Petr (S-1-5-21-3072794237-2395381329-2881868175-1001 - Administrator - Enabled) => C:\Users\Petr

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.3.0.1 - Absolute Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.17.3042.73586 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.17.3042.73586 - Alcor Micro Corp.) Hidden
AuthenTec Fingerprint Driver (Version: 1.6.2.352 - AuthenTec) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.143 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Dependency Package Update (Version: 1.6.30.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.124.715 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.911.31 - Vimicro)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.32.00 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.20 - Lenovo)
Lenovo QuickControl (HKLM-x32\...\{4855C42F-5197-4AAD-A50D-5066D2CC4647}) (Version: 1.10 - Lenovo Group Limited)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.1.5.100 - Lenovo Corporation)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 1.3.0.7 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0034 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\...\OneDriveSetup.exe) (Version: 17.3.5930.0814 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.2.15 - Symantec Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.60.00 - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 2.1.1.0 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.11.0 - Lenovo Group Limited)
SnapDo (HKLM-x32\...\{E41714BF-4B8E-42E9-B3B2-1EC19A8FEA70}) (Version: 1.0.0.0 - Resoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0405-0000-0000000FF1CE}_Office15.PROPLUSR_{6B99320D-817F-42CE-B45E-5C9AD42678E3}) (Version: - Microsoft)
Windows Driver Package - Lenovo 1.67.03.13 (08/27/2013 1.67.03.13) (HKLM\...\06FCBD562EA7843DCF8171AC0E58EC3257006F0D) (Version: 08/27/2013 1.67.03.13 - Lenovo)
WinRAR 5.11 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

01-08-2015 22:03:12 Windows Update
12-08-2015 18:35:28 Windows Update
17-08-2015 18:52:30 Windows Update
28-08-2015 19:40:10 Windows Update
04-09-2015 17:22:50 Windows Update
10-09-2015 17:55:43 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {000138C9-7E22-4CE6-80A6-55D666EAC894} - System32\Tasks\AVFramework-TaskStartUserServer32-1S => C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe [2013-09-05] (Lenovo Corporation)
Task: {01AFF626-84A4-4854-A9C5-71267BA8C84E} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {0EEE40D5-6FBC-4FB8-9E4D-756CA49E4EF5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {11DF38BE-1217-4D1A-A078-0638634A7717} - System32\Tasks\{DD7A8BBA-52BC-4C50-9786-4DC6E514EA4F} => pcalua.exe -a C:\Users\Petr\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=obw <==== ATTENTION
Task: {15E0E54A-C461-4AD7-9233-EB42DE701BC6} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-11-21] ()
Task: {16DD4D36-8A51-4ED9-8229-AB4D0E7CAC98} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {174C5A3D-2A2E-4ECE-8E70-7E89CF34C483} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {2900F244-8EAB-4DAE-ADAB-303E0778035E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {34018CDD-AD20-4A81-AC5E-2BBFC1EC9EB1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {643FAD9C-1298-40A2-8AAE-ECEEEA69FCC6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {79E426B5-8817-48A1-923A-9F20917A7FB3} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-03-09] (Lenovo)
Task: {9CC3F0A3-097C-4135-B930-5DEC726BBAFF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {A3534826-24DA-4538-AACD-3686B1B650B0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {B01B221D-D98C-4B53-8BEB-37B8FE03B440} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {BA7D2392-B553-42FD-90BD-47362B9F2FEC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {BE5D01EE-D805-4EBC-8F1C-09F8E567F2F2} - \54e4bb8e-ee78-4533-96db-fc372d538e3e-5_user -> No File <==== ATTENTION
Task: {C10FE623-3942-44A6-980B-B18649B48681} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {C8EF3042-7BC5-449D-9ADD-92664666A2B7} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3072794237-2395381329-2881868175-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {CBFA5AE8-9919-435D-993A-EC4068306525} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-03-27] ()
Task: {CCC51CA5-19F5-48C5-AEF0-C95B3F3BCA15} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-11-21] (Lenovo)
Task: {D74BD9B3-52DF-4776-ACB1-E95A637E50D3} - \54e4bb8e-ee78-4533-96db-fc372d538e3e-5 -> No File <==== ATTENTION
Task: {D7A2E941-FAD3-4729-B356-D1DE0C609F5B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {D95A35CF-0EFD-4A55-AEC9-EAB02DD6F14C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {E03E8370-D90B-492F-A304-AC813BEAD695} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {E225ECF4-A0A7-4C87-B789-94497E90CB02} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-14] (Synaptics Incorporated)
Task: {E4D983D0-AE1A-4746-B014-BB6AC9A51D63} - System32\Tasks\psv_hyqxx21x => cmd.exe /c regedit.exe /s "C:\ProgramData\Gravelex\0sxfmgoj.5ba.reg" & del "C:\ProgramData\Gravelex\0sxfmgoj.5ba.reg" & SCHTASKS /Delete /TN "psv_hyqxx21x" /F
Task: {E93167FC-A5C0-4CBB-90F2-4EF416358259} - System32\Tasks\psv_1h0ojtt5 => cmd.exe /c regedit.exe /s "C:\ProgramData\Gravelex\cdp4srip.uzd.reg" & del "C:\ProgramData\Gravelex\cdp4srip.uzd.reg" & SCHTASKS /Delete /TN "psv_1h0ojtt5" /F
Task: {E9995DC9-2403-4F44-85DC-C998B5E7574B} - System32\Tasks\psv_vgx43evl => cmd.exe /c regedit.exe /s "C:\ProgramData\Gravelex\hs1itvgl.glx.reg" & del "C:\ProgramData\Gravelex\hs1itvgl.glx.reg" & SCHTASKS /Delete /TN "psv_vgx43evl" /F
Task: {EB39FE7E-1214-4098-8F07-6265ADE72958} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-03-09] (Lenovo)
Task: {F6C581F0-97D9-4653-A767-621382644245} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()
Task: {FA60DEB1-FC8E-4244-B6EF-DED7CE301553} - System32\Tasks\PMTask => C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe
Task: {FFD982D4-382D-4307-B584-35B21F72B11B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 05:13 - 2013-09-05 05:13 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2013-06-22 00:42 - 2013-06-22 00:42 - 00465912 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
2013-06-22 00:42 - 2013-06-22 00:42 - 00014328 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
2015-09-10 21:47 - 2015-09-10 21:47 - 00799232 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Networking\86865ced79f3180ebdfa736d895e5edb\Windows.Networking.ni.dll
2015-01-20 18:56 - 2015-01-20 18:56 - 01282048 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Devices\4764145200fcd33a90ced1505892fce6\Windows.Devices.ni.dll
2015-09-10 21:47 - 2015-09-10 21:47 - 00228864 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\16c3eb7650767d95d002c998d0c73eb5\Windows.Foundation.ni.dll
2015-09-04 16:09 - 2015-08-28 02:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-04 16:09 - 2015-08-28 02:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
2014-05-15 23:35 - 2013-09-16 06:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Petr\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Lenovo\thinkdesktop.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run: => "LenovoOptMouseUpdate"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "LENOVO.TPKNRRES"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "PWMTRV"
HKLM\...\StartupApproved\Run32: => "Fastboot"
HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64"
HKLM\...\StartupApproved\Run32: => "331BigDog"
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\...\StartupApproved\Run: => "Pokki"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2DFFC117-1FE9-4625-B35B-C1B8D64EB347}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{1884D0CF-AEA7-48B5-AFD3-D95E8D868161}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{83C7EC8D-FBD5-4174-823A-9235CFC20EFA}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{242BE525-0FDA-4D4F-9C58-0D4715DFFDE3}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{36456033-5283-42B4-A630-F22BD4E665A9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FAE1593E-61EB-4C06-B6D8-D01376CA760E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3721407C-21A5-4184-8615-60266BE55142}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1290800E-9527-49B3-A4B9-234A13972AE4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BC224488-920D-40D5-A5E0-BAAA764F1E7F}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{6962BB00-FCDF-405A-ADEB-05AD4ED889D5}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{3E20C757-27D1-423B-9B6E-4C05B4BF0A57}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Lenovo Primary iM Controller
Description: Lenovo Primary iM Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo Corporation
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Lenovo Settings Power
Description: Lenovo Settings Power
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo Corporation
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Lenovo Settings Camera Audio
Description: Lenovo Settings Camera Audio
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo Corporation
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2015 07:36:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Petr)
Description: Aplikaci E046963F.LenovoSupport_k1h2ywk1493x8!App se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (09/15/2015 07:36:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Petr)
Description: Aplikaci E046963F.LenovoSupport_k1h2ywk1493x8!App se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (09/15/2015 04:50:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 6.3.9600.17667, časové razítko: 0x54c6f7c2
Název chybujícího modulu: USER32.dll, verze: 6.3.9600.17936, časové razítko: 0x55a68e0c
Kód výjimky: 0xc0000142
Posun chyby: 0x00000000000ec4e0
ID chybujícího procesu: 0xde0
Čas spuštění chybující aplikace: 0xexplorer.exe0
Cesta k chybující aplikaci: explorer.exe1
Cesta k chybujícímu modulu: explorer.exe2
ID zprávy: explorer.exe3
Úplný název chybujícího balíčku: explorer.exe4
ID aplikace související s chybujícím balíčkem: explorer.exe5

Error: (09/15/2015 04:35:39 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (09/15/2015 04:31:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Petr)
Description: Aplikaci E046963F.LenovoSupport_k1h2ywk1493x8!App se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (09/15/2015 04:31:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Petr)
Description: Aplikaci E046963F.LenovoSupport_k1h2ywk1493x8!App se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (09/15/2015 07:02:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Petr)
Description: Aplikaci E046963F.LenovoSupport_k1h2ywk1493x8!App se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (09/15/2015 07:02:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Petr)
Description: Aplikaci E046963F.LenovoSupport_k1h2ywk1493x8!App se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (09/14/2015 06:45:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Petr)
Description: Aplikaci E046963F.LenovoSupport_k1h2ywk1493x8!App se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (09/14/2015 06:45:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Petr)
Description: Aplikaci E046963F.LenovoSupport_k1h2ywk1493x8!App se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.


System errors:
=============
Error: (09/15/2015 07:29:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN se nepodařilo spustit.

Cesta k modulu: C:\windows\System32\bcmihvsrv64.dll
Kód chyby: 126

Error: (09/15/2015 07:28:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Lenovo PM Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/15/2015 07:27:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
%%1056

Error: (09/15/2015 07:26:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Disk Low-res byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/15/2015 07:26:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Location Task Manager byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/15/2015 07:26:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) ME Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/15/2015 07:26:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba WdsManPro Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/15/2015 07:26:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Lenovo Hotkey Client Loader byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/15/2015 07:26:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Lenovo QuickControl Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/15/2015 07:26:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.


CodeIntegrity:
===================================
Date: 2015-08-02 12:45:37.930
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-02 12:45:37.210
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-02 12:45:36.096
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-02 12:45:35.311
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-02 12:45:34.484
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-02 12:45:33.119
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-02 12:45:30.675
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-02 12:45:28.652
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-02 12:45:25.833
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-02 12:45:24.304
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU 2030M @ 2.50GHz
Percentage of memory in use: 40%
Total physical RAM: 3982.22 MB
Available physical RAM: 2357.43 MB
Total Virtual: 4686.22 MB
Available Virtual: 2987.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:452.13 GB) (Free:357.68 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: AC1F4A03)

Partition: GPT.

==================== End of Addition.txt ============================

Re: Prosím o kontrolu logu, problém s SavePass

Napsal: 15 zář 2015 19:02
od patakuta
Omlouvám se, nedočetl jsem návod až do konce, tak ještě posílám zabalený Addition.rar

Re: Prosím o kontrolu logu, problém s SavePass

Napsal: 15 zář 2015 19:11
od altrok
:arrow: Na co Vam je tohle? C:\Users\Petr\Downloads\KMSpico V10.1.6 Portable By nova-s.zip

:arrow: Toto rozsireni jste si do Chromu dnes nainstaloval? Komponenta pro aplikaci SERVIS 24


  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
File: C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
Folder: C:\Program Files (x86)\2285a674-871e-49c9-b934-0f0813fec071
Folder: C:\ProgramData\Gravelex
Folder: C:\ProgramData\Gravelexs
Folder: C:\Program Files (x86)\4b61e4d0-f85c-4644-8288-a837efc16b23
Folder: C:\Users\Petr\AppData\Roaming\Seznam.cz
Folder: C:\Program Files (x86)\Seznam.cz
Startup: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Toolkit Final.lnk [2015-01-13]
ShortcutTarget: Microsoft Toolkit Final.lnk -> C:\ProgramData\{02ec46f7-e356-0791-02ec-c46f7e351bdf}\Microsoft Toolkit Final.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... hF9caac&q={searchTerms}
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... uB2Sg-Lf8l
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... hF9caac&q={searchTerms}
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... hF9caac&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3072794237-2395381329-2881868175-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
2015-09-15 19:54 - 2015-09-15 19:54 - 00022030 _____ C:\Users\Petr\Desktop\FRST.txt
2015-09-15 19:45 - 2015-09-15 19:45 - 00112640 _____ (forum.viry.cz) C:\Users\Petr\Downloads\Nepotvrzeno 254265.crdownload
2015-09-15 19:40 - 2015-09-15 19:40 - 02191360 _____ (Farbar) C:\Users\Petr\Downloads\FRST64.exe
2015-09-15 19:26 - 2015-09-15 19:26 - 00000000 ____D C:\AdwCleaner
2015-09-15 19:25 - 2015-09-15 19:23 - 01660416 _____ C:\Users\Petr\Desktop\adwcleaner_5.007.exe
2015-09-15 19:23 - 2015-09-15 19:23 - 01660416 _____ C:\Users\Petr\Downloads\adwcleaner_5.007.exe
2015-09-15 18:29 - 2015-09-15 18:29 - 00000000 ____D C:\rsit
2015-09-15 18:29 - 2015-09-15 18:29 - 00000000 ____D C:\Program Files\trend micro
2015-09-15 18:28 - 2015-09-15 18:28 - 01222144 _____ C:\Users\Petr\Downloads\RSITx64.exe
2015-09-15 18:16 - 2015-09-15 18:16 - 01307339 _____ C:\Users\Petr\Downloads\KMSpico V10.1.6 Portable By nova-s.zip
2015-09-14 18:14 - 2015-09-14 18:14 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-14 18:07 - 2015-09-14 18:07 - 00000000 ____D C:\Program Files (x86)\4b61e4d0-f85c-4644-8288-a837efc16b23
2015-09-14 18:04 - 2015-09-14 18:19 - 00000000 ____D C:\ProgramData\Gravelex
2015-09-14 18:04 - 2015-09-14 18:04 - 00003286 _____ C:\windows\System32\Tasks\psv_vgx43evl
2015-09-14 18:04 - 2015-09-14 18:04 - 00003286 _____ C:\windows\System32\Tasks\psv_hyqxx21x
2015-09-14 18:04 - 2015-09-14 18:04 - 00003286 _____ C:\windows\System32\Tasks\psv_1h0ojtt5
2015-09-14 18:04 - 2015-09-14 18:04 - 00000000 ____D C:\ProgramData\Gravelexs
2015-09-14 18:00 - 2015-09-14 18:00 - 00000000 ____D C:\Program Files (x86)\2285a674-871e-49c9-b934-0f0813fec071
2015-09-14 18:11 - 2015-01-13 14:55 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Seznam.cz
2015-09-14 18:11 - 2015-01-13 14:55 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Petr\AppData\Roaming\USy2CCOlv8Q9kg8r1H
2014-05-15 23:08 - 2014-05-15 23:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-14 18:14 - 2015-09-14 18:14 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Task: {11DF38BE-1217-4D1A-A078-0638634A7717} - System32\Tasks\{DD7A8BBA-52BC-4C50-9786-4DC6E514EA4F} => pcalua.exe -a C:\Users\Petr\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=obw <==== ATTENTION
Task: {BE5D01EE-D805-4EBC-8F1C-09F8E567F2F2} - \54e4bb8e-ee78-4533-96db-fc372d538e3e-5_user -> No File <==== ATTENTION
Task: {D74BD9B3-52DF-4776-ACB1-E95A637E50D3} - \54e4bb8e-ee78-4533-96db-fc372d538e3e-5 -> No File <==== ATTENTION
Task: {E4D983D0-AE1A-4746-B014-BB6AC9A51D63} - System32\Tasks\psv_hyqxx21x => cmd.exe /c regedit.exe /s "C:\ProgramData\Gravelex\0sxfmgoj.5ba.reg" & del "C:\ProgramData\Gravelex\0sxfmgoj.5ba.reg" & SCHTASKS /Delete /TN "psv_hyqxx21x" /F
Task: {E93167FC-A5C0-4CBB-90F2-4EF416358259} - System32\Tasks\psv_1h0ojtt5 => cmd.exe /c regedit.exe /s "C:\ProgramData\Gravelex\cdp4srip.uzd.reg" & del "C:\ProgramData\Gravelex\cdp4srip.uzd.reg" & SCHTASKS /Delete /TN "psv_1h0ojtt5" /F
Task: {E9995DC9-2403-4F44-85DC-C998B5E7574B} - System32\Tasks\psv_vgx43evl => cmd.exe /c regedit.exe /s "C:\ProgramData\Gravelex\hs1itvgl.glx.reg" & del "C:\ProgramData\Gravelex\hs1itvgl.glx.reg" & SCHTASKS /Delete /TN "psv_vgx43evl" /F
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End

Re: Prosím o kontrolu logu, problém s SavePass

Napsal: 15 zář 2015 19:26
od patakuta
K těm dotazům:
to KMSpico - jsem něco zkoušel, připouštím, že při tom jsem si ten notebook zasvinil, jsem osel, moje chyba :(
na a ten servis24 je potřeba k homebanking české spořitelny...

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Petr (2015-09-15 20:18:02) Run:1
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available Profiles: Petr)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
Folder: C:\Program Files (x86)\2285a674-871e-49c9-b934-0f0813fec071
Folder: C:\ProgramData\Gravelex
Folder: C:\ProgramData\Gravelexs
Folder: C:\Program Files (x86)\4b61e4d0-f85c-4644-8288-a837efc16b23
Folder: C:\Users\Petr\AppData\Roaming\Seznam.cz
Folder: C:\Program Files (x86)\Seznam.cz
Startup: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Toolkit Final.lnk [2015-01-13]
ShortcutTarget: Microsoft Toolkit Final.lnk -> C:\ProgramData\{02ec46f7-e356-0791-02ec-c46f7e351bdf}\Microsoft Toolkit Final.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... hF9caac&q={searchTerms}
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... uB2Sg-Lf8l
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... hF9caac&q={searchTerms}
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... hF9caac&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3072794237-2395381329-2881868175-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
2015-09-15 19:54 - 2015-09-15 19:54 - 00022030 _____ C:\Users\Petr\Desktop\FRST.txt
2015-09-15 19:45 - 2015-09-15 19:45 - 00112640 _____ (forum.viry.cz) C:\Users\Petr\Downloads\Nepotvrzeno 254265.crdownload
2015-09-15 19:40 - 2015-09-15 19:40 - 02191360 _____ (Farbar) C:\Users\Petr\Downloads\FRST64.exe
2015-09-15 19:26 - 2015-09-15 19:26 - 00000000 ____D C:\AdwCleaner
2015-09-15 19:25 - 2015-09-15 19:23 - 01660416 _____ C:\Users\Petr\Desktop\adwcleaner_5.007.exe
2015-09-15 19:23 - 2015-09-15 19:23 - 01660416 _____ C:\Users\Petr\Downloads\adwcleaner_5.007.exe
2015-09-15 18:29 - 2015-09-15 18:29 - 00000000 ____D C:\rsit
2015-09-15 18:29 - 2015-09-15 18:29 - 00000000 ____D C:\Program Files\trend micro
2015-09-15 18:28 - 2015-09-15 18:28 - 01222144 _____ C:\Users\Petr\Downloads\RSITx64.exe
2015-09-15 18:16 - 2015-09-15 18:16 - 01307339 _____ C:\Users\Petr\Downloads\KMSpico V10.1.6 Portable By nova-s.zip
2015-09-14 18:14 - 2015-09-14 18:14 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-14 18:07 - 2015-09-14 18:07 - 00000000 ____D C:\Program Files (x86)\4b61e4d0-f85c-4644-8288-a837efc16b23
2015-09-14 18:04 - 2015-09-14 18:19 - 00000000 ____D C:\ProgramData\Gravelex
2015-09-14 18:04 - 2015-09-14 18:04 - 00003286 _____ C:\windows\System32\Tasks\psv_vgx43evl
2015-09-14 18:04 - 2015-09-14 18:04 - 00003286 _____ C:\windows\System32\Tasks\psv_hyqxx21x
2015-09-14 18:04 - 2015-09-14 18:04 - 00003286 _____ C:\windows\System32\Tasks\psv_1h0ojtt5
2015-09-14 18:04 - 2015-09-14 18:04 - 00000000 ____D C:\ProgramData\Gravelexs
2015-09-14 18:00 - 2015-09-14 18:00 - 00000000 ____D C:\Program Files (x86)\2285a674-871e-49c9-b934-0f0813fec071
2015-09-14 18:11 - 2015-01-13 14:55 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Seznam.cz
2015-09-14 18:11 - 2015-01-13 14:55 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Petr\AppData\Roaming\USy2CCOlv8Q9kg8r1H
2014-05-15 23:08 - 2014-05-15 23:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-14 18:14 - 2015-09-14 18:14 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Task: {11DF38BE-1217-4D1A-A078-0638634A7717} - System32\Tasks\{DD7A8BBA-52BC-4C50-9786-4DC6E514EA4F} => pcalua.exe -a C:\Users\Petr\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=obw <==== ATTENTION
Task: {BE5D01EE-D805-4EBC-8F1C-09F8E567F2F2} - \54e4bb8e-ee78-4533-96db-fc372d538e3e-5_user -> No File <==== ATTENTION
Task: {D74BD9B3-52DF-4776-ACB1-E95A637E50D3} - \54e4bb8e-ee78-4533-96db-fc372d538e3e-5 -> No File <==== ATTENTION
Task: {E4D983D0-AE1A-4746-B014-BB6AC9A51D63} - System32\Tasks\psv_hyqxx21x => cmd.exe /c regedit.exe /s "C:\ProgramData\Gravelex\0sxfmgoj.5ba.reg" & del "C:\ProgramData\Gravelex\0sxfmgoj.5ba.reg" & SCHTASKS /Delete /TN "psv_hyqxx21x" /F
Task: {E93167FC-A5C0-4CBB-90F2-4EF416358259} - System32\Tasks\psv_1h0ojtt5 => cmd.exe /c regedit.exe /s "C:\ProgramData\Gravelex\cdp4srip.uzd.reg" & del "C:\ProgramData\Gravelex\cdp4srip.uzd.reg" & SCHTASKS /Delete /TN "psv_1h0ojtt5" /F
Task: {E9995DC9-2403-4F44-85DC-C998B5E7574B} - System32\Tasks\psv_vgx43evl => cmd.exe /c regedit.exe /s "C:\ProgramData\Gravelex\hs1itvgl.glx.reg" & del "C:\ProgramData\Gravelex\hs1itvgl.glx.reg" & SCHTASKS /Delete /TN "psv_vgx43evl" /F
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End

*****************

Restore point was successfully created.
Processes closed successfully.

========================= File: C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 ========================

File not signed
MD5: 6BA5072BBAD73158F2907FA73D82C48D
Creation and modification date: 2015-09-14 18:00 - 2015-09-15 16:25
Size: 0000004
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======


========================= Folder: C:\Program Files (x86)\2285a674-871e-49c9-b934-0f0813fec071 ========================

2015-09-14 18:00 - 2015-09-14 18:00 - 0209488 _____ () C:\Program Files (x86)\2285a674-871e-49c9-b934-0f0813fec071\913096c1-b551-4f3e-98c3-acf2696f24e7.dll
2015-09-14 18:00 - 2015-09-14 18:00 - 0187472 _____ () C:\Program Files (x86)\2285a674-871e-49c9-b934-0f0813fec071\af4a8f5a-6445-4d07-9565-2af003f637cb.dll

====== End of Folder: ======


========================= Folder: C:\ProgramData\Gravelex ========================

2015-09-14 18:04 - 2015-09-14 18:04 - 0000385 _____ () C:\ProgramData\Gravelex\0sxfmgoj.5ba.reg
2015-09-14 18:04 - 2015-09-14 18:04 - 0000385 _____ () C:\ProgramData\Gravelex\cdp4srip.uzd.reg
2015-09-14 18:04 - 2015-09-14 18:04 - 0000471 _____ () C:\ProgramData\Gravelex\conf.config
2015-09-10 15:44 - 2015-09-14 18:04 - 0065616 _____ () C:\ProgramData\Gravelex\Config.xml
2015-09-10 15:44 - 2015-09-10 15:44 - 6156288 _____ () C:\ProgramData\Gravelex\Gravelex.dll
2015-08-09 11:26 - 2015-08-09 11:26 - 0000267 _____ () C:\ProgramData\Gravelex\Gravelex.exe.config
2015-09-14 18:04 - 2015-09-14 18:04 - 0000342 _____ () C:\ProgramData\Gravelex\GrooveDanlax.exe.config
2015-09-14 18:04 - 2015-09-14 18:04 - 0000385 _____ () C:\ProgramData\Gravelex\hs1itvgl.glx.reg
2015-09-14 18:04 - 2015-09-14 18:04 - 1182720 _____ () C:\ProgramData\Gravelex\Lam-Touch.bin
2015-09-14 18:04 - 2015-09-14 18:04 - 0530944 _____ () C:\ProgramData\Gravelex\Lexi-Bam.bin
2015-09-14 18:04 - 2015-09-14 18:04 - 0530944 _____ () C:\ProgramData\Gravelex\Lexi-Bam.bin.bck
2015-09-14 18:05 - 2015-09-14 18:05 - 0005904 _____ () C:\ProgramData\Gravelex\PrxCfg.xml
2015-09-14 18:04 - 2015-09-14 18:04 - 0000892 _____ () C:\ProgramData\Gravelex\Softsing.exe.config
2015-09-14 18:04 - 2015-09-14 18:04 - 1397760 _____ () C:\ProgramData\Gravelex\Strongron.bin
2015-09-14 18:04 - 2015-09-14 18:04 - 0258048 _____ () C:\ProgramData\Gravelex\Subsing.exe
2015-09-14 18:04 - 2015-09-14 18:04 - 0000342 _____ () C:\ProgramData\Gravelex\Subsing.exe.config
2015-09-14 18:04 - 2015-09-14 18:04 - 1308160 _____ () C:\ProgramData\Gravelex\Treslux.bin
2015-09-14 18:04 - 2015-09-14 18:04 - 0089224 _____ (Redquote) C:\ProgramData\Gravelex\uninstall.exe
2015-09-14 18:04 - 2015-09-14 18:04 - 0227840 _____ () C:\ProgramData\Gravelex\Zoosoft.exe
2015-09-14 18:04 - 2015-09-14 18:04 - 0000342 _____ () C:\ProgramData\Gravelex\Zoosoft.exe.config
2015-09-14 18:04 - 2015-09-14 18:04 - 0000000 ____D () C:\ProgramData\Gravelex\ondemand
2015-09-14 18:04 - 2015-09-14 18:04 - 0000000 ____D () C:\ProgramData\Gravelex\temp

====== End of Folder: ======


========================= Folder: C:\ProgramData\Gravelexs ========================

2015-09-14 18:04 - 2015-09-14 18:04 - 0000213 _____ () C:\ProgramData\Gravelexs\ff.HP
2015-09-14 18:04 - 2015-09-14 18:04 - 0000229 _____ () C:\ProgramData\Gravelexs\ff.NT
2015-09-14 18:04 - 2015-09-14 18:04 - 0000211 _____ () C:\ProgramData\Gravelexs\snp.sc

====== End of Folder: ======


========================= Folder: C:\Program Files (x86)\4b61e4d0-f85c-4644-8288-a837efc16b23 ========================

2015-09-14 18:07 - 2015-09-14 18:07 - 0167936 _____ () C:\Program Files (x86)\4b61e4d0-f85c-4644-8288-a837efc16b23\23a7c564-31eb-4ba7-8aab-bbc8770a5169.dll
2015-09-14 18:07 - 2015-09-14 18:07 - 0202752 _____ () C:\Program Files (x86)\4b61e4d0-f85c-4644-8288-a837efc16b23\89804f33-11c3-4023-a035-996676ecc7d7.dll

====== End of Folder: ======


========================= Folder: C:\Users\Petr\AppData\Roaming\Seznam.cz ========================

2015-09-14 18:01 - 2013-05-16 15:26 - 2589256 _____ () C:\Users\Petr\AppData\Roaming\Seznam.cz\~~erase-2126953-5972-51766.$$$
2015-09-14 18:01 - 2013-05-16 15:25 - 1062472 _____ () C:\Users\Petr\AppData\Roaming\Seznam.cz\~~erase-2126953-5972-69288.$$$
2015-09-14 18:10 - 2015-09-14 18:11 - 0042815 _____ () C:\Users\Petr\AppData\Roaming\Seznam.cz\install.log
2015-09-14 18:01 - 2015-09-14 18:11 - 0000000 ____D () C:\Users\Petr\AppData\Roaming\Seznam.cz\~~erase-2126968-5972-77742.$$$
2015-09-14 18:01 - 2015-05-26 13:37 - 0078504 _____ () C:\Users\Petr\AppData\Roaming\Seznam.cz\~~erase-2126968-5972-77742.$$$\~~erase-2126953-5972-47813.$$$
2015-09-14 18:01 - 2015-05-26 13:35 - 0079872 _____ () C:\Users\Petr\AppData\Roaming\Seznam.cz\~~erase-2126968-5972-77742.$$$\~~erase-2126953-5972-48030.$$$

====== End of Folder: ======


========================= Folder: C:\Program Files (x86)\Seznam.cz ========================


====== End of Folder: ======

C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Toolkit Final.lnk => moved successfully
C:\ProgramData\{02ec46f7-e356-0791-02ec-c46f7e351bdf}\Microsoft Toolkit Final.exe => not found.
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value removed successfully
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\hkhkiakolggnnicallabhkobalpeplpi" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hkhkiakolggnnicallabhkobalpeplpi" => key removed successfully
MBAMSwissArmy => service removed successfully
C:\Users\Petr\Desktop\FRST.txt => moved successfully
C:\Users\Petr\Downloads\Nepotvrzeno 254265.crdownload => moved successfully
C:\Users\Petr\Downloads\FRST64.exe => moved successfully
C:\AdwCleaner => moved successfully
C:\Users\Petr\Desktop\adwcleaner_5.007.exe => moved successfully
C:\Users\Petr\Downloads\adwcleaner_5.007.exe => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\Petr\Downloads\RSITx64.exe => moved successfully
C:\Users\Petr\Downloads\KMSpico V10.1.6 Portable By nova-s.zip => moved successfully
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully
C:\Program Files (x86)\4b61e4d0-f85c-4644-8288-a837efc16b23 => moved successfully
C:\ProgramData\Gravelex => moved successfully
C:\windows\System32\Tasks\psv_vgx43evl => moved successfully
C:\windows\System32\Tasks\psv_hyqxx21x => moved successfully
C:\windows\System32\Tasks\psv_1h0ojtt5 => moved successfully
C:\ProgramData\Gravelexs => moved successfully
C:\Program Files (x86)\2285a674-871e-49c9-b934-0f0813fec071 => moved successfully
C:\Users\Petr\AppData\Roaming\Seznam.cz => moved successfully
C:\Program Files (x86)\Seznam.cz => moved successfully
C:\Users\Petr\AppData\Roaming\USy2CCOlv8Q9kg8r1H => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
"C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11DF38BE-1217-4D1A-A078-0638634A7717}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11DF38BE-1217-4D1A-A078-0638634A7717}" => key removed successfully
C:\windows\System32\Tasks\{DD7A8BBA-52BC-4C50-9786-4DC6E514EA4F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DD7A8BBA-52BC-4C50-9786-4DC6E514EA4F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BE5D01EE-D805-4EBC-8F1C-09F8E567F2F2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE5D01EE-D805-4EBC-8F1C-09F8E567F2F2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\54e4bb8e-ee78-4533-96db-fc372d538e3e-5_user" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D74BD9B3-52DF-4776-ACB1-E95A637E50D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D74BD9B3-52DF-4776-ACB1-E95A637E50D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\54e4bb8e-ee78-4533-96db-fc372d538e3e-5" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4D983D0-AE1A-4746-B014-BB6AC9A51D63}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4D983D0-AE1A-4746-B014-BB6AC9A51D63}" => key removed successfully
C:\windows\System32\Tasks\psv_hyqxx21x => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_hyqxx21x" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E93167FC-A5C0-4CBB-90F2-4EF416358259}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E93167FC-A5C0-4CBB-90F2-4EF416358259}" => key removed successfully
C:\windows\System32\Tasks\psv_1h0ojtt5 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_1h0ojtt5" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9995DC9-2403-4F44-85DC-C998B5E7574B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9995DC9-2403-4F44-85DC-C998B5E7574B}" => key removed successfully
C:\windows\System32\Tasks\psv_vgx43evl => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_vgx43evl" => key removed successfully
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 211.2 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 20:18:37 ====

Re: Prosím o kontrolu logu, problém s SavePass

Napsal: 15 zář 2015 19:33
od altrok
patakuta píše:to KMSpico - jsem něco zkoušel
Takove veci zkouset na pocitaci, kde provozujete internetove bankovnictvi... mate muj respekt.



Nastehoval jste si tam haveti az na pudu, takze jeste casove narocnejsi sken.

:arrow: Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=144868
  • Upozorneni: tento sken zabere od 30 minut po nekolik hodin

Re: Prosím o kontrolu logu, problém s SavePass

Napsal: 15 zář 2015 19:55
od patakuta
U toho slova respekt chápu ironii ( spoustu ), hájit se tím, že mi to někdo poradil je pitomost, je to přece můj PC, ale chybu někdy udělá každý... :(

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 15. 9. 2015
Čas skenování: 20:42
Protokol: brk.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.09.15.06
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Petr

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 351403
Uplynulý čas: 9 min, 0 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Vypnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 141
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E41714BF-4B8E-42E9-B3B2-1EC19A8FEA70}, , [1220d060810a74c258e4851aff05db25],
PUP.Optional.ApplicationHosting, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Application Hosting.exe, , [0230939dc2c9d85ef2a6433dfc08bc44],
PUP.Optional.SavePass, HKLM\SOFTWARE\WOW6432NODE\SavePass 1.1-nv, , [86ac53dd2467979f478d60509272ab55],
PUP.Optional.SavePass, HKLM\SOFTWARE\WOW6432NODE\SavePass 1.1-nv-ie, , [d35f0e22b6d5b4824e863080cb3935cb],
PUP.Optional.WdsManPro, HKLM\SOFTWARE\WOW6432NODE\WdsManPro, , [76bc5bd56724f34391da6862e91b26da],
PUP.Optional.ApplicationHosting, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Application Hosting.exe, , [f24032fe91fa53e34751d4acbb4941bf],
PUP.Optional.Cinema, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\CinemaP-1.9cV14.09-nv, , [11212b050c7f46f09e4b93f3a1633ec2],
PUP.Optional.Cinema, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\CinemaP-1.9cV14.09-nv-ie, , [5bd758d8018a999d25c4d8ae11f313ed],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11037C80-97F6-42E9-9BF1-514E799A7BB4}, , [91a1f7396427de58a69066286d9756aa],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14FE1F62-BF74-4A94-8A8C-32303E5E10EB}, , [6cc6d060c6c588ae11257a1412f250b0],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{15B04779-FF55-4DDE-A1C6-619ACE25CAFF}, , [2f0381afc5c6d5610036414d897bf50b],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{15CFAEDD-7651-464E-843F-6C222550D469}, , [3df5ac842566ab8b49edfb93aa5a20e0],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{15EFECA1-7474-4643-88A9-7E8C886345E9}, , [949ec66a0982290dad88fd9150b449b7],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{18558475-37DC-44DD-9BDE-FDB4FBC93210}, , [8da5e64a404bbd7974c1820cc341758b],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{18F0DAAD-4EAE-4132-9BEC-5661BEA8209F}, , [5dd58aa6246735013cf991fd27ddc13f],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1BB7D810-52FF-4129-A955-23DFD524CAC0}, , [c36f57d93b50ac8a69ccb5d9ec18a45c],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{22410BE7-5C10-4A69-BE23-BD5A37F1FC58}, , [0b271c14127952e4f045dbb3ff0505fb],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2AEE021C-A0F1-4639-8264-9820B633AB58}, , [ba78d25ed8b3e056d561d9b59b69a759],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2AF933A2-29F0-4869-A11F-E2175D2A6F93}, , [de54929ebfccfa3ca590771757ada060],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2DE15259-8202-49A5-ACF9-5E4C8C7AAE3F}, , [78bab47ccfbcfb3bf541206e7490f709],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E183BC5-40A5-41CA-8B17-C1618F511E8F}, , [9c9645ebdab164d2db5b8a04f4107090],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2F8AC400-2E07-40D6-AC71-966028AC782D}, , [062c032d6526be781f17ade17292af51],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3010E91D-6831-4E07-81EF-29E5206AC2F5}, , [9999220e3d4e9f97f73e731bee16f10f],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3062582C-2F20-4903-94EF-F82EC8251A11}, , [87abf33d32592c0ada5b246a55afaa56],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{33C5A64F-2D0E-4F47-A4F9-DFDE625F82D9}, , [32008ca4a2e93501f6401b73d4300df3],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3597592E-2A1D-402B-9F7F-3D3E57AFCAC4}, , [81b1929eb8d37fb7ef47b9d59470758b],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{35F38732-742C-4037-9FE2-798A71BFBB81}, , [2b070e227e0d2d098ea7d0be10f4e31d],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{369878E7-A26F-447D-88A8-DC898538A0EC}, , [072bfe328dfe64d20530abe3c34117e9],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{377CC6AA-7400-4E74-8847-2E7F4A725365}, , [ce6453dd6229290da78e117dd62e867a],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{38940BA5-787F-4C7B-9AF4-D658116CD336}, , [0c26e24ed0bbac8aff36bed013f112ee],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3AC31E56-BFE3-4987-90A2-EE29C47CD830}, , [3ef4b17fa4e768ce81b44945b45022de],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3C7D4905-A7D9-4A21-A44F-8F8143C85EDB}, , [ef436dc35635db5b181e632bb84c51af],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{40F2FEB7-99AD-4233-8143-31BF1ECE5F7F}, , [47eb5cd47c0f64d26cc96826e1234bb5],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4140E773-2364-4566-A733-54A4CC9AC3D4}, , [b280161aef9c013547ee127ccf356a96],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4252A2CE-8D7C-444B-96EE-FF149C9C684E}, , [5fd3a58b3f4c6bcbe94df49a9c685aa6],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{429A4A02-8473-427D-BE70-E8F6AFFAB3C1}, , [2b0787a97e0d41f51e1819756a9ad62a],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45602966-1E9E-4FA5-9715-8E84CD6A687F}, , [f63cf13fff8c59dd61d50e804db75ba5],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{459D1C51-4E1F-4917-936C-4A7C8985E9C3}, , [ce647eb290fb82b4cd681f6fea1af40c],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45F8CEE6-1606-43B8-B671-EA902E466CDF}, , [250d31ff6526aa8c43f21c72f90bff01],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4CEB05E0-DC9C-4E84-8F74-7A27702DD395}, , [ee442808503b3303d85ecfbf5ca8d729],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4D35CD18-373E-4541-99B1-6CBD275FEA99}, , [d35fe64a3d4e8caa61d5226c20e40af6],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E110972-B8F3-4BF9-84D5-AFC8E8E6A0E2}, , [959d1a166427a5916cca117de420a35d],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4EBB6072-E53E-4B13-9BBE-30E84C9DCBCD}, , [3cf65cd4266573c30233444aa65ec937],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4EDF9CEB-688A-4280-81E9-1F9EFD69286E}, , [c969cd63474465d1b87d503ed13325db],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{522316E3-CD0F-41EB-9BB5-57DB20842A48}, , [c46e84ac9bf085b1ff37e7a77292da26],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{56AEB646-255A-40FD-A13B-8BBB822EA9EC}, , [36fcea461972d66038fd870730d44eb2],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{574E5FF9-D6EA-4F2A-8F59-A8BB576980F2}, , [7fb3949cc6c50630d65f3b53e91b24dc],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{598B0B9B-70E8-4005-A2B6-814A39AD5FB0}, , [bc7686aa197277bf8caac2ccaf55dd23],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{59C066BD-552E-4B5C-999C-60FEDA9B989A}, , [57dbf739d4b776c0b086d7b77c88b947],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5AADD30E-7E0A-4942-B216-E36B60C47056}, , [280ac46ccfbc41f545f0127c956f758b],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5C086934-F9D0-4455-9C9A-CBE5BF91DE34}, , [181ad759aae185b140f5c9c559abda26],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5F8B4A95-22DF-4BB2-B3D2-6994C34C7F53}, , [131f1d13c8c39a9c2115bfcf23e104fc],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5FF2C974-2AFD-4157-A6F5-DF9E31B56682}, , [c46e8ea20b80b482ed49b6d820e40bf5],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6107E218-FC06-4506-A8BB-BD203FAD31D4}, , [171bae82206b83b3cb6bf5996a9a0ff1],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{61526BAB-4970-49C6-B81F-E32B199ECFA8}, , [38fa1a167e0d96a038fe018dab59b14f],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{627E6427-1C97-4168-8C9D-51B496DB25B8}, , [f43edc54d1ba0a2c68cef39bfb098e72],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{63433EB3-69F4-472C-8CAB-BB856FC5BB6B}, , [cc6643edb2d922141322cdc1887cf40c],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6662A4ED-E3DD-4463-A3FF-8DCFC45CD7A8}, , [141ede521c6f75c1ed491d71c0448878],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{668D14A1-8A41-49A1-A95F-E2406257B1A8}, , [b37f949c2269310592a494faa163b947],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{694FD5D0-6E4A-4D30-B04C-30EBFCDF43FF}, , [85ad87a9a7e46ec859dcfe90ae568080],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6A1CD8F0-2D87-4325-B93D-1FADB1DF1171}, , [75bdce629fecde58c075d9b509fbee12],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6D62113F-6E2D-46DB-9769-A0D514133BBD}, , [73bf939dbecdfc3a1322741a966ecd33],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6DA6DA31-93EE-48E7-909B-56205BD6D547}, , [22102f012269142257dfcac4709417e9],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6FF85064-BC73-4A40-927B-0033C4E8B13A}, , [0c26b37dd4b74aec60d592fc1ce802fe],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7234F241-9D3E-4D0B-9254-C8AF4B2C44FE}, , [f63c6dc38ffc2115f63fb1dd7490a45c],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{728911FB-5DEE-4351-923B-DDC96F8F5FEA}, , [e74b6ec2a1ea3006072ef89612f2c63a],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72C9FB21-F33B-4197-82DE-A376D1BF6794}, , [2b07181849425adc56e0513d7d870df3],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{759D34E4-9778-436D-B9AB-EFCD985D4DCB}, , [70c258d8f09b80b69f974f3f6d97649c],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{76031D4E-AD4C-4B82-9049-60FFCCFDC937}, , [b77b88a82d5e88aef2444a44e222728e],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7B4DF98E-068F-4E9B-9ED3-E2649D611230}, , [dd5586aa06851c1aa193d5b917ed4fb1],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7BDE5666-FA38-4210-991E-267EE68F9A93}, , [e64c54dc494247ef6accfb9336ce7789],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D54D71B-B22C-488D-8034-9431C3EBBF22}, , [47ebdb55dcafae88181d7915a064ec14],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{80664CDD-E7F0-4FAE-B086-BFA2DB515B5C}, , [aa88032dfd8e2b0bf441880648bc0bf5],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{84633D94-CFE7-4F21-BE4A-298D1EDA1549}, , [e74b8ea2d0bbaf87c6709bf3927226da],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{849D1399-243C-4657-B4B3-E24EB75BF6DA}, , [1d156ac6a3e8ba7c56e0dfafb054f808],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{85662BDC-BB7D-4DD2-B6C8-A39EC46114C4}, , [39f9e94716752412f93ceaa46a9a59a7],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{91329F73-1A7B-4B5F-9397-2C129EF71A2F}, , [c36f8aa67b109e9887ae8b0363a1ee12],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{97A63791-979B-4AFD-942E-2E59C0EFB6FA}, , [122080b0bccf5bdbb87dd4bab54f31cf],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{999EF21A-B356-4E88-B7BA-E482A4B26949}, , [1f137cb4eaa190a647ef99f5cf355da3],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9A23B453-60B7-4AD6-9CCD-52A6F3C59533}, , [37fb8aa692f932040135bfcf62a2db25],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9C58F4B9-EA57-4B8B-9558-F87E4D8DDBDE}, , [fc3647e9acdf3bfbe3538fffc63eb24e],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9C97859F-CD7D-4E8D-96A0-B14772A4C279}, , [5fd3c769513aaa8c7abc335bb25201ff],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9F5AB690-FA1A-42E7-9CD5-F23AEED8CC90}, , [151dd15ff19a2f07979f602ef90b9c64],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A126CE13-B6B0-401A-96CE-25A93C30AC87}, , [141e80b0d2b90d29ed48eca2e71d33cd],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A18A28B8-7131-4FE0-9699-EDE216D3A645}, , [61d185aba2e9fe3878bdd1bd956fef11],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A19B3B2A-C0A8-4F5A-9BE3-69C3883564CF}, , [969c88a8acdfb086cb6a6e2030d49c64],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A29803F1-50DC-4108-BC8E-15BFAB20B291}, , [082a260ae6a50a2c68ce573740c4d12f],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A4CFCA84-E6E1-46B6-8138-BFDE37264AE2}, , [83afe9474249d75fea4c94fad72d7987],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A75E0707-A4AD-4081-8BD9-B3776240C24F}, , [91a141ef3f4c4bebb97d93fb10f4a15f],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AABC2690-AAAE-4498-A841-D5366A86C215}, , [41f13ff1008ba09639fc404e61a3df21],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AAC5941D-D9C0-40BA-82DD-2065C16D8EAB}, , [ce64a48cb3d83afc171f632bb4509e62],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC0D5533-9D39-4961-93D1-F84213362062}, , [68ca8ca4474486b08caa3658cd379e62],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE7CAA66-CE90-4EB2-91AB-D1E9A64B416E}, , [59d937f94a415cda78bdfe9063a14cb4],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B10762A3-A176-4945-B02E-35F1F4D6D4DC}, , [ac86929efe8dc96d142136584abad729],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B37BBF03-C26C-4084-8A7E-12E82BB3804D}, , [b37f151bb7d4d5613302b1dd798b768a],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B385BA94-11E6-432F-AF2C-CB24977E57C3}, , [80b22808eaa1fb3b76c0b6d8f90b768a],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B38C6A44-ECF2-45AC-AC23-E6CB2C3B789B}, , [f1412f01dbb06dc974c2dcb234d0c33d],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B4DFF8D3-ED49-4D77-A5D0-4182EC7E69A3}, , [f43ea68a1f6c1d19a4925b333ec6f808],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B8F1E1F1-FA17-4C2D-9F3D-65B3D626EDC7}, , [55ddd0606d1e1224f73f721c15ef748c],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B9E486EE-8AEE-4BF7-BCCB-533496E5F727}, , [0032280883083bfb2d09197559ab24dc],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BC78E879-D8B6-4FFE-8E9E-5C975D49715B}, , [0929f7390586c57155e1f698b4507888],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BD33F518-C06B-4D30-AE28-5E289B73C817}, , [062c51df5f2cb77f82b3593533d106fa],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BDE8288F-3B9E-4C60-A51F-5AA1AC3FA7AA}, , [11213df3107b82b4db5a3f4f58ac966a],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BE13F759-F144-46EF-9161-5728BF9491EF}, , [a0926dc3800bc67061d558369d6714ec],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BFD20F32-AD77-43AF-A732-C0C0D3F770DE}, , [70c29a96cdbea98df73f444af90b2ed2],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C0554531-4FA5-4FEE-899B-7C9420BA15C4}, , [71c140f03a5132046dc9781623e1be42],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C20CDDBC-8147-4907-9012-AF785342312C}, , [80b25ed2018a221438fdf39b25dffa06],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C9297E22-74FF-4431-AAD0-C5A4A2CF7E90}, , [f53db27e84071b1bc67099f5c83cc937],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CE45B97F-D8E9-435B-9ABF-88C6DC7346CA}, , [8aa8d759a2e90a2c9a9c4f3f798b3ac6],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CF8B597D-802E-4C27-BAC7-58D93C5A31F0}, , [55dd81af3f4cd264979faae436ce41bf],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D3DC3A61-B31E-48C5-AE11-30BEF9D4F717}, , [58daa888ff8ce25459dd6727ea1a4ab6],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D556DC1C-F481-4CC9-8995-6B997C5D984B}, , [83aff9370e7d6fc7d660bcd27c88ca36],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D6FA1C08-B1E3-4149-9CA2-45D15A349930}, , [ca68e54b4b4054e263d31c72a75d38c8],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D8CBA5AA-4520-4658-A8D8-A6DC54C8A8C2}, , [171b6fc1a4e784b2ac89810d9074f30d],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB85C4F6-CBAE-456C-B4CF-A490F1A73C97}, , [49e958d867242d090a2c96f871930bf5],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DC947AC4-3FC8-417E-9DF8-1FAF796DDB3E}, , [e74bb37d6c1fd561a096eca238cc23dd],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DDBAFDF7-B700-436A-9DEC-59E5D110B12B}, , [0929f8380586f73ff73f92fcc34132ce],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DDE41BD9-FCDB-43FF-8CD9-E96BEBB3C866}, , [c2701917a4e771c5a4916e2018ec2ed2],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DE930F91-8E17-411B-9516-CBBE1B1B880D}, , [8aa8d65a1f6c48ee3303bcd2f311db25],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DEB6684F-2A02-4F32-AF47-ED7AFE8CEA86}, , [fa3888a85932979f74c21d7141c3e719],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DFB6C794-57B3-43A5-B867-7B3AE3666914}, , [bf734be5ccbfe1554aec4846ba4a3dc3],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E036CB5F-1D05-4C02-A85D-1C4CED4B6F93}, , [c36fb080c4c7a294e353ef9f030108f8],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E2F024BB-FAFF-47DB-AA6A-2320B93F6FCA}, , [f042260a0f7c2c0abf76a1ed54b0936d],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E4A3BD96-A909-4D76-A95F-EF474B8191CA}, , [ff3360d08407f04650e5d1bd35cf14ec],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E639D92F-B3F4-4934-9483-3542FA96FBBD}, , [91a164cc2467f93d60d6147a5fa5669a],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E702B686-9315-43C2-B0CB-82D91EDEB17F}, , [032fe749a5e6d85e4fe60985cf3501ff],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EBF19014-83CB-409D-A2EE-52CCB7756B4E}, , [c76b210f99f2d1653600642a43c17b85],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EBFA2F38-888D-4B00-AA73-15CAA28E1D7F}, , [da58052bddae191db67fbfcfeb199a66],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ECEC7BAD-54D8-4B93-B0D9-CFA48024207C}, , [8ba76bc5e0abe155aa8bfa94808456aa],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ED83AF4A-280C-4ED3-B916-B6D289D91663}, , [69c9939dd1ba44f2a492890546be6898],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EE0E4A63-43F7-484B-84AB-311FA4B7417A}, , [7db572be1d6e1c1a8ca9b1dd768e7987],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EF7FF9CB-78BA-405F-B975-BB984C164AC8}, , [1c1683adb7d4f93dbd78a1ed768e9d63],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F224E03B-6461-4BAD-93E3-1250581AFF4C}, , [c66cac848b0041f5270e038b64a019e7],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F3200FB3-3790-4030-ADDA-A288E82A5D62}, , [f63c220ef9920d2960d55f2f976d5fa1],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F701DAEE-387D-43D4-862D-F01E67FC1014}, , [1e142d03276479bdf441ff8f5aaa37c9],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F768B955-84FF-4FE9-88A1-449EFE176920}, , [8aa8cd6317741620b085642aac58748c],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F887F68C-97D0-4896-92E6-31E7FCB3A726}, , [a78b919fcbc0bf776acce8a65ba9ed13],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F9E73627-5DCF-413D-8389-F08B2C142E91}, , [73bff0408a01979f7eb7afdf55af9967],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FA3EA8F5-AC72-4368-8FCB-F84944AEE8EF}, , [201285ab404b32049b9a038b59ab6d93],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FB16AC2F-8430-4B28-9EE6-FDEF4BDB7472}, , [90a20d23c3c896a00135048aaa5af010],
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FF9163B6-C39A-4AD1-A0D4-406315F0B1F9}, , [42f0ec44a0ebe65043f259354fb58080],

Hodnoty registru: 135
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2RkRZ_CLRQKx11roJ7nSoXvR0s9g99iJxP8DR2-_tHK_dw9EbNjpZMJtMztWS8Rhe4J7zQY7OOSifopE7BmZwcTEDfp1XxV8RYEDtt5_yAhUkVNMCg6F5OGAnvmMtKt0EIgidfDohF9caac&q={searchTerms}, , [fb377db3127987af94b9fa7e05ff29d7]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11037C80-97F6-42E9-9BF1-514E799A7BB4}|AppName, 9fef9f2e-3c1b-4f8c-abcb-0cab029afcd1-2.exe-codedownloader.exe, , [91a1f7396427de58a69066286d9756aa]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14FE1F62-BF74-4A94-8A8C-32303E5E10EB}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [6cc6d060c6c588ae11257a1412f250b0]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{15B04779-FF55-4DDE-A1C6-619ACE25CAFF}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [2f0381afc5c6d5610036414d897bf50b]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{15CFAEDD-7651-464E-843F-6C222550D469}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [3df5ac842566ab8b49edfb93aa5a20e0]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{15EFECA1-7474-4643-88A9-7E8C886345E9}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [949ec66a0982290dad88fd9150b449b7]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{18558475-37DC-44DD-9BDE-FDB4FBC93210}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-buttonutil.exe, , [8da5e64a404bbd7974c1820cc341758b]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{18F0DAAD-4EAE-4132-9BEC-5661BEA8209F}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-buttonutil.exe, , [5dd58aa6246735013cf991fd27ddc13f]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1BB7D810-52FF-4129-A955-23DFD524CAC0}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [c36f57d93b50ac8a69ccb5d9ec18a45c]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{22410BE7-5C10-4A69-BE23-BD5A37F1FC58}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [0b271c14127952e4f045dbb3ff0505fb]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2AEE021C-A0F1-4639-8264-9820B633AB58}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [ba78d25ed8b3e056d561d9b59b69a759]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2AF933A2-29F0-4869-A11F-E2175D2A6F93}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-buttonutil.exe, , [de54929ebfccfa3ca590771757ada060]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2DE15259-8202-49A5-ACF9-5E4C8C7AAE3F}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [78bab47ccfbcfb3bf541206e7490f709]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E183BC5-40A5-41CA-8B17-C1618F511E8F}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [9c9645ebdab164d2db5b8a04f4107090]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2F8AC400-2E07-40D6-AC71-966028AC782D}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [062c032d6526be781f17ade17292af51]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3010E91D-6831-4E07-81EF-29E5206AC2F5}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-buttonutil.exe, , [9999220e3d4e9f97f73e731bee16f10f]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3062582C-2F20-4903-94EF-F82EC8251A11}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [87abf33d32592c0ada5b246a55afaa56]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{33C5A64F-2D0E-4F47-A4F9-DFDE625F82D9}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [32008ca4a2e93501f6401b73d4300df3]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3597592E-2A1D-402B-9F7F-3D3E57AFCAC4}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [81b1929eb8d37fb7ef47b9d59470758b]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{35F38732-742C-4037-9FE2-798A71BFBB81}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [2b070e227e0d2d098ea7d0be10f4e31d]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{369878E7-A26F-447D-88A8-DC898538A0EC}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-buttonutil.exe, , [072bfe328dfe64d20530abe3c34117e9]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{377CC6AA-7400-4E74-8847-2E7F4A725365}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-buttonutil.exe, , [ce6453dd6229290da78e117dd62e867a]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{38940BA5-787F-4C7B-9AF4-D658116CD336}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [0c26e24ed0bbac8aff36bed013f112ee]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3AC31E56-BFE3-4987-90A2-EE29C47CD830}|AppName, 9fef9f2e-3c1b-4f8c-abcb-0cab029afcd1-2.exe-buttonutil.exe, , [3ef4b17fa4e768ce81b44945b45022de]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3C7D4905-A7D9-4A21-A44F-8F8143C85EDB}|AppName, 9fef9f2e-3c1b-4f8c-abcb-0cab029afcd1-2.exe-codedownloader.exe, , [ef436dc35635db5b181e632bb84c51af]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{40F2FEB7-99AD-4233-8143-31BF1ECE5F7F}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [47eb5cd47c0f64d26cc96826e1234bb5]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4140E773-2364-4566-A733-54A4CC9AC3D4}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [b280161aef9c013547ee127ccf356a96]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4252A2CE-8D7C-444B-96EE-FF149C9C684E}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [5fd3a58b3f4c6bcbe94df49a9c685aa6]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{429A4A02-8473-427D-BE70-E8F6AFFAB3C1}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [2b0787a97e0d41f51e1819756a9ad62a]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45602966-1E9E-4FA5-9715-8E84CD6A687F}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [f63cf13fff8c59dd61d50e804db75ba5]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{459D1C51-4E1F-4917-936C-4A7C8985E9C3}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [ce647eb290fb82b4cd681f6fea1af40c]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45F8CEE6-1606-43B8-B671-EA902E466CDF}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [250d31ff6526aa8c43f21c72f90bff01]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4CEB05E0-DC9C-4E84-8F74-7A27702DD395}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [ee442808503b3303d85ecfbf5ca8d729]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4D35CD18-373E-4541-99B1-6CBD275FEA99}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [d35fe64a3d4e8caa61d5226c20e40af6]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E110972-B8F3-4BF9-84D5-AFC8E8E6A0E2}|AppName, 9fef9f2e-3c1b-4f8c-abcb-0cab029afcd1-2.exe-codedownloader.exe, , [959d1a166427a5916cca117de420a35d]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4EBB6072-E53E-4B13-9BBE-30E84C9DCBCD}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [3cf65cd4266573c30233444aa65ec937]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4EDF9CEB-688A-4280-81E9-1F9EFD69286E}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [c969cd63474465d1b87d503ed13325db]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{522316E3-CD0F-41EB-9BB5-57DB20842A48}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [c46e84ac9bf085b1ff37e7a77292da26]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{56AEB646-255A-40FD-A13B-8BBB822EA9EC}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-buttonutil.exe, , [36fcea461972d66038fd870730d44eb2]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{574E5FF9-D6EA-4F2A-8F59-A8BB576980F2}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [7fb3949cc6c50630d65f3b53e91b24dc]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{598B0B9B-70E8-4005-A2B6-814A39AD5FB0}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [bc7686aa197277bf8caac2ccaf55dd23]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{59C066BD-552E-4B5C-999C-60FEDA9B989A}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [57dbf739d4b776c0b086d7b77c88b947]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5AADD30E-7E0A-4942-B216-E36B60C47056}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-buttonutil.exe, , [280ac46ccfbc41f545f0127c956f758b]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5C086934-F9D0-4455-9C9A-CBE5BF91DE34}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [181ad759aae185b140f5c9c559abda26]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5F8B4A95-22DF-4BB2-B3D2-6994C34C7F53}|AppName, 9fef9f2e-3c1b-4f8c-abcb-0cab029afcd1-2.exe-codedownloader.exe, , [131f1d13c8c39a9c2115bfcf23e104fc]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5FF2C974-2AFD-4157-A6F5-DF9E31B56682}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [c46e8ea20b80b482ed49b6d820e40bf5]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6107E218-FC06-4506-A8BB-BD203FAD31D4}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [171bae82206b83b3cb6bf5996a9a0ff1]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{61526BAB-4970-49C6-B81F-E32B199ECFA8}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [38fa1a167e0d96a038fe018dab59b14f]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{627E6427-1C97-4168-8C9D-51B496DB25B8}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [f43edc54d1ba0a2c68cef39bfb098e72]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{63433EB3-69F4-472C-8CAB-BB856FC5BB6B}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-buttonutil.exe, , [cc6643edb2d922141322cdc1887cf40c]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6662A4ED-E3DD-4463-A3FF-8DCFC45CD7A8}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [141ede521c6f75c1ed491d71c0448878]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{668D14A1-8A41-49A1-A95F-E2406257B1A8}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [b37f949c2269310592a494faa163b947]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{694FD5D0-6E4A-4D30-B04C-30EBFCDF43FF}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [85ad87a9a7e46ec859dcfe90ae568080]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6A1CD8F0-2D87-4325-B93D-1FADB1DF1171}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [75bdce629fecde58c075d9b509fbee12]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6D62113F-6E2D-46DB-9769-A0D514133BBD}|AppName, 9fef9f2e-3c1b-4f8c-abcb-0cab029afcd1-2.exe-buttonutil.exe, , [73bf939dbecdfc3a1322741a966ecd33]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6DA6DA31-93EE-48E7-909B-56205BD6D547}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [22102f012269142257dfcac4709417e9]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6ff85064-bc73-4a40-927b-0033c4e8b13a}|AppName, GoHD-buttonutil.exe, , [0c26b37dd4b74aec60d592fc1ce802fe]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7234F241-9D3E-4D0B-9254-C8AF4B2C44FE}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-buttonutil.exe, , [f63c6dc38ffc2115f63fb1dd7490a45c]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{728911FB-5DEE-4351-923B-DDC96F8F5FEA}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [e74b6ec2a1ea3006072ef89612f2c63a]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72C9FB21-F33B-4197-82DE-A376D1BF6794}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [2b07181849425adc56e0513d7d870df3]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{759D34E4-9778-436D-B9AB-EFCD985D4DCB}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [70c258d8f09b80b69f974f3f6d97649c]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{76031D4E-AD4C-4B82-9049-60FFCCFDC937}|AppName, 9fef9f2e-3c1b-4f8c-abcb-0cab029afcd1-2.exe-codedownloader.exe, , [b77b88a82d5e88aef2444a44e222728e]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7b4df98e-068f-4e9b-9ed3-e2649d611230}|AppName, GoHD-bg.exe, , [dd5586aa06851c1aa193d5b917ed4fb1]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7BDE5666-FA38-4210-991E-267EE68F9A93}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [e64c54dc494247ef6accfb9336ce7789]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D54D71B-B22C-488D-8034-9431C3EBBF22}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [47ebdb55dcafae88181d7915a064ec14]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{80664CDD-E7F0-4FAE-B086-BFA2DB515B5C}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [aa88032dfd8e2b0bf441880648bc0bf5]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{84633D94-CFE7-4F21-BE4A-298D1EDA1549}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [e74b8ea2d0bbaf87c6709bf3927226da]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{849D1399-243C-4657-B4B3-E24EB75BF6DA}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [1d156ac6a3e8ba7c56e0dfafb054f808]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{85662BDC-BB7D-4DD2-B6C8-A39EC46114C4}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [39f9e94716752412f93ceaa46a9a59a7]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{91329F73-1A7B-4B5F-9397-2C129EF71A2F}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-buttonutil.exe, , [c36f8aa67b109e9887ae8b0363a1ee12]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{97A63791-979B-4AFD-942E-2E59C0EFB6FA}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-buttonutil.exe, , [122080b0bccf5bdbb87dd4bab54f31cf]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{999EF21A-B356-4E88-B7BA-E482A4B26949}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [1f137cb4eaa190a647ef99f5cf355da3]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9A23B453-60B7-4AD6-9CCD-52A6F3C59533}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [37fb8aa692f932040135bfcf62a2db25]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9C58F4B9-EA57-4B8B-9558-F87E4D8DDBDE}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [fc3647e9acdf3bfbe3538fffc63eb24e]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9C97859F-CD7D-4E8D-96A0-B14772A4C279}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [5fd3c769513aaa8c7abc335bb25201ff]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9F5AB690-FA1A-42E7-9CD5-F23AEED8CC90}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [151dd15ff19a2f07979f602ef90b9c64]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A126CE13-B6B0-401A-96CE-25A93C30AC87}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [141e80b0d2b90d29ed48eca2e71d33cd]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A18A28B8-7131-4FE0-9699-EDE216D3A645}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [61d185aba2e9fe3878bdd1bd956fef11]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A19B3B2A-C0A8-4F5A-9BE3-69C3883564CF}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [969c88a8acdfb086cb6a6e2030d49c64]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A29803F1-50DC-4108-BC8E-15BFAB20B291}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [082a260ae6a50a2c68ce573740c4d12f]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A4CFCA84-E6E1-46B6-8138-BFDE37264AE2}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [83afe9474249d75fea4c94fad72d7987]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A75E0707-A4AD-4081-8BD9-B3776240C24F}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [91a141ef3f4c4bebb97d93fb10f4a15f]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AABC2690-AAAE-4498-A841-D5366A86C215}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [41f13ff1008ba09639fc404e61a3df21]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AAC5941D-D9C0-40BA-82DD-2065C16D8EAB}|AppName, 9fef9f2e-3c1b-4f8c-abcb-0cab029afcd1-2.exe-codedownloader.exe, , [ce64a48cb3d83afc171f632bb4509e62]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC0D5533-9D39-4961-93D1-F84213362062}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [68ca8ca4474486b08caa3658cd379e62]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE7CAA66-CE90-4EB2-91AB-D1E9A64B416E}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [59d937f94a415cda78bdfe9063a14cb4]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B10762A3-A176-4945-B02E-35F1F4D6D4DC}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [ac86929efe8dc96d142136584abad729]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B37BBF03-C26C-4084-8A7E-12E82BB3804D}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [b37f151bb7d4d5613302b1dd798b768a]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B385BA94-11E6-432F-AF2C-CB24977E57C3}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [80b22808eaa1fb3b76c0b6d8f90b768a]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B38C6A44-ECF2-45AC-AC23-E6CB2C3B789B}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [f1412f01dbb06dc974c2dcb234d0c33d]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B4DFF8D3-ED49-4D77-A5D0-4182EC7E69A3}|AppName, 9fef9f2e-3c1b-4f8c-abcb-0cab029afcd1-2.exe-codedownloader.exe, , [f43ea68a1f6c1d19a4925b333ec6f808]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B8F1E1F1-FA17-4C2D-9F3D-65B3D626EDC7}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [55ddd0606d1e1224f73f721c15ef748c]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B9E486EE-8AEE-4BF7-BCCB-533496E5F727}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [0032280883083bfb2d09197559ab24dc]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BC78E879-D8B6-4FFE-8E9E-5C975D49715B}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [0929f7390586c57155e1f698b4507888]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BD33F518-C06B-4D30-AE28-5E289B73C817}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-buttonutil.exe, , [062c51df5f2cb77f82b3593533d106fa]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BDE8288F-3B9E-4C60-A51F-5AA1AC3FA7AA}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [11213df3107b82b4db5a3f4f58ac966a]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BE13F759-F144-46EF-9161-5728BF9491EF}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [a0926dc3800bc67061d558369d6714ec]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BFD20F32-AD77-43AF-A732-C0C0D3F770DE}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [70c29a96cdbea98df73f444af90b2ed2]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C0554531-4FA5-4FEE-899B-7C9420BA15C4}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [71c140f03a5132046dc9781623e1be42]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C20CDDBC-8147-4907-9012-AF785342312C}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-buttonutil.exe, , [80b25ed2018a221438fdf39b25dffa06]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C9297E22-74FF-4431-AAD0-C5A4A2CF7E90}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [f53db27e84071b1bc67099f5c83cc937]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CE45B97F-D8E9-435B-9ABF-88C6DC7346CA}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [8aa8d759a2e90a2c9a9c4f3f798b3ac6]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CF8B597D-802E-4C27-BAC7-58D93C5A31F0}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [55dd81af3f4cd264979faae436ce41bf]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D3DC3A61-B31E-48C5-AE11-30BEF9D4F717}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [58daa888ff8ce25459dd6727ea1a4ab6]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D556DC1C-F481-4CC9-8995-6B997C5D984B}|AppName, 9fef9f2e-3c1b-4f8c-abcb-0cab029afcd1-2.exe-codedownloader.exe, , [83aff9370e7d6fc7d660bcd27c88ca36]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D6FA1C08-B1E3-4149-9CA2-45D15A349930}|AppName, 9fef9f2e-3c1b-4f8c-abcb-0cab029afcd1-2.exe-codedownloader.exe, , [ca68e54b4b4054e263d31c72a75d38c8]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D8CBA5AA-4520-4658-A8D8-A6DC54C8A8C2}|AppName, 9fef9f2e-3c1b-4f8c-abcb-0cab029afcd1-2.exe-buttonutil.exe, , [171b6fc1a4e784b2ac89810d9074f30d]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB85C4F6-CBAE-456C-B4CF-A490F1A73C97}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [49e958d867242d090a2c96f871930bf5]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DC947AC4-3FC8-417E-9DF8-1FAF796DDB3E}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [e74bb37d6c1fd561a096eca238cc23dd]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DDBAFDF7-B700-436A-9DEC-59E5D110B12B}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [0929f8380586f73ff73f92fcc34132ce]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DDE41BD9-FCDB-43FF-8CD9-E96BEBB3C866}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [c2701917a4e771c5a4916e2018ec2ed2]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{de930f91-8e17-411b-9516-cbbe1b1b880d}|AppName, GoHD-codedownloader.exe, , [8aa8d65a1f6c48ee3303bcd2f311db25]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DEB6684F-2A02-4F32-AF47-ED7AFE8CEA86}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [fa3888a85932979f74c21d7141c3e719]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DFB6C794-57B3-43A5-B867-7B3AE3666914}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [bf734be5ccbfe1554aec4846ba4a3dc3]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E036CB5F-1D05-4C02-A85D-1C4CED4B6F93}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [c36fb080c4c7a294e353ef9f030108f8]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E2F024BB-FAFF-47DB-AA6A-2320B93F6FCA}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [f042260a0f7c2c0abf76a1ed54b0936d]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E4A3BD96-A909-4D76-A95F-EF474B8191CA}|AppName, 9fef9f2e-3c1b-4f8c-abcb-0cab029afcd1-2.exe-buttonutil.exe, , [ff3360d08407f04650e5d1bd35cf14ec]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E639D92F-B3F4-4934-9483-3542FA96FBBD}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [91a164cc2467f93d60d6147a5fa5669a]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E702B686-9315-43C2-B0CB-82D91EDEB17F}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [032fe749a5e6d85e4fe60985cf3501ff]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EBF19014-83CB-409D-A2EE-52CCB7756B4E}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [c76b210f99f2d1653600642a43c17b85]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EBFA2F38-888D-4B00-AA73-15CAA28E1D7F}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [da58052bddae191db67fbfcfeb199a66]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ECEC7BAD-54D8-4B93-B0D9-CFA48024207C}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [8ba76bc5e0abe155aa8bfa94808456aa]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ED83AF4A-280C-4ED3-B916-B6D289D91663}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [69c9939dd1ba44f2a492890546be6898]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EE0E4A63-43F7-484B-84AB-311FA4B7417A}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-buttonutil.exe, , [7db572be1d6e1c1a8ca9b1dd768e7987]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EF7FF9CB-78BA-405F-B975-BB984C164AC8}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [1c1683adb7d4f93dbd78a1ed768e9d63]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F224E03B-6461-4BAD-93E3-1250581AFF4C}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [c66cac848b0041f5270e038b64a019e7]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F3200FB3-3790-4030-ADDA-A288E82A5D62}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [f63c220ef9920d2960d55f2f976d5fa1]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F701DAEE-387D-43D4-862D-F01E67FC1014}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [1e142d03276479bdf441ff8f5aaa37c9]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F768B955-84FF-4FE9-88A1-449EFE176920}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [8aa8cd6317741620b085642aac58748c]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F887F68C-97D0-4896-92E6-31E7FCB3A726}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-codedownloader.exe, , [a78b919fcbc0bf776acce8a65ba9ed13]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F9E73627-5DCF-413D-8389-F08B2C142E91}|AppName, 54e4bb8e-ee78-4533-96db-fc372d538e3e-2.exe-buttonutil.exe, , [73bff0408a01979f7eb7afdf55af9967]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FA3EA8F5-AC72-4368-8FCB-F84944AEE8EF}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [201285ab404b32049b9a038b59ab6d93]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FB16AC2F-8430-4B28-9EE6-FDEF4BDB7472}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-codedownloader.exe, , [90a20d23c3c896a00135048aaa5af010]
PUP.Optional.CrossRider, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FF9163B6-C39A-4AD1-A0D4-406315F0B1F9}|AppName, b2658e1e-d45e-49d8-a902-2e960c57c41d-2.exe-buttonutil.exe, , [42f0ec44a0ebe65043f259354fb58080]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2RkRZ_CLRQKx11roJ7nSoXvR0s9g99iJxP8DR2-_tHK_dw9EbNjpZMJtMztWS8Rhe4J7zQY7OOSifopE7BmZwcTEDfp1XxV8RYEDtt5_yAhUkVNMCg6F5OGAnvmMtKt0EIgidfDohF9caac&q={searchTerms}, , [52e0003048430a2ccf7bcaae6d9754ac]

Data registru: 1
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3072794237-2395381329-2881868175-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2RkRZ_CLRQKx11roJ7nSoXvR0s9g99iJxP8DR2-_tHK_dw9EbNjpZMJtMztWS8Rhe4J7zQY7OOSifopE7BmZwcTEDfp1XxV8RYEDtt5_yAhUkVNMCg6F5OGAnvmMtKt0EIgidfDohF9caac&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2RkRZ_CLRQKx11roJ7nSoXvR0s9g99iJxP8DR2-_tHK_dw9EbNjpZMJtMztWS8Rhe4J7zQY7OOSifopE7BmZwcTEDfp1XxV8RYEDtt5_yAhUkVNMCg6F5OGAnvmMtKt0EIgidfDohF9caac&q={searchTerms}),,[58daf23e6328db5be93cd696996cd828]

Složky: 1
PUP.Optional.Linkury, C:\Program Files (x86)\Common Files\c4gjevzd.yyq, , [1220d060810a74c258e4851aff05db25],

Soubory: 5
PUP.Optional.Linkury, C:\Program Files (x86)\Common Files\c4gjevzd.yyq\InstallationConfiguration.xml, , [1220d060810a74c258e4851aff05db25],
PUP.Optional.Linkury, C:\Program Files (x86)\Common Files\c4gjevzd.yyq\uninstall.exe, , [1220d060810a74c258e4851aff05db25],
PUP.Optional.Linkury, C:\Program Files (x86)\Common Files\c4gjevzd.yyq\uninstall.exe.config, , [1220d060810a74c258e4851aff05db25],
PUP.Optional.Linkury, C:\Program Files (x86)\Common Files\c4gjevzd.yyq\uninstall.ico, , [1220d060810a74c258e4851aff05db25],
PUP.Optional.Linkury.Gen, C:\Windows\SysWOW64\findit.xml, , [e949121e2b604fe70778edb2c44015eb],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Re: Prosím o kontrolu logu, problém s SavePass

Napsal: 15 zář 2015 20:03
od altrok
Tak doufam, ze jste pro priste vylecenej :)


Vsechny nalezy smazte/presunte do karanteny a pak dejte jeste aktualni logy z FRST.

Re: Prosím o kontrolu logu, problém s SavePass

Napsal: 15 zář 2015 20:19
od patakuta
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Petr (administrator) on PETR (15-09-2015 21:16:44)
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available Profiles: Petr)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlInput.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlInput.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [341448 2014-11-07] (Lenovo Group Limited)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [601080 2013-09-05] (Lenovo Corporation)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2013-07-12] (Alcor Micro Corp.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2013-03-12] (Vimicro)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [750320 2014-05-15] (Lenovo)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-05-15]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E4A89FFE-DF86-42A1-AF88-D8B92EF9DA7A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn [2015-09-15]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.cz/
CHR StartupUrls: Default -> "hxxps://www.google.cz/"
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-09-15]
CHR Extension: (AdBlock) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-09-14]
CHR Extension: (Komponenta pro aplikaci SERVIS 24) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gincjcoomijeeoddomaaimknmflggfnb [2015-09-15]
CHR Extension: (Norton™ Family) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp [2015-09-15]
CHR Extension: (Norton Safe) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-09-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-02]
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-02]
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573432 2013-09-05] (Lenovo Corporation)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-09-05] (Broadcom Corporation.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2014-05-15] (Lenovo)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-07-16] (Foxit Software Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [619776 2014-12-05] (Lenovo)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2045944 2013-08-02] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-11-21] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [694776 2013-09-05] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [465912 2013-06-22] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe [282016 2015-07-16] (Symantec Corporation)
R2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [59384 2013-07-17] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [138232 2013-07-17] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-03-27] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2014-05-15] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20150904.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R0 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [65928 2014-05-15] (Windows (R) Win 7 DDK provider)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20150914.001\IDSvia64.sys [767224 2015-08-30] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150914.008\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150914.008\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RTL8168; C:\Windows\system32\DRIVERS\rtlh64.sys [681688 2015-01-21] (Inventec )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605020.00F\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 21:15 - 2015-09-15 21:16 - 00019596 _____ C:\Users\Petr\Desktop\FRST.txt
2015-09-15 21:12 - 2015-09-15 21:12 - 00001926 _____ C:\windows\PFRO.log
2015-09-15 20:52 - 2015-09-15 20:52 - 00071762 _____ C:\Users\Petr\Desktop\brk.txt
2015-09-15 20:39 - 2015-09-15 21:11 - 00001123 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-15 20:39 - 2015-09-15 20:40 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-15 20:39 - 2015-09-15 20:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-15 20:39 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-09-15 20:39 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-09-15 20:39 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-09-15 20:37 - 2015-09-15 20:37 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Petr\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-15 19:59 - 2015-09-15 19:59 - 00000000 ____D C:\Users\Petr\AppData\Roaming\WinRAR
2015-09-15 19:53 - 2015-09-15 21:16 - 00000000 ____D C:\FRST
2015-09-15 19:53 - 2015-09-15 19:40 - 02191360 _____ (Farbar) C:\Users\Petr\Desktop\FRST64.exe
2015-09-15 16:35 - 2015-09-15 21:12 - 00000795 _____ C:\windows\setupact.log
2015-09-15 16:35 - 2015-09-15 16:35 - 00000000 _____ C:\windows\setuperr.log
2015-09-14 18:04 - 2015-09-14 18:04 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Mozilla
2015-09-14 18:02 - 2015-09-14 18:04 - 00002302 _____ C:\Users\Default\Desktop\Google Chrome.lnk
2015-09-14 18:02 - 2015-09-14 18:04 - 00002302 _____ C:\Users\Default User\Desktop\Google Chrome.lnk
2015-09-14 18:02 - 2015-09-14 18:02 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-14 18:02 - 2015-09-14 18:02 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-14 18:00 - 2015-09-15 16:25 - 00000004 _____ C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-10 17:53 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-09-10 17:53 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-09-10 17:53 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-09-10 17:53 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-09-10 17:53 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-09-10 17:53 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-09-10 17:53 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-09-10 17:53 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-09-10 17:53 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-09-10 17:53 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-09-10 17:53 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-09-10 17:53 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-09-10 17:53 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-09-10 17:53 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-09-10 17:53 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-09-10 17:53 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-09-10 17:53 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-09-10 17:53 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-09-10 17:53 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-09-10 17:53 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-09-10 17:53 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-09-10 17:53 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-09-10 17:53 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-09-10 17:53 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-09-10 17:53 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-09-10 17:53 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-09-10 17:53 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-09-10 17:53 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-09-10 17:53 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-09-10 17:53 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-09-10 17:53 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-09-10 17:53 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-09-10 17:53 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-09-10 17:53 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-09-10 17:53 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-09-10 17:53 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-09-10 17:53 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-09-10 17:53 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-09-10 17:53 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-09-10 17:53 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-09-10 17:53 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-09-10 17:53 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\schtasks.exe
2015-09-10 17:53 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\windows\SysWOW64\schtasks.exe
2015-09-10 17:53 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2015-09-10 17:53 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\windows\system32\taskeng.exe
2015-09-10 17:53 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\windows\SysWOW64\taskeng.exe
2015-09-10 17:53 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-09-10 17:53 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-09-10 17:53 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-09-10 17:53 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Immersive.dll
2015-09-10 17:53 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-09-10 17:53 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-10 17:53 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\shacct.dll
2015-09-10 17:53 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2015-09-10 17:53 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\windows\SysWOW64\shacct.dll
2015-09-10 17:53 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2015-09-06 10:29 - 2015-09-06 10:29 - 00000000 ____D C:\Users\Petr\AppData\Local\PDFCreator
2015-09-04 17:22 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-09-04 17:22 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-09-04 17:22 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-09-04 17:22 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-09-04 17:22 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-09-04 17:22 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-09-04 17:22 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-09-04 17:22 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-09-04 17:22 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-09-04 17:22 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-09-04 17:22 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-09-04 17:22 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-09-01 18:55 - 2015-09-01 18:58 - 306469243 _____ C:\Users\Petr\Downloads\zlata-svatba (2).zip
2015-08-28 19:29 - 2015-08-28 19:29 - 06667640 _____ (Piriform Ltd) C:\Users\Petr\Downloads\ccsetup509.exe
2015-08-24 12:06 - 2015-08-24 12:06 - 00156912 _____ (Lenovo.) C:\windows\system32\ibmpmsvc.exe
2015-08-24 12:06 - 2015-08-24 12:06 - 00082664 _____ (Lenovo.) C:\windows\system32\ibmpmctl.exe
2015-08-24 12:06 - 2015-08-24 12:06 - 00074432 _____ (Lenovo.) C:\windows\system32\Drivers\ibmpmdrv.sys
2015-08-24 12:06 - 2015-08-24 12:06 - 00050928 _____ (Lenovo.) C:\windows\system32\tpinspm.dll
2015-08-19 21:06 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-08-19 21:06 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-08-19 21:06 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-08-19 21:06 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-08-19 21:06 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\tzsync.exe
2015-08-19 21:06 - 2015-07-13 21:10 - 00411455 _____ C:\windows\system32\ApnDatabase.xml
2015-08-19 21:06 - 2015-07-10 21:06 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthpan.sys
2015-08-19 21:06 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-08-19 21:06 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-08-19 21:06 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-08-19 21:06 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-08-19 21:06 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 21:13 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-15 21:12 - 2013-08-22 17:36 - 00000000 ____D C:\windows\Vss
2015-09-15 21:11 - 2015-08-02 12:46 - 00002508 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK
2015-09-15 21:11 - 2015-05-17 16:03 - 00002012 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2015-09-15 21:11 - 2015-01-25 13:34 - 00001200 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk
2015-09-15 21:11 - 2015-01-21 17:04 - 00000982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-15 21:11 - 2015-01-21 17:04 - 00000976 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-09-15 21:11 - 2015-01-14 23:19 - 00002078 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2015-09-15 21:11 - 2015-01-12 17:39 - 00000883 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-15 21:10 - 2015-08-02 12:45 - 00034304 ___SH C:\Users\Petr\Desktop\Thumbs.db
2015-09-15 21:10 - 2015-08-02 12:44 - 00001326 _____ C:\Users\Petr\Desktop\Instalační soubory Norton.lnk
2015-09-15 21:10 - 2015-05-10 15:16 - 00002110 _____ C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Update Search.lnk
2015-09-15 21:10 - 2015-01-13 07:58 - 00002224 _____ C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-09-15 21:10 - 2015-01-13 07:49 - 00001437 _____ C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-15 21:10 - 2015-01-12 18:43 - 00002160 _____ C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2015-09-15 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\sru
2015-09-15 20:20 - 2015-01-12 19:16 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-09-15 20:18 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\GroupPolicy
2015-09-15 19:25 - 2015-01-13 16:05 - 00000000 ____D C:\Users\Petr\Documents\Soubory aplikace Outlook
2015-09-15 17:35 - 2015-01-13 07:55 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3072794237-2395381329-2881868175-1001
2015-09-15 16:50 - 2015-01-13 13:03 - 00000000 ____D C:\Users\Petr\AppData\Local\CrashDumps
2015-09-15 16:32 - 2015-01-13 08:00 - 00003950 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{5F01318A-3608-47A0-89E4-36668DEB0483}
2015-09-14 19:50 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-09-14 18:54 - 2015-01-15 17:04 - 00000000 ____D C:\Users\Petr\AppData\Roaming\TeamViewer
2015-09-14 18:39 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-09-14 18:37 - 2015-01-14 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-14 18:08 - 2015-01-12 20:01 - 00000000 ____D C:\Mrdník
2015-09-14 18:07 - 2015-08-02 11:17 - 00000000 ____D C:\Users\Petr\AppData\Local\NPE
2015-09-14 18:07 - 2015-01-13 13:49 - 00000000 ____D C:\Program Files (x86)\166661be-d50c-4e96-95a3-0e3ca97841e0
2015-09-13 14:24 - 2015-01-13 08:01 - 00000000 ____D C:\Users\Petr\AppData\Local\Google
2015-09-13 08:18 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2015-09-10 18:26 - 2013-08-22 16:44 - 00484344 _____ C:\windows\system32\FNTCACHE.DAT
2015-09-10 18:23 - 2013-08-22 17:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-09-10 18:15 - 2015-01-13 12:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-10 18:14 - 2015-01-13 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-10 18:13 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2015-09-10 18:11 - 2013-08-22 21:12 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 18:08 - 2013-08-22 15:25 - 00000199 _____ C:\windows\win.ini
2015-09-10 18:04 - 2015-01-12 19:38 - 00000000 ____D C:\windows\system32\MRT
2015-09-04 15:58 - 2015-01-15 17:08 - 00000000 ____D C:\Users\Petr\AppData\Roaming\MyPhoneExplorer
2015-08-31 16:03 - 2015-01-14 18:34 - 00003942 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-31 16:03 - 2015-01-14 18:34 - 00003706 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-28 19:30 - 2015-01-12 17:39 - 00000000 ____D C:\Program Files\CCleaner
2015-08-26 18:37 - 2015-01-12 19:38 - 134753440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-20 20:03 - 2015-01-13 13:21 - 00003086 _____ C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3072794237-2395381329-2881868175-1001
2015-08-20 20:03 - 2015-01-13 13:21 - 00000000 ___RD C:\Users\Petr\OneDrive
2015-08-19 21:19 - 2014-05-15 23:58 - 00739924 _____ C:\windows\system32\perfh005.dat
2015-08-19 21:19 - 2014-05-15 23:58 - 00151610 _____ C:\windows\system32\perfc005.dat
2015-08-19 21:19 - 2013-10-07 20:27 - 01745984 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-16 20:23 - 2015-01-15 16:43 - 00000000 ____D C:\Program Files (x86)\TeamViewer

==================== Files in the root of some directories =======

2015-01-13 07:50 - 2015-01-16 15:48 - 0001532 _____ () C:\Users\Petr\AppData\Roaming\AbsoluteReminder.xml
2015-09-14 18:04 - 2015-09-14 18:04 - 0000187 _____ () C:\Users\Petr\AppData\Local\High-dexon.exe.config
2015-01-13 07:49 - 2015-01-13 07:50 - 0000193 _____ () C:\Users\Petr\AppData\Local\RegisteredPackageInformation.xml

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-31 22:36

==================== End of FRST.txt ============================

Re: Prosím o kontrolu logu, problém s SavePass

Napsal: 15 zář 2015 20:45
od altrok
Log jiz vypada cisty, takze jeste uklidime.
A pokud nejsou dotazy ci jine problemy, je to ode mne vse.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz